PII Data Encryption

MoEngage allows the encryption of user and event attributes marked as Personally Identifiable Information (PII). Any attribute with data encryption enabled will also have masking enabled by default. Such attributes are not shown on and cannot be downloaded from the MoEngage dashboard.

Enabling PII Data Encryption

You can enable data encryption for all user and event attributes except a list of reserved ones that cannot be encrypted. For more information, refer to the list of reserved attributes for which data encryption is not supported.



  • Please make sure you mark the attribute as "encrypted" using test values before sending the majority (or actual) data. It is important to note that any data received after the attribute is marked as encrypted will itself be encrypted during storage, while the data received before it will remain unchanged.
  • Attributes marked as encrypted once cannot be de-encrypted or unmasked.
  • Users with Admin roles can see the attributes in their encrypted form. User with other roles cannot see the encrypted attributes (they are locked in the user profile, reporting, analytics, and segmentation screens).
  • Once encryption is turned on, it may take up to fifteen minutes for the new settings to get reflected.
  • An encrypted attribute can only be exported in reports if you have admin access. The attribute will be exported in its encrypted format.
User Attributes Event Attributes

To enable PII Data Encryption for a user attribute, follow these steps:

  1. Navigate to Settings -> Data Management in the MoEngage Dashboard.
  2. Click on the User attributes tab to access user attributes.
  3. Search the desired user attribute.
  4. Select desired attributes and mark them as PII by clicking on 'Yes' in the Data Encryption section of the PII dropdown above the header in the Action bar.
  5. Or, for the desired user attribute, click on the 3 dot button on the right, and then click on Edit to access the different actions.
  6. In the Edit user attribute that opens, turn on the Encrypt attribute toggle in the Data privacy configuration section.
  7. Click Save


Accessing PII Data Encrypted Attributes

PII attributes are not visible on the following screens, and they can only be exported from the MoEngage Dashboard if you have admin access. If PII Data encryption is enabled for an attribute, it is shown in the encrypted form for admin users. For users with other roles, the data is shown as ---

      1. User Search

        Navigation: Create Segment -> Search bar at the top right corner -> Search User popup


      2. User Profile

        Navigation: Create Segment -> Search bar at the top right corner -> Search User popup -> Click on the Name hyperlink on the desired user's row. For more information, refer to User Profile

        User Info Tab


        Activity Info Tab


      3. Recent events

        Navigation: Test & Debug -> Recent Events


      4. Value Suggestions

        Value suggestions are not shown for the PII marked attribute on Segmentation and Analytics pages.

      5. Segmentation Filters

        Only two operators are allowed for PII Data Encrypted attributes: exists and does not exist in the segmentation filters.

        Segment -> Create Segment Navigation


        Segmentation Filters in Campaign Creation


      6. Test Users

        Navigation: Test & Debug -> Test users



Supported Channels

PII encryption is only available for Email, SMS, and WhatsApp campaigns. The campaign templates in MoEngage will display encrypted values to the dashboard users. However, when the campaigns are sent, the encrypted values will be decrypted, allowing customers to view the unmasked value.

Please get in touch with your customer success team to get this enabled for your account.

Non-Dashboard Functionality

PII encrypted data is available for Open Analytics, S3 Exports, and MoEngage Streams, and data is not decrypted before use/export. These features are not available by default, require manual enablement, and will be enabled on request. Please provide your team access to these features per your security and data needs.

List of Attributes Not Supported for Encryption

User Attributes 

      1. Reachability Push Android (moe_rsp_android)
      2. Reachability Push iOS (moe_rsp_ios)
      3. Reachability Push Web (moe_rsp_web)
      4. Reachability Push (moe_rsu)
      5. Spam
      6. Unsubscribe
      7. Push Preference Changed iOS
      8. SMS Subscription Status
      9. Install Status
      10. Push Opt In Status (iOS)
      11. MoEngage ID
      12. moe_dtzo - User Time Zone offset
      13. All of Lifecycle category attributes
      14. All of Uninstall category attributes

Event Attributes

      1. source
      2. appVersion
      3. SDKversion
      4. Platform
      5. Parent Campaign Id (moe_c_pid)
      6. Parent Flow Id (moe_f_pid)
      7. Parent Flow Name (moe_f_pname)
      8. Campaign Content Type (moe_campaign_content_type)
      9. Locale Id (moe_locale_id)
      10. Locale Name (moe_locale_name)
      11. Variation Key (moe_variation_id)
      12. Campaign Tags (moe_campaign_tags)
      13. BTS (moe_bts_type)
      14. Control Group (moe_control_group_type)
      15. Readable Campaign Id (moe_campaign_id)
      16. Campaign Name (moe_campaign_name)
      17. Campaign Type (moe_campaign_type)
      18. Delivery Type (moe_delivery_type)


1. How is PII Encryption different from PII Masking?

PII masking simply masks the values on the MoEngage dashboard UI and does not encrypt the values during storage.


2. Can I mask an attribute but not encrypt it?

Yes. Go to: Settings > Data management > Edit Events/User attributes > Data Privacy Configuration > Masking

To enable PII encryption - please get in touch with the Support team. Once enabled, you will see the Encrypt Attribute option under Settings > Data management > Edit Events/User attributes > Data Privacy Configuration

Was this article helpful?
1 out of 1 found this helpful

How can we improve this article?