This article explains the data retention and anonymization protocols for Connect.
This page contains the following options:
Anonymization
An essential aspect of Connect is how data is imported and exported. To perform this function, it is necessary to recognise which data types (like orders or checkouts, or activities) have been created by the same contact, even if this occurs a while after the initial order. At the same time, personal data should not be saved longer than necessary due to GDPR concerns.
To cater to both of these needs, Connect has an anonymization protocol. Any personal data from an order, checkout and contact will be anonymized 12 months after the last account activity that can be associated with the data. This means that personal data is replaced with values such as xxx or - so that it cannot be recognised when opening the Connect account. This process is irreversible; anonymized data cannot be restored on its own. When a contact, order, or checkout is anonymized, it will show on the detail page timeline with a message (see screenshot below).
Anonymized data is excluded from export to external platforms. That means that data is only anonymized in Connect - these changes will not necessarily be reflected in external platforms.
Please note: Anonymization only applies to personal data such as names, email addresses and shipping addresses. Order and checkout data that do not qualify as personal data (such as order numbers, or barcodes of products) will remain unchanged.
Hashing e-mail addresses
While all personal data is scrubbed and removed from the order, checkout or contact, e-mail addresses are saved - in a way. Instead of being completely removed, Connect saves the hash of the email address. Hashing is based on a cryptographic algorithm, and means that the e-mail address is converted into a scrambled chain of characters known as a hash. Hashing only works one way, meaning it is impossible to revert the hash to the original e-mail address, which is the anonymization part of this protocol.
Hashing is reproducible though: the same input (i.e. e-mail address) will always produce the same hash. When new contact, order, or checkout data is imported through the connectors, the hash of each e-mail address is compared to saved hashes from anonymized data. If the new hash matches one of the existing ones, the associated pages and profiles are updated awith the data coming in through the connector. After 12 months of inactivity, the data will be anonymized again. This approach ensures functionality without compromising privacy.
Changing the data retention period
The default data retention period is 12 months. If 12 months is too short for daily operations, the data retention period can be adjusted in your account's general settings. You can finetune retention periods separately for orders, checkouts, contacts, and organisations.