Attribution
Privacy-safe campaign attribution
Events ingested
0
Safe events in attribution
PHI events blocked
0
Rejected before storage
Fields protected
0
Tokenized or masked
PHI leak rate
0.0%
Into analytics store
Attribution by source
Conversions credited across the funnelAttribution by campaign
Only privacy-safe events countedEvent ingestion & PHI guard
Paste an event payload. Redactor detects protected health information, blocks or redacts it, and only safe events reach the attribution store. Every decision is written to the audit log.Redactor screens for names, emails, phone numbers, SSNs, MRNs, dates of birth, and diagnosis/condition fields, exactly the identifiers HIPAA treats as PHI.
Ingest an event to see the PHI decision and the stored, safe payload.
Conversion paths
Journeys shown by tokenized visitor. PHI fields are never rendered.| Visitor | Path | Converted | PHI in source |
|---|
Each visitor is a one-way token. The original identifier is never recoverable from analytics, so a conversion path can be analyzed without ever exposing who the patient is.
Audit log
| Time | Decision | Reason | Event token |
|---|
Block events containing PHI
Reject any event where PHI cannot be safely redacted. When off, PHI fields are redacted instead of blocking the whole event.
Tokenize visitor identifiers
Replace emails and user IDs with one-way tokens before storage.
Redact free-text fields
Scan notes and message fields for PHI patterns and mask matches.
Write to audit log
Record every ingestion decision for compliance review. Required for auditability.
These controls demonstrate the privacy posture the platform manages. This is a HIPAA-aware architecture proof, not a certified compliance product; certification is issued by your compliance auditor.