Skip to main content
This topic provides you with a view into the onboarding of Raw PII data into Zeotap and how Zeotap treats and stores this information securely within your account.

Key Benefits

The following are some of the key benefits:
  • It opens up the activation of your customer data across channels, which only works with raw identifiers.
  • Zeotap makes the RAW PII data accessibility happen without compromising data governance and security.
  • Raw PII identifiers enable better ID resolution over one-way hashed values.

How To Onboard Your Raw PII Data in Zeotap?

Data Ingestion and Catalogue Mapping

Raw PII can come from any source like flat files, javascript, pixels and mobile SDKs. The common steps to be followed for any source type is to define your Raw PII in your org’s catalogue.
Note:Flagging the raw PII fields in your org’s catalogue is a critical step and is the responsibility of the org.
For streaming sources, some additional implementation level steps are required to pass the raw data through our native sources like Web Js, GTM, pixel tags. Follow the steps as mentioned in the respective links below.

Web JS Implementation Guide for Raw PII Data

GTM Implementation Guide for Raw PII Data

How Raw PII Data is Stored and Processed Within Zeotap

Encryption

Any data that is marked as Raw PII in your organisation’s catalogue, is encrypted before ingesting and storing it in our graph or Big Query table. The PII information is masked across the UI for all roles once it is classified by you in your organisation’s catalogue. The encrypted data is only available to the downstream systems for activation purposes.
Note:Zeotap uses the RSA Encryption Algorithm as the encryption algorithm.
If any channel (source) accepts or requires only raw PII IDs like email addresses or phone numbers to execute the campaign set up by you, then the system decrypts and pushes such information as per the set-up and as required by the selected channel (Source). The channel qualified for the raw data push is flagged as Accepts Raw PII in the channel set-up as well as the channel selection screen. Hence, look out for this flag to identify such channels at the time of activation.

Destination

When data is pushed to any destination that requires raw PII data, the data is encrypted at the field level in the database and decrypted during the upload process. Since the destination does not receive encrypted PII, no key is required because the destination prefers the data in raw format.

Access Control

Your data in the BigQuery or GCS buckets can only be accessed by users who have the role of a Client Admin and Editor in Collect. However, for the purpose of debugging or product support, the Zeotap representative can raise a request to the Admin of the account. Only after the approval of this request, the Admin gets timed access to your BigQuery or GCS bucket.
Last modified on February 26, 2026