Skip to main content
Client obfuscation

How to hide client data for security and privacy purposes

Updated over 2 months ago

The client obfuscation feature has been implemented to address increasing concerns, from business owners, about potential data theft. By limiting access to client data, risks of unauthorized use will be reduced.

Objectives

  • Deter staff from stealing client data while still allowing them to find and identify a client when required.

    • Prevent staff from taking screenshots of customer contact information, while still allowing a staff to find a customer using name, phone and email search.

  • Protect the business owner by preventing unethical handling of client data that could harm the business and reputation of the store/company.

  • Protect the client by ensuring that their data is used responsibly by the store staff, and only for purposes that they have consented to with the business (not using their information for unsolicited services outside of the store by store staff, avoiding unauthorized/unwanted contact with the client by store staff).

  • Foster a trusting relationship between business and client, where the client trusts that the store staff is handling their personal information responsibly and accordingly.

  • Avoid conflict of interest between employees who offer competing services outside of the business and business hours, on their own time by preventing them from being able to use client data for their personal gain.

  • Obfuscate data based on user roles, by controlling which staff see what client data and when (permissions below).

  • Increase overall store adoption of client data obfuscation.


Impacted Products

Client obfuscation will impact the following products for the features listed below.

  • Back Office and Head Office

    • Bookings, client list and client summary page.

    • Print schedules from the Back Office.

    • Staff notifications posted in the Back Office.

    • Booking notifications and daily reminders.

  • Mobile Application

  • Tracking Page v3 (used by staff to edit bookings)

    • *Note: Staff tracking page will be disabled if obfuscation is enabled

  • Check-In Mobile App

  • Staff alerts and emails


Obfuscation Rules

Booxi will obfuscate client data based on the following rules:

Permissions

  • Staff and Restricted Staff user roles (aka staff roles) are impacted by obfuscation; Administrator, Supervisor and Manager user roles (aka manager roles) are not affected by obfuscation (i.e. they can view all client data).

Rules

  • All phone numbers will be displayed as * except for the last 2 digits.

    • Example: (***)***-**34

  • All eMail addresses will be displayed as *** except for the first two characters and the domain name.

  • Addresses and postal codes will be displayed as ********.

  • Client’s gender is not obfuscated.

  • Client’s date of birth is not obfuscated.

  • Copy/pasting obfuscated data from fields will not copy/paste the unobfuscated value. This is applicable to all impacted products

  • For shared clientele, data will be obfuscated based on a merchant’s configuration. Therefore, client data may be clearly displayed if obfuscation has not been activated for a given merchant.


Activation/Deactivation

Back Office

  • Obfuscation is enabled or disabled with the use of a toggle button at the merchant’s Booking Rules level. This feature is visible and usable only by staff with Admin, Supervisor or Manager roles.

Head Office

  • Obfuscation can be activated or deactivated by pushing updated booking rules.

  • Creating stores from a store template will copy/transfer its obfuscation configuration to all new stores.


Obfuscated Data

Lists and Search Results

In the Back Office, the email address and phone numbers associated with a client will be obfuscated when browsing the client list and when viewing the results of a search. See screen captures below.

Lists

Search Results

Screenshot at May 23 16-37-39
Screenshot at May 23 16-38-26

In the Mobile Application, the same client data will be obfuscated. See screen captures below.

Lists

Search Results

Screenshot at May 23 16-40-19
Screenshot at May 23 16-40-31

Client Details

In the Back Office, a client’s email address, phone numbers (mobile and home) will be partially obfuscated when browsing the client’s details and summary page. The client’s home address will be entirely obfuscated (street name and postal code). See screen captures below.

Summary

Details

image14-1

In the Mobile Application, the same data will be partially obfuscated (email and phone numbers) or obfuscated (home address and postal code) as shown in the screen captures below.

Summary

Details

image13-1
image5-2

Message History

In the Back Office, a client’s email address and phone number will be partially obfuscated when browsing the message history or when sending a new notification/message.

Message History

Notify

image7-1
image9-1

Booking Previews / Details

When viewing appointment summary from a calendar, email address and phone number associated with clients will be partially obfuscated. See screen captures below.

Appointment

Group event

image17

In the Mobile Application, the same client information will be partially obfuscated (email address and phone number) as shown in the screen captures below.

Appointment

Group event

image6-1

Staff Booking Notification Emails and Daily Reminders

Client’s email address and phone numbers will be partially obfuscated in all staff booking notification emails and daily reminders received by email or SMS. See screen captures below.

Staff Daily Reminder eMail

SMS

image3-2
image20

Staff Booking Notification Emails

Screenshot at Apr 30 10-50-52

Alerts

Client’s email address and phone numbers will be partially obfuscated in staff alerts. See screen captures below.

Back Office

Mobile Application

image18
image19

Invoices and Receipts

When client obfuscation is activated, invoices and receipts will no longer be accessible by staff unless their role is Manager, Supervisor or Admin.

Did this answer your question?