Optimove ingests, unifies, and enriches your data, creating a rich data foundation that empowers marketing teams to personalize customer experiences. When ingesting hundreds of datapoints into Optimove, including Personally Identifiable Information (PII), data protection is paramount.
Optimove has always focused on data protection and is committed to full compliance with regulatory requirements including GDPR and CCPA, as well as taking additional precautions to ensure the complete security and privacy of your customers’ data.
This document outlines how Optimove helps ensure your organization protects PII with effective data governance.
What is PII?
Optimove ingests, unifies, and enriches your data, creating a solid foundation that empowers personalized customer experiences. In an era where data breaches and privacy concerns are increasingly common, protecting sensitive information has become a top priority for businesses of all sizes. Effective data protection strategies are essential to safeguard personally identifiable information (PII) and maintain customer trust.
For a detailed understanding of how to manage and secure PII in Optimove, read the full article here.
Personally Identifiable Information (PII) is sensitive data that identifies a specific customer, such as:
- Name
- Email address
- Postal address
- Phone number
Optimove ingests PII data to send campaigns via Optimove's native channels. If you send campaigns via third-party channels, we can create your Optimove instance without ingesting any PII.
Note, if you are using Optimove’s native channels, we offer solutions to protecting the PII you share with Optimove. This includes masking PII in Optimove’s backend infrastructure and hiding PII in your Optimove site. Read on to learn more.
Classifying PII
During your onboarding with Optimove, we will set up a Batch Data Process which will begin importing data into Optimove. Our data teams will handle the transfer and management of your data and classify the data points that contain PII during this process. Once onboarding is complete, our Data Integration team will work with you to import new data points in the Batch Data Process. Alternatively, you can import data into Optimove via API or using our self-serve Data Ingestion functionality.
Optimove will work alongside you to configure which data points should be handled as PII. You can also do this at any time — whenever you add new data or change internal protocols. Any user with UI access can mark or unmark an attribute as PII directly from the Attributes page, without needing to create a ticket with your CSM. For new data imports, we still recommend using the Batch Data Process to ensure maximum security.
Hiding PII in the Optimove UI
The Data Studio enables you to take control of your data with the ability to view, edit, and manage the visibility of your data in the form of customer attributes in Optimove.
Using this functionality, admin users can hide attributes that contain PII. This prevents any user that has access to your Optimove instance from viewing PII.
To hide an attribute in the Data Studio, click on the icon shown below under 'Visible'. This allows you to control whether this attribute is displayed in your interface to other site users or exports from Optimove, without deleting the attribute.
Hiding PII in the Optimove Database
PII is stored and maintained in Optimove's Customer Profiles database on Snowflake. This applies to all the historical customer records Optimove stores, and all the real time events streamed for this process.
For the PII fields that have been configured, we implement a robust PII Masking layer within our back-end data infrastructure to ensure it is not visible to Optimove teams, such as our Support team or Data Solutions team. This means sensitive customer data remains shielded from view or utilization by Optimove employees when managing your data without impacting their ability to provide data support.
For example, when requesting Optimove’s Data Solutions team to update attributes in your Single Customer View, Optimove employees will have limited permissions to the database and therefore cannot see the values of PII fields.
The example below shows how Optimove employees will view your data within our database. While the emails are stored in the database, the values will be masked as shown below.
PII Removal
If you would like to entirely remove PII from Optimove, this can be done upon request by the formal processes according to the Right to Erasure under the GDPR framework.
The deletion process will erase all PII from Optimove (both current and historical data). A customer’s PII is being deleted from all Optimove’s data pipelines and the record remains anonymized.
Important Considerations:
- PII removal requests are only successful for customers that already exist in the Optimove system (i.e., they have a customer ID).
- If a request is sent before the customer's data has been fully ingested and processed (e.g., while a daily batch is still running), the customer may not yet exist in the system — in this case, the removal request will not succeed.
- It can take up to 3 days to fully delete all PII from the time of the request.
- You will receive a response indicating which customers do not currently exist in the system via both the API and the UI.
- If there is a timing gap between when you send the PII removal request and when the data has finished processing, you should resend the removal request once data ingestion is complete.
Example Scenario:
A batch file is sent to Optimove at 9:00 AM and finishes processing at 12:00 PM. A PII removal request sent at 10:00 AM may fail for customers in that batch because their records are not yet in the system. In this case, the request should be resent after 12:00 PM when the customer data is available in Optimove.
It’s important to note, to maintain the integrity of campaign and application usage analytics, aggregated anonymous data will not be amended when a customer’s data is deleted (for example, a campaign’s “Increase in” metric value will not be recalculated once a customer’s data is deleted). This still allows for GDPR compliance because this aggregated data cannot be traced back to an individual.
To learn how you can remove PII from Optimove, read here