Version: English

Data Security

1. Overview#

Data security the service principle of Convertlab, also the cornerstone and foundation of serving all major enterprises. The data security function is to ensure that the relevant PII information in customer assets is encrypted displayed in the DM Hub system, that is, the data stored in DM Hub is plaintext data, but the viewed data at the front of the system has been coded, such as the mobile number: 18818881888, the code may be: 1888****1888.

【Settings Center】-【Other Settings】-【Data Security】

img

2.Data encryption impact#

After the data encryption function is enabled, the relevant effects on customers and members are as follows:

Customer

  • Send messages: Such as mobile number and Email, it is a string of ciphertext in the system. When sending Emails and SMS, the ciphertext can be decrypted and sent.

  • Insert variable: All places that insert customer attributes are supported by the decryption of encrypted information, including WeChat / Alipay template messages, SMS, WeChat-pages, Email, official account automatic reply, webhook.

  • WeChat-page form: The field information stored in the WeChat-page form: name, mobile number, Email, landline, home address, company address also need to be encrypted.

  • Advanced filtering: Filtering by ciphertext only is supported.

  • API query: Query the relevant customer attributes through open API, and return ciphertext.

  • Decryption: When the decryption setting is checked in the encryption settings, the encrypted information can be decrypted and viewed in the customer details.

Members

The members here are only for users who have activated the DM Hub membership function and have created members in this function. For details of the member module, please refer to the Member Introduction.

  • Member attributes: When you enable the data encryption function, you can set whether to encrypt the member attributes, including name (including last name, first name, name), mobile number, Email, detailed address, ID card; when the PII information of customers and members is encrypted, the mobile number is required (that is, it will be encrypted).

  • Mobile phone number identity: After the mobile number is encrypted, the member's mobile number identity will also be automatically encrypted. Mobile number encryption is encrypted when it is stored, which does not affect the encrypted value of the generated mobile number md5, Tmall md5, JD.com md5, nor does it affect the logic of matching members according to their mobile number identity. Note: At this time, the member's mobile number identity is not synchronized with the customer identity, but when creating or updating the member, it may match the corresponding customer. At this time, you still use the plaintext mobile number identity to find the customer.

  • Message sending: After the data is encrypted, such as the member's mobile number and Email, it is a string of ciphertext in the system. When sending Emails and SMS, you need to support decrypting the ciphertext and sending it.

  • Advanced filtering: After the information is encrypted, filtering only supports ciphertext filtering of mobile numbers; when the external API queries members' PII information, the encrypted value is displayed.

  • Insert variables: All places where member attributes are inserted should support decryption of encrypted information, including WeChat / Alipay template messages, SMS, WeChat-pages, Email, webhook, APP Push.

  • External access: When the external system interacts with DM Hub through the interface, the mobile number or Email information transmitted is in cleartext. After it is passed in, the system will automatically encrypt and match it.

3. Plaintext query of encrypted data#

  • Support plaintext query for encrypted information in customer advanced filtering (only precise matching, not fuzzy matching). The attribute judgment of automatic process does not support plaintext judgment.

  • When this setting is enabled, in advanced filtering, the operator for finding encryption attributes is not supported: include, do not include.

4. Encryption Configuration#

After the encryption is set, the relevant data of the new incoming system will be encrypted (the historical data will remain as is). To avoid affecting business use, it is strongly recommended that you do not modify the encryption settings frequently.

4.1 customer attribute encryption#

Customer attribute encryption is the encryption setting of customer basic information.

img

  • Enable encryption: Enable.

  • Select attributes: Select the customer attribute fields that need to be encrypted, such as mobile number, Email, home address, etc.

  • Encryption key: The key is 8'32-bit English or numeric characters.

  • Data decryption: Check the box to support the decryption of encrypted information in customer details, otherwise the corresponding attribute values in customer details are also encrypted and displayed.

  • Filter query: Check the box to support plaintext query of encrypted information in customer advanced filtering, for example, the filter condition is customer attribute, and the mobile number is equal to 15812345678.

4.2 Member Attribute Encryption#

Member attribute encryption is to encrypts the basic information of members.

img

  • Enable encryption: Enable.

  • Select attributes: Select the customer attribute fields that need to be encrypted, such as mobile number, etc.

  • Encryption key: The key is 8'32-bit English or numeric characters.

  • Filter query: Check the box to support plaintext query of encrypted information in customer advanced filtering, for example, the filter condition is customer attribute, and the mobile number is equal to 15812345678.

5.Data Desensitization#

5.1 Plaintext View#

By default, users cannot see the complete data after desensitization, but the actual business scenario requires that some users have permission to view it directly in plaintext. You can set user roles that can be viewed in clear text in the desensitization feature.

img

Select roles that can be viewed in clear text, role configuration, and corresponding permission configuration instructions refer to Feature Permission Settings.

5.2 PII message desensitization display#

The information that supports the selection of coding is customer attribute, customer identity, membership attribute, and commodity attribute in use.

img

img

The information coding setting supports the selection of all coding and partial coding, and the number of bits and position of coding can be set.

Part of the asterisk: for example, 18918881888 will be displayed as 189****1888.

All asterisks: for example, 18918881888 will be displayed as ***.

img

After completing the setting, click Save, and the mobile number and Email in DM Hub will be displayed by the set style.