![duel_logotype-1.png]](https://info.duel.tech/hs-fs/hubfs/duel_logotype-1.png?height=37&name=duel_logotype-1.png){kind=small}
Hashed Emails
Why Use Hashed Emails?
Hashed emails (using SHA-256) are one way representations of email addresses. Instead of sending plain text emails, brands can send hashes, which Duel then compares with hashes we’ve generated from emails already in the dashboard.
If the hashes match, we can confidently associate orders with specific individuals, all without ever needing to transmit or store raw email addresses. This ensures secure attribution while maintaining data privacy and compliance.
Formats Supported
Duel's order attribution endpoints accept either:
- A plain text email address:
email=customer@example.com
- A SHA-256 (UTF-8) hashed email:
email=34d700fd0814f69e63e7dc8c540fe982c693afe0c65d0309cce55a6110b93c0b
Preparing Emails for Hashing
The system seamlessly identifies SHA-256 hashes with UTF-8 encoding (which consist of 64 hexadecimal characters) without the need for any extra parameters.
Before sending the hashed email, ensure the following steps are completed:
-
Convert the email address to lowercase.
-
If the email domain is gmail.com or googlemail.com, remove all dots from the username portion of the email address (i.e. the part before the “@”).
Implementation Tips & Best Practices
For new integrations, we recommend setting up hashed emails from the start to ensure a smooth and future-proof implementation.
For brands that are already live on Duel, transitioning to hashed emails can require some additional steps. If you’re considering this, feel free to reach out to our team for guidance and support.