What is message redaction?

Message redaction is a feature in Sonar that allows a user to permanently remove the content of a message without deleting the entire message record.

The content of a message is comprised of:

The body (i.e. "text") of a message
Any attachments (images, videos, contact cards, etc.) that may have been sent with an MMS message

Once redacted, the message content is no longer accessible from Sonar by any method: the Sonar interface, message export*, or APIs (get conversation by id or get GDPR).

* Redacted messages will still be included in the message export however message content will be removed or replaced as described below in the reporting section

Why redact a message?

Even if your business follows best practices by using only secure channels for exchanging sensitive information, your customers may still send sensitive information over SMS/messaging. Redaction allows you to reduce the risks associated with having access to sensitive information that customers may have sent over SMS/messaging. Sensitive information could include:

Personal Identifiable Information (PII)
Protected Health Information (PHI)
Payment Card Information (PCI) or other sensitive financial information such as bank account numbers

How to redact a message

When viewing a thread, you can click the ellipsis icon next to any message to open a menu that contains a Redact Message button.

After clicking Redact Message, you'll see a warning modal like this screenshot below. If you're confident you're ready to permanently redact the message click REDACT.

After clicking REDACT the message body will be replaced with "(This was redacted because it contained sensitive information)" and any attachments will disappear. You'll also see a conversation event added to the thread.

Reporting

The message export is a CSV report that contains all messages sent or received from your Sonar account. Messages that have been redacted will still be included in a message export.

These columns in the message export normally capture message content and are updated, as described below, when a message is redacted.

text: this is the column that normally contains the body of a message. It will contain "(This was redacted because it contained sensitive information)" for messages that have been redacted.
media_url: this is the column that normally contains the URL to the attachment(s), if any, that were sent with an MMS message. This field will be blank for messages that have been redacted.

These columns in the message export provide some information about who redacted a message and when.

redact_user_email: this is the email address of the user who initiated the redaction
redact_request_received: this is the timestamp of when the user clicked the [REDACT] button in the warning modal
redact_started: this is the timestamp of when background processing began
redact_completed: this is the timestamp of when background processing finished

Notable facts

Redacting a message only removes message content from Sonar databases and systems. Sonar cannot delete data from 3rd party systems/applications such as:
- Your customer’s mobile phone
- Telecommunications providers
- Any system that obtained a record of a message from Sonar before redaction occurred. "Any system" includes applications that are integrated with Sonar and have obtained records of messages via automatic methods like webhooks or APIs and also includes devices or applications where a user manually saves message content by, for example, screenshots, copy/paste, or saving or uploading a Sonar message export.
Redaction must be enabled for your Sonar account. Reach out to your Sonar representative or our team at [email protected] to have redaction enabled on your account.
Sonar redaction does not occur automatically; it must be initiated by a user.
Users will see redaction happen almost immediately. However, background processes take a few seconds to a few minutes to fully remove message content from the Sonar system.
Redaction is permanent and can’t be undone.