Attribution

Privacy-safe campaign attribution
PHI guard active
Events ingested
0
Safe events in attribution
PHI events blocked
0
Rejected before storage
Fields protected
0
Tokenized or masked
PHI leak rate
0.0%
Into analytics store

Attribution by source

Conversions credited across the funnel

Attribution by campaign

Only privacy-safe events counted

Event ingestion & PHI guard

Paste an event payload. Redactor detects protected health information, blocks or redacts it, and only safe events reach the attribution store. Every decision is written to the audit log.
Redactor screens for names, emails, phone numbers, SSNs, MRNs, dates of birth, and diagnosis/condition fields, exactly the identifiers HIPAA treats as PHI.
Ingest an event to see the PHI decision and the stored, safe payload.

Conversion paths

Journeys shown by tokenized visitor. PHI fields are never rendered.
VisitorPathConvertedPHI in source
Each visitor is a one-way token. The original identifier is never recoverable from analytics, so a conversion path can be analyzed without ever exposing who the patient is.

Audit log

TimeDecisionReasonEvent token

Block events containing PHI

Reject any event where PHI cannot be safely redacted. When off, PHI fields are redacted instead of blocking the whole event.

Tokenize visitor identifiers

Replace emails and user IDs with one-way tokens before storage.

Redact free-text fields

Scan notes and message fields for PHI patterns and mask matches.

Write to audit log

Record every ingestion decision for compliance review. Required for auditability.

These controls demonstrate the privacy posture the platform manages. This is a HIPAA-aware architecture proof, not a certified compliance product; certification is issued by your compliance auditor.