Data field controls
Admin onlyConsent tracking
User data deleted
u_3374 · all fields purged · logged
12
Fields not captured
9,420
Consents recorded
34
Deletions this month
Privacy that's built in,
not bolted on.
Administrators have full control over what data is captured, how long it's kept, and how it's deleted — at the field level, the user level, or across the entire account.
How it works
Full control. Nothing hidden.
Privacy Controls gives administrators granular oversight over every piece of data encatch touches — from what is recorded in the first place to how long it is kept and who can act on it.
PII & data field controls
Decide exactly what gets recorded.
Administrators can inspect every field encatch collects and choose to mask it, exclude it entirely, or allow it through. Settings apply uniformly — including to anonymous visitors. No data should slip through because someone forgot to configure it.
Mark any field as PII — it will not be captured. Applies to all users including anonymous.
Anonymous user data is subject to the same controls as identified users.
Changes take effect immediately across all future data ingestion.
User data field settings
Applies to all users, including anonymous visitors — no exceptions.
Cookie-less mode
Coming soonFeedback that works without cookies.
When a website visitor declines cookies, standard tracking stops — but feedback collection doesn't have to. Cookie-less mode lets manual feedback forms operate in a session-scoped, cookieless context so responses can still be gathered without violating consent preferences.
No cookies written — fully compliant with browser consent signals.
Manual feedback forms remain functional for cookie-declining visitors.
Session-scoped operation: no cross-session identity stitching.
Cookie-less mode
Visitor denies cookies
Feedback still collected
Session-scoped, cookieless — fully compliant
Deletion controls
Erase what you don't need to keep.
Administrators can delete an individual user's data in full, remove a specific field from all stored responses, or set automated retention windows that purge records once they age out. Every action is surgical and irreversible — and every action is logged.
User-level deletion: purge all responses, traits, and session data for one person.
Field-level deletion: strip a specific attribute from all stored responses account-wide.
Scheduled retention: data older than the configured window is purged automatically.
Deletion actions
Delete user
All data for u_3374 purged
Delete field
email removed from all responses
Scheduled purge
Responses older than 90 days
Every deletion is recorded in the audit log — who triggered it and when.
Audit log
A complete history of every admin action.
Every deletion, field change, retention update, and scheduled purge is written to an immutable audit log — recording who triggered it, what was affected, and when. Gives compliance teams the paper trail they need without any extra work.
All data actions are logged with actor email, action type, and timestamp.
Covers manual deletions, field changes, retention updates, and system purges.
Immutable — the log cannot be edited or deleted by administrators.
Audit log
field_deleted
admin@acme.com · email
user_purged
admin@acme.com · u_3374
retention_updated
admin@acme.com · 90 → 30 days
scheduled_purge
system · 438 records
Immutable log — all admin actions on user data are recorded and timestamped.
Retention & export
Keep data as long as you need — no longer.
Set a retention period for response data and export it to your own systems on a daily basis before records are purged. Combine short retention windows with daily exports to keep your encatch account lean while retaining full ownership of your historical data.
Configure retention down to the lowest period the system allows.
Daily exports to S3, webhooks, or your preferred destination.
Export before deletion — your archive, under your control.
Retention & export settings
Data retention
Data purged automatically after the retention window
Scheduled export
AI Refine · Stylometry anonymisation
Protect identity through writing style — not just data fields.
In small teams or narrow user groups, a person's writing style alone can reveal who they are — even when their name is hidden. AI Refine rewrites open-text responses to neutralise stylometric signals while preserving the exact meaning, sentiment, and specifics of what was said.
Eliminates identifiable writing patterns from free-text responses before storage.
Meaning, specifics, and sentiment survive the rewrite intact.
Admin enables it per form — once active, respondents choose to refine before submitting.
AI Refine · Voice anonymisation
Original · identifiable writing style
“Checkout kept breaking on my old Samsung in portrait, been saying this for months tbh”
Refined · voice anonymised
“The checkout flow has layout issues on certain Android devices in portrait orientation. This is a recurring usability problem.”
Admin enables the feature per form. Respondents see an "AI Refine" button on text fields and choose to apply it before submitting.
Data residency
Where does your data live?
encatch is currently hosted in India. Our policy documents detail how data is stored, processed, and protected. If your team has specific requirements for EU or US region hosting, we're happy to discuss options.
Data storage and processing is covered in our privacy policy.
EU and US region hosting available on request.
Contact us to discuss specific data residency requirements.
Current & planned regions
India
Primary hosting region
EU (Europe)
Contact us for arrangements
US (North America)
Contact us for arrangements
Zero-data segmentation
Segmentation EngineQualify users for feedback without their data touching encatch.
Pair the encatch Segmentation Engine's webhook mode with your CDP or identity system to run targeted feedback campaigns without ingesting any personal data. Your first-party data stays where it belongs — encatch only receives segment membership signals.
Full capabilities
Every privacy lever. One place.
Privacy Controls gives administrators the tools to honour user rights, meet compliance requirements, and keep sensitive data under tight control — at every level of the system.
PII field masking
Mark any field as PII — it will not be captured at all. Applies to anonymous visitors too.
Anonymous user controls
Control what is recorded even for users with no identity — device context, session data, and more.
Cookie-less mode
Manual feedback forms continue to work for visitors who decline cookies — no session tracking required.
User deletion
Purge all data for a specific user in one action — responses, traits, and session records.
Field-level deletion
Remove a specific field from all responses across the entire account — surgical, audited, irreversible.
Retention periods
Set how long response data is kept. When the window expires, records are purged automatically.
Daily data export
Schedule daily exports to your own storage before the retention window closes. Your data, your archive.
Audit log
Every admin action on user data — deletions, field changes, retention updates — is logged with actor and timestamp.
Consent tracking
Application developers can signal consent status via SDK. encatch records when and how consent was provided.
Segmentation webhook mode
Use CDPs for first-party segmentation and send only membership signals to encatch — zero PII crosses systems.
Admin-only controls
All privacy settings are gated to administrator roles — team members see only what they need to.
Immediate effect
Deletion and masking actions take effect immediately — no queues, no overnight batch jobs.
Stylometry anonymisation
AI neutralises writing style in free-text responses — protecting identity in small groups without losing a word of meaning.
Get started today
Collect feedback with confidence.
Privacy Controls gives your team the tools to handle user data responsibly — from field-level masking to full account deletion — all audited and in your hands.