Hashed data refers to information that has undergone a one-way transformation using a hash function. This function takes something like an email address and turns it into a unique set of characters.
The key points about hash functions are:
-
Consistency: They consistently produce the same output for the same input (each email generates a distinct hash).
-
Irreversibility: It's impossible to reverse the hash back to the original email address. While you can create a hash from an email, you can't derive the email from the hash. This technique helps in storing identifiers that correspond to specific email addresses in our platform, particularly for existing customers. We use "salted" hashes, combining the email address with a secret key, making it harder for outsiders to link hashes to emails.
In our platform Customer section, when we find a hashed record for an email address, it means we've stored that email address as a hash. We store a hash in two cases:
- When a client launches with us, we ask for an existing customer list. This contains a list of existing customers.
- When someone makes an order with one of our clients
In both cases, we exclusively use the data to indicate that they've had a relationship with the brand at some point in the past, and that as an existing customer they cannot claim a reward. We do not use it for anything else.
Here's what a record in our Customer section might look like when we only have the hash:
You may also find it useful to know a crucial distinction between hashing and encryption.
-
Hashing is a one-way process that converts data (like an email) into a unique string of characters. This transformation is irreversible, meaning you can't reverse it back to the original data. Hashing doesn't involve keys and doesn't allow retrieval of the original information from the hash.
-
Encryption, on the other hand, is a two-way process that transforms data into a string of characters using a key. It's reversible, meaning you can decrypt the data back to its original form if you possess both the encrypted string and the key. If you have the encrypted string and the specific key, you can recover the original information.
It's important to know we store the data hashed. So we cannot go back and re-create the email.