Skip to main content

Privacy

Privacy guidelines

Overview

The API is designed to encourage and enforce "privacy by design" in clients using the API. The following guidelines apply to all API clients:

Only fetch necessary profile attributes. Use the filter support in the API to limit what is returned from the user profile.
Always use the system user profile ID, which is the hash of the identifiers in the Hii Retail IAM token, in the client application. Never use the actual identifiers found in the token as keys in your own data model.
Add user attributes in this service and not in your own data model.

Security

The API implements the necessary security measurements to be compliant with regulations.

Data is encrypted at rest and in transit
Both data access and mutations are logged for internal auditing.

Overview
- Security