Introducing Identifier Field Level Encryption: Enhancing Privacy and Security with Braze

The need for better privacy and data security measures is only growing more pronounced —especially for customers in highly regulated industries or operating in very privacy-driven jurisdictions. At Braze, we understand that data protection measures must evolve alongside or even ahead of wider industry changes. That's why we're excited to introduce Identifier Field Level Encryption, an innovative solution designed to empower brands to securely manage personal data and send email campaigns with Braze. While brands have always been able to pull in personal data to emails at send time using our Connected Content dynamic content personalization tool, it is now also possible to store encrypted email addresses in Braze, as opposed to plain text email addresses.

Why Identifier Field Level Encryption Matters

Brands in privacy-focused industries such as financial services, healthcare, and media face unique challenges when it comes to sharing personally identifiable information (PII) and managing data retention with third parties. With Identifier Field Level Encryption, we address these challenges head-on by providing a secure way to handle encrypted email addresses without compromising on efficiency or flexibility.

Identifier Field Level Encryption Key Benefits

Enhanced security

Our encryption solution leverages the AWS Key Management Solution (KMS) to encrypt email addresses. This allows email addresses to be only decrypted at the time of sending, and not stored in plaintext within Braze. This added layer of security boosts confidence in building and sending campaigns. By utilizing AWS KMS, customers also benefit from secure practices such as auditing and monitoring capabilities, access controls, and built-in key rotation.

In addition, using Identifier Field Level Encryption can help brands demonstrate their commitment to privacy by design by protecting user data through industry-standard encryption methods.

Seamless integration

Brands can rely on Braze as a central solution to effortlessly and securely coordinate message delivery across various channels. By integrating with the high-performing AWS KMS, we create a smooth and efficient process designed to minimize impact on sending speed.

Scalability

Our solution is designed to minimize the impact on sending speed and efficiency by leveraging AWS KMS. Accordingly, as your subscriber base and email volume grow, your campaigns can remain swift and effective without any additional infrastructure investment.

How It Works

1. Encryption with AWS Key Management Solution (KMS)

Brands use a managed service, AWS KMS, to encrypt their email address values. This process allows brands to use industry-standard methods of encrypting their data and Braze can only access their decrypted data under the proper controls.

2. Decryption at send time

At the time of sending, Braze makes a call to AWS KMS to decrypt the email address. This means that the decrypted email address is only used during the email send process and is not stored within Braze.

Our Vision for the Future

At Braze, we are committed to providing our customers with the tools they need to succeed in a privacy-focused world. Identifier Field Level Encryption is a testament to our commitment to offering enhanced security, seamless integrations, and solutions for managing data.

We aim to eventually extend this solution to include phone numbers and additional user-level attributes ensuring that even more personal data can be encrypted. Additionally, we plan to also explore partnerships with other encryption providers and support encryption during data ingestion. Finally, to support data residency regulations, we’re planning to add data centers in additional regions.

For more information, view our technical documentation or contact the Braze team.

Forward Looking Statements

This blog post contains “forward-looking statements” within the meaning of the “safe harbor” provisions of the Private Securities Litigation Reform Act of 1995, including but not limited to, statements regarding the performance of and expected benefits from Braze, its products and features, including the Identifier Field Level Encryption for email, and Braze’s anticipated development of similar products and features in the future. These forward-looking statements are based on the current assumptions, expectations and beliefs of Braze, and are subject to substantial risks, uncertainties and changes in circumstances that may cause actual results, performance or achievements to be materially different from any future results, performance or achievements expressed or implied by the forward-looking statements. Further information on potential factors that could affect Braze results are included in Braze’s Quarterly Report on Form 10-Q for the fiscal quarter ended July 31, 2024, filed with the U.S. Securities and Exchange Commission on September 6, 2024, and the other public filings of Braze with the U.S. Securities and Exchange Commission. The forward-looking statements included in this blog post represent the views of Braze only as of the date of this blog post, and Braze assumes no obligation, and does not intend to update these forward-looking statements, except as required by law.