PII Data Encryption

MoEngage allows the encryption of user and event attributes marked as Personally Identifiable Information (PII). Any attribute with data encryption enabled will also have masking enabled by default. Such attributes are not shown on and cannot be downloaded from the MoEngage dashboard.

Enabling PII Data Encryption

You can enable data encryption for all user and event attributes except a list of reserved ones that cannot be encrypted. For more information, refer to the list of reserved attributes for which data encryption is not supported.

info

Note

  • Please make sure you mark the attribute as "encrypted" using test values before sending the majority (or actual) data. It is important to note that any data received after the attribute is marked as encrypted will itself be encrypted during storage, while the data received before it will remain unchanged.
  • Attributes marked as encrypted once cannot be de-encrypted or unmasked.
  • Users with Admin roles can see the attributes in their encrypted form. User with other roles cannot see the encrypted attributes (they are locked in the user profile, reporting, analytics, and segmentation screens).
  • Once encryption is turned on, it may take up to fifteen minutes for the new settings to get reflected.
  • An encrypted attribute can only be exported in reports if you have admin access. The attribute will be exported in its encrypted format.
User Attributes Event Attributes

To enable PII Data Encryption for a user attribute, follow these steps:

  1. Navigate to Settings -> Data Management in the MoEngage Dashboard.
  2. Click on the User attributes tab to access user attributes.
  3. Search the desired user attribute.
  4. Select desired attributes and mark them as PII by clicking on 'Yes' in the Data Encryption section of the PII dropdown above the header in the Action bar.
  5. Or, for the desired user attribute, click on the 3 dot button on the right, and then click on Edit to access the different actions.
  6. In the Edit user attribute that opens, turn on the Encrypt attribute toggle in the Data privacy configuration section.
  7. Click Save

    EnablePIIDataEncryption_EventAttribute.gif

Accessing PII Data Encrypted Attributes

PII attributes are not visible on the following screens, and they can only be exported from the MoEngage Dashboard if you have admin access. If PII Data encryption is enabled for an attribute, it is shown in the encrypted form for admin users. For users with other roles, the data is shown as ---

      1. User Search

        Navigation: Create Segment -> Search bar at the top right corner -> Search User popup

        UserPopup.png

      2. User Profile

        Navigation: Create Segment -> Search bar at the top right corner -> Search User popup -> Click on the Name hyperlink on the desired user's row. For more information, refer to User Profile

        User Info Tab

        UserProfile_PIIEncryption.png

        Activity Info Tab

        PIi_Data_Encryption_ActivityInfo.png

      3. Recent events

        Navigation: Test & Debug -> Recent Events

        RecentEvents.png

      4. Value Suggestions

        Value suggestions are not shown for the PII marked attribute on Segmentation and Analytics pages.

      5. Segmentation Filters

        Only two operators are allowed for PII Data Encrypted attributes: exists and does not exist in the segmentation filters.

        Segment -> Create Segment Navigation

        SegmentationFilters.png

        Segmentation Filters in Campaign Creation

        SegmentationFilters_CampaignScreens.png

      6. Test Users

        Navigation: Test & Debug -> Test users

        TestUser.png

info

Supported Channels

PII encryption is only available for Email campaigns. The Email campaign template in MoEngage will display encrypted values to the dashboard users. However, when the campaigns are sent, the encrypted values will be decrypted, allowing customers who receive the emails to view the unmasked value.

Non-Dashboard Functionality

PII encrypted data is available for Open Analytics, S3 Exports, and MoEngage Streams, and data is not decrypted before use/export. These features are not available by default, require manual enablement, and will be enabled on request. Please provide your team access to these features per your security and data needs.

List of Attributes Not Supported for Encryption

User Attributes 

      1. Reachability Push Android (moe_rsp_android)
      2. Reachability Push iOS (moe_rsp_ios)
      3. Reachability Push Web (moe_rsp_web)
      4. Reachability Push (moe_rsu)
      5. Spam
      6. Unsubscribe
      7. Push Preference Changed iOS
      8. SMS Subscription Status
      9. Install Status
      10. Push Opt In Status (iOS)
      11. MoEngage ID
      12. moe_dtzo - User Time Zone offset
      13. All of Lifecycle category attributes
      14. All of Uninstall category attributes

Event Attributes

      1. source
      2. appVersion
      3. SDKversion
      4. Platform
      5. Parent Campaign Id (moe_c_pid)
      6. Parent Flow Id (moe_f_pid)
      7. Parent Flow Name (moe_f_pname)
      8. Campaign Content Type (moe_campaign_content_type)
      9. Locale Id (moe_locale_id)
      10. Locale Name (moe_locale_name)
      11. Variation Key (moe_variation_id)
      12. Campaign Tags (moe_campaign_tags)
      13. BTS (moe_bts_type)
      14. Control Group (moe_control_group_type)
      15. Readable Campaign Id (moe_campaign_id)
      16. Campaign Name (moe_campaign_name)
      17. Campaign Type (moe_campaign_type)
      18. Delivery Type (moe_delivery_type)
Was this article helpful?
0 out of 0 found this helpful

How can we improve this article?