Data Access and Privacy
Understand how Ours handles data access, ensures privacy compliance, and allows you to configure how data is shared with destinations.
Data Access and Privacy
Ours is built with privacy-forward principles, ensuring that your data is securely handled, compliant with privacy regulations, and configurable to meet your unique requirements. This guide explains how Ours handles data access, enforces privacy safeguards, and enables you to control what data is shared with destinations.
Key Privacy Features
Ours provides several privacy-focused features to ensure that data is handled securely and in compliance with laws like HIPAA:
- Data Redaction and Hashing:
- By default, sensitive data (e.g., email, phone number) is hashed or redacted before being sent to destinations.
- Customizable Privacy Rules:
- You can configure how data is handled for each destination, including which fields to redact, hash, or omit.
- Exportable Mappings:
- Export default or custom data mappings from the Destinations Data Mapper page. This allows you to share configurations with your team for review or compliance validation.
- Access Transparency:
- View and audit data being sent to destinations through the Recent Events Dashboard.
- Signed Compliance Agreements:
- Ours supports signed BAAs (Business Associate Agreements) for HIPAA compliance.
Viewing and Configuring Data Access
Ours provides tools to review how your data is shared with destinations and customize it as needed.
Viewing Default Destination Mappers
To see how data is mapped and sent to destinations:
- Go to the Destinations section in your dashboard.
- Select a destination and navigate to the Mappings tab.
- View the default mappings for each field, including any modifications (e.g.,
Hash
,Redacted
).
This view is useful for compliance teams to verify:
- Which data is shared: Ensure no unnecessary Personally Identifiable Information (PII) or Protected Health Information (PHI) is included.
- How data is handled: Confirm hashing or redaction rules for sensitive data.
Exporting Mappings
You can export your mappings (default or customized) directly from the Mappings tab for any destination:
- Go to the Mappings tab in your destination configuration.
- Click the Export button to download the mappings in a shareable format (e.g., CSV or JSON).
- Share the exported file with your team or compliance department for review.
Privacy Configurations for Destinations
Each destination in Ours allows you to configure privacy settings for data properties. These settings include:
Hashing
- Hashes sensitive fields like
email
orphone_number
to ensure they cannot be reverse-engineered. - Commonly used for platforms like Facebook Ads or Google Ads to match users securely.
Redaction
- Replaces sensitive data with
"REDACTED"
, ensuring no sensitive information is shared with the destination.
Exclusion
- Omits specific fields entirely from being sent to destinations. Use the
$ignore
directive in the mapping configuration.
Custom Transformations
- Apply advanced rules to modify data before it’s sent. For example:
- Extract only the domain from a URL (
DomainOnly
). - Remove URL parameters (
FullUrl
).
- Extract only the domain from a URL (
Accessing Data in Ours
Recent Events Dashboard
The Recent Events Dashboard provides a detailed view of every event tracked in Ours. You can inspect:
- Event properties.
- User properties (hashed or redacted as configured).
- Destination-specific data.
Use this dashboard to:
- Debug data flows and mappings.
- Confirm privacy rules are applied correctly.
- Audit what data is being shared with destinations.
Compliance and Security
Ours adheres to strict compliance and security standards to protect your data:
HIPAA Compliance
Ours is HIPAA-compliant, offering signed BAAs to ensure data protection for healthcare organizations. Our platform redacts or hashes all PHI before sending it to destinations.
Secure Data Storage
All data in Ours is encrypted at rest and in transit, ensuring it remains secure throughout its lifecycle.
Best Practices for Privacy Management
- Audit Destination Mappers:
- Regularly review destination mappings to ensure sensitive data is handled appropriately.
- Limit Sensitive Data:
- Only send necessary data to destinations. Use
$ignore
or redaction where possible.
- Only send necessary data to destinations. Use
- Use Hashing for Identifiers:
- Always hash fields like
email
orphone_number
for secure user matching.
- Always hash fields like
- Test Your Configuration:
- Verify data privacy rules in the Recent Events Dashboard.
- Share Mappings with Teams:
- Export mappings and share them with your compliance team for validation.
- Align with Compliance Teams:
- Share the default mapper configuration with your compliance team for validation.
Summary
Ours prioritizes secure and compliant data handling, allowing you to customize how data is shared with destinations. By leveraging privacy features like hashing, redaction, and exclusion, you can ensure your data remains secure while meeting regulatory requirements.
To get started:
- Review your destination configurations in the Destinations Overview.
- Explore Data Mapping to customize property handling.
- Use the Recent Events Dashboard to audit your data flows.
Updated 4 months ago