Hashing, Normalization, and Redaction in Ours Privacy: How to Control Your Data Flow

When you send data through Ours Privacy, you have complete control over how that data looks before it leaves your system. This guide walks you through the modification options available and why they matter for data privacy and platform compatibility.

What Happens to Your Data

Here's the flow:

1. Data comes in → Events are captured in Ours Privacy

2. You decide → How each field should be modified before dispatch

3. Data goes out → To destinations like Meta, Google, or your CRM

The key is step 2: you control exactly what gets sent and how it's formatted.

Your Modification Options

In the Ours Privacy mapping UI, you can choose how to handle each field:

1. Normalize - Clean Up the Format

Standardize how data looks across all your sources.

Example:

• " TylerZey@Gmail.com " → "tylerzey@gmail.com"

• "+1-555-123-4567" → "+15551234567"

When to use: When you want consistent formatting for matching or when downstream platforms expect specific formats.

2. Hash - One-Way Encryption

Convert sensitive data into a fixed-length string that can't be reversed.

Example:

• "tylerzey@gmail.com" → "9c5e6ab3f8d2e1c4a7b9f6e3d8c1a4b7f9e2d5c8a1b4e7f9d2c5a8b1e4f7c9"

When to use: When you need to match data across platforms without exposing the original value.

Important: Hashing protects data in transit but doesn't make it anonymous. As the FTC noted in 2024, "hashing still doesn't make your data anonymous." Industry experts have long pointed out that email hashing's "invincibility" was overstated (AdExchanger, 2015).

3. Hash + Normalize - The Ad Network Standard

First normalize, then hash. This is what Meta, Google, and other ad platforms require.

Example:

• " TylerZey@Gmail.com " → normalize → "tylerzey@gmail.com" → hash → "9c5e6ab3f8d2e1c4a7b9f6e3d8c1a4b7f9e2d5c8a1b4e7f9d2c5a8b1e4f7c9"

When to use: For email addresses going to ad platforms that require hashed PII.

4. Redact - Remove Completely

Set a field to null so it's never sent.

Example:

• "tylerzey@gmail.com" → null

When to use: When you don't want to send certain data at all, or when a destination doesn't need it.

5. Clean URLs - Remove Sensitive Parts

Strip out query parameters, fragments, or entire paths from URLs.

Example:

• "" → ""

When to use: When URLs contain tracking parameters or user identifiers you don't want to expose.

Why These Options Matter

Privacy Protection

• Hashing prevents raw PII from being visible in transit

• Redaction ensures sensitive data never leaves your system

• URL cleaning removes embedded identifiers

Platform Compatibility

• Ad networks require hashed emails for matching

• CRMs expect normalized phone numbers

• Analytics tools need clean URLs without tracking params

Data Quality

• Normalization ensures consistent matching across sources

• Standardized formats reduce errors in downstream systems

Real-World Example: Email Marketing Campaign

Let's say you're sending customer data to Meta for a retargeting campaign:

You send this via the Ours Privacy web SDK:

Which creates this raw event (visible in your Recent Events dashboard):

You can verify all of this in Recent Events:

• Raw events - see exactly what data was captured

• After allow-listing - see the dispatches and how your modification settings transformed the data

Your Ours Privacy settings:

• Email: Hash + Normalize (Meta requirement)

• Phone: Normalize only (CRM needs readable format)

• UTM source: Redact (Meta doesn't need this)

What gets sent to Meta:

Result: Meta can match your customers for retargeting without seeing their actual email addresses, and you've only sent the data they actually need.

Getting Started

1. Identify sensitive fields in your data (emails, phones, user IDs)

2. Choose modification strategy based on destination requirements

3. Test your modifications in the Ours Privacy UI

4. Verify data flow to ensure destinations receive what they expect

For more detailed information on how events work in Ours Privacy, see our Understanding Events guide. To learn about controlling which events are sent to specific destinations, check out Allow-Listing Events.

Key Takeaways

• You control the data flow - nothing leaves without your say-so

• Hashing protects privacy but doesn't make data anonymous

• Normalization ensures consistency across all your sources

• Redaction gives you an out when you don't want to send data

• Platform requirements drive choices - Meta needs hashed emails, CRMs need readable phones

The goal is simple: send only what's necessary, in the format that works, while protecting what's sensitive. Ours Privacy gives you the tools to make those decisions field by field, destination by destination.