Customer data privacy

Updated 3 months ago ​by Ram Goli

Your clients may enter sensitive information like Credit Card numbers or Social Security Numbers into their messages. When these messages come into Gorgias, this sensitive information is automatically obfuscated/scrambled so your agents don't have access to it. 

How does it work?

Before a new message is stored our database, it is scanned for records that fit the format of sensitive numbers; if any credit card numbers or social security numbers are detected, they are automatically obfuscated or stripped before being stored in the database and displayed to agents and users. Your clients' sensitive numbers are never stored by Gorgias. 

Numbers that are between 13 and 19 digits long are considered for obfuscation. This is the length of most major credit card number. The Luhn algorithm is then used to validate the credit card number. The number is obfuscated only when it passes validation. The last four digits of the card number are preserved; the rest are replaced with a special character (*).

For example, if an incoming ticket contains the text:

  • "My credit card number is 4532 0151 1283 0366."

It is stored in Gorgias as:

  • "My credit card number is **** **** **** 0366."

Tickets that contain a string with valid social security numbers are also obfuscated. 

If an incoming ticket contains the text:

  • "I need help. My social security number is 123-45-6789

It is stored in Gorgias as:

  • "I need help. My social security number is ***-**-****

Note: This obfuscation satisfies Requirement 3 of the Payment Card Industry’s Data Security Standard (PCI DSS), "protecting stored cardholder data". 

Gorgias performs these privacy checks automatically with no work required on your part, so you can be assured that your users' sensitive data remains hidden!


How did we do?