Protection of personally identifiable information

In Synerise, you can use a feature that protects personally identifiable information (PII), letting you designate which workspace users and API keys can access PII. By default, the ID and UUID data are considered PII, but you can flag other attributes and event parameters as PII.

This system lets users without PII access work with the data while ensuring that they cannot view the sensitive information, striking a balance between data usability and protection of personal information.

Impact on tracking

In a workspace with PII protection enabled, the standard tracker code cannot identify a visitor (cannot update sensitive data). Identification is possible only with JWT Tracker or backend calls using an API key that has PII access. If an event is authorized with an API key without PII access, the event won’t be saved.

Enabling the PII protection

By default, the protection of PII is disabled, but you can request to have it enabled by contacting Synerise Support.

Enabling the PII protection of the workspace causes:

  • Access to the PII protection section under this link: https://app.synerise.com/settings/pii
    This section shows the state of the PII protection option.

  • Appearance of the PII-related user permissions: PII settings and Object permissions

    A fragment of permission list which is available in Settings > Roles, after clicking a role, the editing view displays, and the Permission section is available in which you can find this list
    List of permissions in Settings > Roles that can be accessed by clicking on a role and viewing the Permission section.

    Setting these permissions to:

    • Read: allows users to set PII access level for API keys and user roles.
    • Update and Create: allows users to mark profile attributes and event parameters as PII. The users also need the permissions required to create/edit API keys, roles, attributes, or parameters.

What counts as PII

By default, only the ID and UUID profile attributes are considered PII. Additionally, users with specific permissions can mark any profile attribute or event parameter as PII. It’s important to note that once a parameter is marked as PII, it applies to all relevant events.

Marking profile attributes as PII

  1. Go to Data management > Profile attributes.
  2. On the list of attributes, open the details of the attribute which you want to mark as PII.
  3. In the PII protection section, click Define.
  4. Enable the This attribute is personal data option.
The PII protection section; it's accessible in Data Management > Profile attributes, in the details of a profile attribute
The PII protection section; it's accessible in Data Management > Profile attributes, in the details of a profile attribute

Marking event parameters as PII

  1. Go to Data management > Event parameters.
  2. On the list of event parameters, open the details of the parameter which you want to mark as PII.
  3. In the PII protection section, click Define.
  4. Enable the This parameter contains personal data option.
The PII protection section; it's accessible in Data Management > Event parameters, in the details of an event parameter
The PII protection section; it's accessible in Data Management > Event parameters, in the details of an event parameter

Impact on user access and actions

User access to PII or lack of it is controlled by the PII access option assigned to a role, and a role is assigned to a user. While creating a user role, you will be able to choose from two options granting or restraining access to PII:

  • Full access to PII data
  • No access to PII data
The PII access section available while defining the settings of a role
PThe PII access section available while defining the settings of a role

Below, you can find a comparison between access to features and actions for each option:

Note: Apart from PII itself, you also need to have the right permissions. For example, you can have full access to PII data, but without the READ permission for the Profiles module, you won’t see anything, similarly, all campaigns, and so on.
Full Access to PII data No Access to PII data
Profile data access Can view regular profiles and test profiles Can view only test profiles
Updating profile information Can update profile information and create new profiles Can’t update profile information, can’t create new profiles
Importing profiles, transactions, and events Can import profiles, transactions, and events Cannot import profiles, transactions, and events
Campaigns and templates Can create templates and campaigns, and preview the output of Jinjava and dynamic attributes such as aggregates and expressions Can build templates and campaigns without exposing real data (they can preview campaigns in the context of test profiles)
Sending messages Can send messages/campaigns to any audience and preview real contact data Can send messages and campaigns to any audience, but will not see real contact data
Sending test messages Can send test campaigns to any recipient (profiles, test profiles, recipients who are not available in the Profiles module) Can send test campaign only to test profiles; sending tests to custom email or phone number (not available in the Profile module) is impossible.
Analysis Can build any analysis based on PII attributes and see values of PII attributes Can build any analysis based on obscured PII attribute values, represented by asterisks
Automation Module Can access sensitive data, use all nodes, import and export data, access export logs - Have limitations on using Email Alert and SMS Alert nodes,
- can’t preview the file in Local File node,
- can’t use Update Profile, Import Profiles, Import Events, Import Transactions, Generate Event nodes,
- can’t preview, edit, run, or resume workflows containing nodes mentioned before
Data Transformation Can export and import data, access export logs Can export data to trusted endpoints, cannot import data and access export logs, recommended to use sample data

API-key access level

Regardless of the API key type, an API key without PII access cannot fetch customer data.

Enabling access to PII data for API key

  1. Go to Settings > API keys.
  2. To add access to an existing key, open the details of the key which you want to grant the access.
  3. On the PII access section, click Define.
  4. Click Full access to PII data.
    The PII access section available while defining the settings of an API key
    The PII access section available while defining the settings of an API key
😕

We are sorry to hear that

Thank you for helping improve out documentation. If you need help or have any questions, please consider contacting support.

😉

Awesome!

Thank you for helping improve out documentation. If you need help or have any questions, please consider contacting support.

Close modal icon Placeholder alt for modal to satisfy link checker