PII Data Masking in Logs — CX 5.5.0

CX masks Personally Identifiable Information (PII) in all application logs to protect customer and agent data. Masking ensures that sensitive fields — such as names, contact details, and conversation content — never appear in plain text in system logs, supporting your data privacy and compliance obligations.

What Changed in CX 5.5.0

Prior to CX 5.5.0, the log masking configuration was overly broad — several non-PII fields were masked alongside genuine personal data. This reduced log readability and made troubleshooting slower for operations and support teams.

From CX 5.5.0, masking patterns have been refined to target only fields that genuinely contain personal data. Non-sensitive operational and diagnostic fields now appear in plain text, giving ops and support teams clearer logs without reducing compliance coverage.


Before CX 5.5.0

From CX 5.5.0

Scope

Broad — PII and non-PII fields masked

Targeted — PII-only fields masked

Log readability

Reduced — diagnostic fields obscured

Improved — operational data visible

Compliance coverage

Maintained

Maintained

Fields Masked in Logs

The following categories contain fields that CX masks in application logs. Masking applies to fields classified as Strict PII — direct or quasi-identifiers that can identify a natural person.

Data Category

Examples of Masked Fields

CIM Message — Customer

Customer first name, last name, phone number, email, channel identifiers

CIM Message — Conversation Content

Message body text, contact cards, media URLs, email content

Agent Identity

Agent display name, username

Bot Data

Raw customer text sent to bots, bot-generated responses

Channel Data

Channel-specific customer identifiers

Socket Events

Full CIM message payloads within WebSocket events

Fields that carry system metadata, configuration values, status enums, boolean flags, timestamps, or internal technical identifiers are not masked — these appear in plain text from CX 5.5.0 onwards.

Applying the Updated Masking Configuration

The logback configmap replacement steps required to activate the updated masking patterns are included as part of the Core Helm chart deployment in the upgrade guide below. No separate action is required outside of the standard upgrade process.

If you are upgrading from CX 5.4.0, follow the CX 5.4.0 → CX 5.5.0 Upgrade Guide — the logback configmap steps are embedded in Step 3 (Deploy the Core Helm chart). Completing the standard upgrade automatically applies the refined masking patterns.