The client obfuscation feature has been implemented to address increasing concerns, from business owners, on how easy client data could be stolen. By limiting access to client data, risks of unauthorized use will be reduced.
See here for full details about this feature.
Limitations
- Obfuscation does not apply to APIs, webhook and connectors. It only applies to UI and staff notifications (alerts and emails). Data received/exchanged from API endpoints, webhook and connector payloads will not be obfuscated.
- Obfuscation is limited to client phone numbers, emails and addresses. It will not be applied to surveys and notes.
- Obfuscation is configured in a merchant’s booking rules. The Head Office can be used to configure multiple stores by pushing a configuration update.
- The FTP reports, exports and other features only accessible by manager roles (and higher) will not be obfuscated.
- The data is obfuscated at the client side application level, which means it is obfuscated on the screen. It’s acceptable that client data can be seen without obfuscation using a browser developer tools to look at the network packages, or doing a HTML view source. The obfuscation is done at the UI level.
- In case a merchant offers services at home or over the phone, obfuscation will prevent staff roles from delivering the service. Consequently, the following should be considered:
- Client obfuscation should not be activated.
- Grant such staff a higher staff role (admin, supervisor or manager).