diff --git a/src/content/docs/cloudflare-one/insights/logs/gateway-logs/manage-pii.mdx b/src/content/docs/cloudflare-one/insights/logs/gateway-logs/manage-pii.mdx index de034f810c3ca0f..fe093f6dfbf9027 100644 --- a/src/content/docs/cloudflare-one/insights/logs/gateway-logs/manage-pii.mdx +++ b/src/content/docs/cloudflare-one/insights/logs/gateway-logs/manage-pii.mdx @@ -5,7 +5,9 @@ sidebar: order: 3 --- -Cloudflare Gateway gives you multiple ways to safely handle your employees' personally identifiable information (PII). You can choose to exclude PII from activity logging, or you can choose to redact PII from everyone except for designated administrators. +Cloudflare Gateway gives you multiple ways to safely handle your employees' personally identifiable information (PII). By default, PII is redacted from Gateway Activity logs for all permission roles except the Super Administrator and users with the [Cloudflare Zero Trust PII role](/cloudflare-one/roles-permissions/#cloudflare-zero-trust-pii) assigned to them. Only the Super Admin can assign roles and determine who has permission to view PII. Redacting PII does not affect the way PII is captured in logs -- the data is simply hidden and no information is lost. To add or remove the Cloudflare Zero Trust PII role for a user, refer to [Account setup](/fundamentals/manage-members/). + +Alternatively, you can choose to [exclude PII](#exclude-pii) from Gateway activity logs for all users. ## Types of PII @@ -21,17 +23,6 @@ Cloudflare Gateway can log the following types of PII: ## Exclude PII -Enabling this setting means Cloudflare Gateway will log activity without storing any employee PII. Changes to this setting will not change PII storage of any previous logs. This means if Exclude PII is enabled and then disabled, there will be no PII data for logs captured while Exclude PII was enabled. The PII data will be unavailable to all roles within your Zero Trust organization, including the Super Admin. - -To enable or disable this setting, log in to [Zero Trust](https://one.dash.cloudflare.com/) and go to **Settings** > **Network** > **Exclude PII**. - -## Redact PII - -:::note - -This feature is only available on Enterprise plans. -::: - -PII is by default redacted from Gateway Activity logs for all permission roles except the Super Admin and users with the [Cloudflare Zero Trust PII role](/cloudflare-one/roles-permissions/#cloudflare-zero-trust-pii) assigned to them. Only the Super Admin can assign roles and determine who has permission to view PII. Redacting PII does not affect the way PII is captured in logs — the data is simply hidden and no information is lost. +Turning on this setting means Cloudflare Gateway will log activity without storing any employee PII. Changes to this setting will not change PII storage of any previous logs. This means if Exclude PII is turned on and then turned off, there will be no PII data for logs captured while Exclude PII was turned on. The PII data will be unavailable to all roles within your Zero Trust organization, including the Super Admin. -To add or remove the Cloudflare Zero Trust PII role for a user, refer to our [Account setup](/fundamentals/manage-members/) documentation. +To turn on this setting, log in to [Zero Trust](https://one.dash.cloudflare.com/) and go to **Settings** > **Network** > **Exclude PII**.