Protection of personally identifiable information

In Synerise, you can use a feature that protects personally identifiable information (PII), letting you designate which workspace users and API keys can access PII. By default, the ID and UUID data are considered PII, but you can flag other attributes and event parameters as PII.

This system lets users without PII access work with the data while ensuring that they cannot view the sensitive information, striking a balance between data usability and protection of personal information.

Impact on tracking

In a workspace with PII protection enabled, the standard tracker code cannot identify a visitor (cannot update sensitive data). Identification is possible only with JWT Tracker or backend calls using an API key that has PII access. If an event is authorized with an API key without PII access, the event won’t be saved.

Enabling the PII protection

By default, the protection of PII is disabled, but you can request to have it enabled by contacting Synerise Support.

Enabling the PII protection of the workspace causes:

Access to the PII protection section under this link: https://app.synerise.com/settings/pii
This section shows the state of the PII protection option.
Appearance of the PII-related user permissions: PII settings and Object permissions
List of permissions in Settings > Roles that can be accessed by clicking on a role and viewing the Permission section.

Setting these permissions to:
- Read: allows users to set PII access level for API keys and user roles.
- Update and Create: allows users to mark profile attributes and event parameters as PII. The users also need the permissions required to create/edit API keys, roles, attributes, or parameters.

What counts as PII

By default, only the ID and UUID profile attributes are considered PII. Additionally, users with specific permissions can mark any profile attribute or event parameter as PII. It’s important to note that once a parameter is marked as PII, it applies to all relevant events.

Marking profile attributes as PII

Go to Data management > Profile attributes.
On the list of attributes, open the details of the attribute which you want to mark as PII.
In the PII protection section, click Define.
Enable the This attribute is personal data option.

The PII protection section; it's accessible in Data Management > Profile attributes, in the details of a profile attribute

Marking event parameters as PII

Go to Data management > Event parameters.
On the list of event parameters, open the details of the parameter which you want to mark as PII.
In the PII protection section, click Define.
Enable the This parameter contains personal data option.

The PII protection section; it's accessible in Data Management > Event parameters, in the details of an event parameter

Impact on user access and actions

User access to PII or lack of it is controlled by the PII access option assigned to a role, and a role is assigned to a user. While creating a user role, you will be able to choose from two options granting or restraining access to PII:

Full access to PII data
No access to PII data

PThe PII access section available while defining the settings of a role

Below, you can find a comparison between access to features and actions for each option:

Note: Apart from PII itself, you also need to have the right permissions. For example, you can have full access to PII data, but without the READ permission for the Profiles module, you won’t see anything, similarly, all campaigns, and so on.

	Full Access to PII data	No Access to PII data
Profile data access	Can view regular profiles and test profiles	Can view only test profiles
Updating profile information	Can update profile information and create new profiles	Can’t update profile information, can’t create new profiles
Importing profiles, transactions, and events	Can import profiles, transactions, and events	Cannot import profiles, transactions, and events
Campaigns and templates	Can create templates and campaigns, and preview the output of Jinjava and dynamic attributes such as aggregates and expressions	Can build templates and campaigns without exposing real data (they can preview campaigns in the context of test profiles)
Sending messages	Can send messages/campaigns to any audience and preview real contact data	Can send messages and campaigns to any audience, but will not see real contact data
Sending test messages	Can send test campaigns to any recipient (profiles, test profiles, recipients who are not available in the Profiles module)	Can send test campaign only to test profiles; sending tests to custom email or phone number (not available in the Profile module) is impossible.
Analysis	Can build any analysis based on PII attributes and see values of PII attributes	Can build any analysis based on obscured PII attribute values, represented by asterisks
Automation Module	Can access sensitive data, use all nodes, import and export data, access export logs	- Have limitations on using Email Alert and SMS Alert nodes, - can’t preview the file in Local File node, - can’t use Update Profile, Import Profiles, Import Events, Import Transactions, Generate Event nodes, - can’t preview, edit, run, or resume workflows containing nodes mentioned before
Data Transformation	Can export and import data, access export logs	Can export data to trusted endpoints, cannot import data and access export logs, recommended to use sample data

API-key access level

Regardless of the API key type, an API key without PII access cannot fetch customer data.

Enabling access to PII data for API key

Go to Settings > API keys.
To add access to an existing key, open the details of the key which you want to grant the access.
On the PII access section, click Define.
Click Full access to PII data.
The PII access section available while defining the settings of an API key