# impact.com Customer Email Hashing Explained

impact.com applies HMAC hashing to user identifiers you send us to safeguard your customers' personal information and prevent fraudulent network use. This means that regardless of whether you send a raw value, a SHA-1 hash, or an HMAC value, impact.com will always store and return the HMAC hashed version.

## Where does the hashing apply?

Additional HMAC hashing is applied to values you send us in the following fields.

| Method                                                                                                                                                                          | Field                    |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
| [UTT](https://integrations.impact.com/impact-brand/docs/javascript-utt-tracking-integration)                                                                                    | `customerEmail`          |
| [Conversions API](https://integrations.impact.com/impact-brand/reference/conversions-model)                                                                                     | `customerEmail`          |
| Advocate [REST API](https://integrations.impact.com/impact-brand/docs/saasquatch-rest-api-1) and [GraphQL](https://integrations.impact.com/impact-brand/docs/graphql-reference) | `userId` and `accountId` |

{% hint style="success" %}
**Note:** If you have an Advocate program and want to use custom, non-email identifiers, then you can request that additional hashing be turned off. However, turning it off will result in reduced functionality for your program. Reach out to our [support team](https://app.impact.com/secure/advertiser/support/customer-support-portal-flow.ihtml) if you have any questions.
{% endhint %}

## How does this affect data I send to impact.com?

The additional hashing doesn't affect your implementation with impact.com. However, keep in mind the following when calling endpoints:

* For `GET` endpoints, the response will include the HMAC hashed value for the `customerEmail`, `userId` and `accountId` instead of the value you originally sent us.
* For creation and retrieval endpoints, including upsert and lookup actions, you can send any of the following values for the fields:
  * The original ID value you sent us, e.g., their raw email address
  * The SHA-1 hashed value
  * The HMAC value


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://integrations.impact.com/integration-guides/for-brands/tracking-integrations/impact.com-customer-email-hashing-explained.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.