Articles in this section

See more

Masking sensitive information

Avatar
Kate Hueter
  • Updated
Follow

At times requesters may need to obtain sensitive information from their signers. To protect signers’ privacy and to add an extra layer of security, requesters can mask a field within a document to hide sensitive information.

Masking fields is available on Premium plans.

How to mask fields

To mask a field:

  1. Place a Textbox field on your document.
  2. Under Text options in the right sidebar, toggle Mask Typed Text to On
  3. Enter a description in Field Name to replace the default text (e.g., employee ID, date of birth, or address). 
  4. Finish editing your document and send the request as you normally would. 

Select mask text options

The signer’s experience

Once the signer has entered their information, the text will be replaced by asterisks. If the signer wants to confirm the information, they can click back into the field to view or edit the text. 

The final PDF copy that is sent to all parties (the requester, the signers, and any individuals who've been CC'd) will display asterisks in place of sensitive data. The signers don’t have any access to the data once the signature request has been submitted. 

Displaying masked text in the signer experience

How to retrieve data in masked fields

All masked field information will be hidden, replaced by asterisks on the preview of the signer page, the signer page (unless it’s being edited by the signer themselves), and the finalized PDF. 


To view the data:

  1. Sign in to your account.
  2. Click Documents in the left sidebar and locate the correct document.
  3. Click the downward arrow to the right of the document’s title.
    Select Download as CSV.

The CSV download will contain all of the data requested in the document as well as document ID, template ID, role of the signers (if using a template), time signed and x-y coordinates of the fields on the document. 

Retrieve data in masked fields 

Note

  • If the signature request was sent via the API, the response data will need to be retrieved by an API call, rather than by downloading the CSV from hellosign.com.
  • When opening the CSV download in Microsoft Excel, all date fields, the signed timestamp, and the signed date will default to your preset Excel date format. This default format can’t be modified by HelloSign.
  • When opening the CSV download in an application other than Excel, the signed timestamp format will appear as YYYY/MM/DD and the signed date format will populate in the same format as set in the signed document. 

Who can access masked data

Org admins can download the CSV and can determine who else has access to the CSV files. 

To change team-wide settings:

  • Sign in to your admin account.
  • Hover over your email address in the upper-right corner.
  • Click Admin Console.
  • Click Settings in the left sidebar.
  • Click Documents and Templates in the left sidebar.
  • Locate the Allow sender to download document data as a CSV option and toggle the feature on or off.

Note: For API plans, this is only available in the embedded editor flows.

Control who has access to masked data within the HelloSign API

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk