Holibob Docs

PII Encryption

PII Encryption

Info: > Note: Last updated on 23 Oct 2025 Protecting consumers’ personal information is a top priority for us. To ensure privacy and compliance with regulations like GDPR, all personally identifiable information (PII), such as names, emails, and phone numbers shared through our shopping cart and checkout, is encrypted and access-controlled. Only authorised users with the right permissions can view or manage this sensitive data.

Key Benefits

  • Enhanced Security: All consumer PII is encrypted both at rest and in transit, reducing the risk of unauthorized access.

  • Regulatory Compliance: Our approach supports GDPR and other privacy regulations, helping you meet your legal obligations.

  • Controlled Access: Only users with specific permissions can view or decrypt PII, ensuring data is only accessible to those who need it.

  • Operational Integrity: Data is protected throughout its lifecycle, including during searches, updates, and analytics.

How It Works

  • When a consumer enters their details in the shopping cart or checkout, their PII is immediately encrypted using industry-standard methods.

  • Encrypted data is stored securely and can only be decrypted by users with the appropriate permissions.

  • Searching for consumers by PII (such as email or phone) is supported, but only for exact matches; partial searches are not available for privacy reasons.

  • When viewing consumer records, PII fields are obfuscated unless you have permission to decrypt and view the actual data.

Partners’ Action

  • Ensure your team members who need access to consumer PII have the correct permissions assigned.

  • Use exact email or phone numbers when searching for consumers, as partial matches are not supported for PII fields.

  • If you need to update consumer PII, ensure this is done by authorized users through approved channels.

  • Regularly review your team’s access permissions to maintain security and compliance.

Additional Notes

  • We do not store or process payment card information directly; this is handled by our payment providers.

  • All PII is removed or anonymized when it is no longer needed, further reducing risk.

  • Regular security audits and penetration tests are conducted to ensure ongoing protection of consumer data.

  • If you have specific requirements for data retention or deletion, please coordinate with us to ensure compliance.

Support / Questions

If you have any questions or need further support, please contact your account manager or our support team. We are here to help you provide the best possible experience for your consumers.