Skip to main content
  1. Hootsuite Help Center
  2. Manage customer care with Inbox 2.0
  3. Admins - Manage contacts

  Article updated: March 30, 2025

Protect PII with automatic message masking

Personally identifiable information (PII) refers to details that could be used to identify or infer the identity of an individual, such as credit card information and Social Security numbers. Sometimes people send sensitive information without realizing the risk. You can mask this data to protect it in Inbox 2.0.

Audience: Inbox 2.0 admins

Turn on masking options

Help protect customer information by turning on masking features in Inbox 2.0. Automatic masking features are restricted to certain plan types. If you don't see these options, visit the Hootsuite plans page to see if it is included in your plan.

  1. In Inbox 2.0, select Admin settings.
  2. Expand Privacy and security, and then select PII handling.
  3. Select one or more of the following masking options:
    • Allow manual message masking - Allow agents to mask content in messages.
    • Credit card number - Automatically mask credit card numbers. This feature is restricted to certain plan types.
    • Social Security number - Automatically mask social security numbers. This feature is restricted to certain plan types.

How automatic masking works

Automatic masking will detect and replace matching content, both in conversation history and in back-end storage systems, before it gets routed to agents. This works on all channels, both public and private.

In messages, Inbox 2.0 replaces the following with X:

  • The first 12 digits of credit card numbers (XXXXXXXXXXXX1234).
  • The first 5 digits of US Social Security numbers (XXXXX1234).

Dashes and single spaces within numbers do not affect detection or masking.

Inbox uses the Luhn algorithm to determine whether a number is a credit card number or another series of numbers. For Social Security numbers, Inbox 2.0 scans messages for numbers in a specific format: 3 digits, an optional space or dash, 2 digits, an optional space or dash, and 4 digits.

Mask content manually

Conceal the full text of inbound messages that contain sensitive information, both in conversation history and in back-end storage systems. This works on all channels, both public and private.

  1. Go to Inbox 2.0 and open a conversation in the agent workspace.
  2. Point to a message, select Message actions, and then select Mask.
Important: You cannot undo manual message masks.

This will replace all message content with asterisks (*), one for each character in the message. The message audit trail will say, “Message content masked by [Name] - [timestamp]."

 

Can't find what you're looking for? We're here to help