How to anonymize customer data

Article sections

    Customer privacy is top of mind for every business nowadays. We are more aware of the value of information than we ever were before, so protecting personal information is a feature that we take very seriously here at Reveal, also.

    this article describes all you need to know regarding the removal of any PII (Personally Identifiable Information) from our platform, and any third parties we’ve sent data to on your behalf.

    Prerequisites

    First, you must ensure that you have your shop domain set up correctly. Yor can do this from the Shop New/Edit pages.
    This domain will be used as the default email domain for anonymized users.
    It will be referenced below as “domain”.

    How to import anonymized customers

    Depending on whether your shop accepts Guest customer orders (ordering without an account), the approach in anonymizing data can be different.

    Shops with Guest Customer Checkout

    An email in any of the [customer_eid]@[domain] or [lowercase(md5_hash)]@[domain] formats signal an anonymized customer for Reveal.

    Information on when to use any of the formats is detailed below.

    Customers who have an account within your shop

    • customer_eid – is the ID of the customer in your database (or any other unique identifier you want to use instead, BUT NEVER the email), and is considered by Reveal external ID
    • email[lowercase(md5(email))]@[domain] – the email is now anonymized
    • first_namenull, this is optional and you can skip it altogether from the feed
    • last_namenull, this is optional and you can skip it altogether from the feed
    • date_registered – should not be anonymized, since it is not personal information
    • country, region, citynull, these are optional and you can skip them altogether from the feed; it’s debatable if this should be considered PII in context with having no name/email, but have in mind that if anonymized, reports per location will lose precision
    • gendernull, this is optional and you can skip it altogether from the feed
    • yobnull, this is optional and you can skip it altogether from the feed
    • accepts_marketing – 0

    Customers who ordered as guests (without an account in your shop)

    The identity of the customers who check out as guests is contained within the orders feed, in the order.customer_email field.
    The email should be sent in the [lowercase(md5(email))]@[domain] format

    Using the md5 hashing for anonymizing emails, allows you to use the “Customer Merge Guest” option, since the hash will be the same in the customer feed and order feed, even if the real email is unknown.

    Shops without Guest Customer Checkout

    If your shop enforces customer accounts and does not allow guest checkout, the “Customer Merge Guest” feature is not needed and you can choose any other anonymization technique for order.customer.email.

    Eg: the email address could be sent as [customer_eid]@[domain].
    The [customer_eid] must be an unique and fixed identifier of the customer (eg: the ID of the customer from your database), BUT NEVER the email.
    “Fixed” meaning that it should not change upon changing any properties of the customer.

    How to anonymize already imported customers

    The anonymization of customers is possible through our API, either individually or in bulk.

    Individual Anonymization

    POST https://api.reveal.omniconvert.com/v1/s/{{shop}}/customers/{{customer_eid}}/anonymize

    In case of success, the anonymized customer object will be returned.
    In case of error, the error details will be returned.

    Bulk Anonymization

    POST https://api.reveal.omniconvert.com/v1/s/{{shop}}/bulk/customers/anonymize

    Request Body:

    {"customers": [
        // by customer_eid
        {
            "customer_eid": "1234", // the customer ID in your database, is the customer externalId for Reveal
        },
        // by email
        {
         "email": "[email protected]", // if we found both an account and a guest customer with this email, we will anonymize both
        },
        // by customer_eid AND email (if you want to be very specific, although customer_eid is enough; still if the found customer has an email different from the one specified it will not be anonymized)
        {
            "customer_eid" => "1234",// the customer ID in your database, is the customer externalId for Reveal
        "email" => "[email protected]",
        },
    ]}

    A job will be created, that will anonymize the customers. The job object will be returned upon creation.

    If any issues arise during the anonymization, you will receive an email at the email address set in Settings > NPS > NPS > Sending Contact Email or Settings > Export > Export General Settings > Customer Profile Contact Email

    You can also check the job status via API, periodically. The job report will be returned when the job completes.

    You can anonymize up to 10.000 customers in a bulk request.

    ATTENTION! After the customers have been anonymized, you must ensure that their info will be imported anonymized in next imports. Please see the “How to import anonymized customers” section.

    What happens if you re-import the un-anonymized data after it was anonymized

    Reimporting a customer with an account

    If you anonymize a given customer with an account (non-guest), we will anonymize his data, including the email address in all occurrences within our platform.

    If you then import the customer again (eg. the next day) with the real info, the customer’s data will be updated, including the email, The customer will be associated with the real email, but the email within all other occurrences will remain anonymized. In order to update the email across the whole platform, orders would need to be reimported too.

    So, for a customer with an account, if you need to un-anonymize the data, you can simply reimport the customer and the customer’s orders with his real data. The customer will be matched by customer_eid and all the data will be updated.

    Reimporting a guest customer (without a customer account)

    If you anonymize a given guest customer, by email, we will anonymize his data, including the email address in all occurrences within our platform.

    If you then import the customer’s orders again (for guest customers, only the orders can be imported, as no customer account exists) with the real info, the imported orders will be updated with the real email, and depending on the situation, 3 things can happen with the customer:
    1. if you have “Customer Merge Guest” enabled, and the customer also has an account, which has been anonymized, then the customer and guest cannot be matched based on the email, because the customer in the database has the email anonymized, and the guest from the feed has the real email, so a new guest customer will be created, and the imported orders will belong to this newly created guest
    2. if you have “Customer Merge Guest” enabled, and the customer does not have an account (an exclusively guest customer), given the data for the guest has been anonymized, then the customer can be found based on his customer_eid (also generated by Reveal), so the customer will remain anonymized
    3. if you have “Customer Merge Guest” disabled, the search in the database will be performed only within guests, given the data for the guest has been anonymized, then the customer can be found based on his customer_eid (also generated by Reveal), so the customer will remain anonymized

    For guest customers, it’s not possible to un-anonymize the data, since a fixed identifier does not exists, due to lack of an account. We can either find the email already anonymized in the database, or we will not find the email in the database and create a new one.

    Was this post helpful?

    Related Articles