Skip to content
Contact Support
  • There are no suggestions because the search field is empty.

How to use hashed emails in the Client-side Purchase Tag

This article shows you how to pass a hashed customer email to ProfitMetrics instead of a plaintext one, using the PM Client-side Integration - Purchase tag in GTM. You will enable the hashed email setting, fill in the three email fields, and—if you don't already have a hash—generate one with a Custom HTML tag.

What You Need

Item Where to find it
PM Client-side Integration - Purchase The ProfitMetrics purchase tag in your GTM container
A SHA256 hashed email From your own setup, or generated with the Custom HTML tag below
The customer email Available as a dataLayer variable on the order confirmation page

How Hashed Emails Work in This Tag

The tag accepts the customer email in three fields: Email (SHA-256), Email (SHA-256GA), and Email MD5.

Field What it expects
Email (SHA-256) The raw hashed email — SHA256 of the normalised email with no dot stripping
Email (SHA-256GA) SHA256 of the email with periods stripped from the local part (for Gmail/Googlemail matching)
Email MD5 A placeholder value (see below)

The Email MD5 field is redundant and will be removed in a future release. For now it only needs a placeholder value. If you already have a real MD5 hash configured, you can use it, but it is not required when you have the SHA256 values.

Each SHA256 hash must be a 64-character lowercase hex string of the customer's normalised email. ProfitMetrics matches on these values, so they must be generated the same way each time.

Enable Hashed Email on the Tag

Configure the hashed email directly in the PM Client-side Integration - Purchase tag.

  1. Open the PM Client-side Integration - Purchase tag in GTM.
  2. Go to the Other section.
  3. Check Use hashed email.
  4. Add your raw hashed email to the Email (SHA-256) field.
  5. Add your dots-stripped hashed email to the Email (SHA-256GA) field.
  6. Add a placeholder to the Email MD5 field — the SHA256 value cut down to 32 characters (see below).

Note: If you generated your hashes with the Custom HTML tag below, point Email (SHA-256) at the hashedEmailRaw variable and Email (SHA-256GA) at the hashedEmailGmail variable.

Generate a SHA256 Hashed Email (If You Don't Have One)

Use this if you don't already have a hashed email available. Add it as a Custom HTML tag in GTM, firing on the order confirmation page. It reads the email from a dataLayer variable, normalises it, and pushes two SHA256 variants to the dataLayer.

Replace [EMAIL VARIABLE HERE] with your own email variable before publishing.

<script>
(function() {
try {
// Get email from dataLayer variable
var email = [EMAIL VARIABLE HERE]; // replace with email variable
// Validate email exists and is a string
if (!email || typeof email !== 'string') {
console.warn('GTM Email Hash: No valid email provided');
return;
}
// Normalize basic formatting
email = email.trim().toLowerCase();
// Keep a copy of the normalised email WITHOUT dot stripping
var normalisedEmailBasic = email;
// Check for @ symbol
var atPos = email.indexOf('@');
if (atPos === -1) {
console.warn('GTM Email Hash: Invalid email format (no @ symbol)');
return;
}
// Split into local and domain parts
var local = email.slice(0, atPos);
var domain = email.slice(atPos + 1);
// Gmail / Googlemail: strip periods in the local part
if (domain === 'gmail.com' || domain === 'googlemail.com') {
local = local.replace(/\./g, '');
}
// Reconstruct normalized email WITH dot stripping for Gmail
var normalisedEmailDotsStripped = local + '@' + domain;
// Hash both variants using Web Crypto API (Promise-based)
var encoder = new TextEncoder();
var bufferDotsStripped = encoder.encode(normalisedEmailDotsStripped);
var bufferBasic = encoder.encode(normalisedEmailBasic);
Promise.all([
crypto.subtle.digest('SHA-256', bufferDotsStripped),
crypto.subtle.digest('SHA-256', bufferBasic)
]).then(function(results) {
var hashArrayDotsStripped = Array.from(new Uint8Array(results[0]));
var hashDotsStripped = hashArrayDotsStripped.map(function(b) {
return ('0' + b.toString(16)).slice(-2);
}).join('');
var hashArrayBasic = Array.from(new Uint8Array(results[1]));
var hashBasic = hashArrayBasic.map(function(b) {
return ('0' + b.toString(16)).slice(-2);
}).join('');
// Push both hashed emails to dataLayer
window.dataLayer = window.dataLayer || [];
window.dataLayer.push({
'event': 'emailHashed',
// Existing behaviour: Gmail dots stripped
'hashedEmailGmail': hashDotsStripped,
// New value: basic normalised email (no dot stripping)
'hashedEmailRaw': hashBasic
});
console.log('GTM Email Hash: Successfully hashed and pushed both values to dataLayer');
}).catch(function(error) {
console.error('GTM Email Hash: Error hashing email', error);
});
} catch (error) {
console.error('GTM Email Hash: Error processing email', error);
}
})();
</script>

The script pushes two values to the dataLayer:

DataLayer Key What it contains
hashedEmailRaw SHA256 with no dot stripping — use for Email (SHA-256)
hashedEmailGmail SHA256 with periods stripped from the local part — use for Email (SHA-256GA)

Create a Data Layer Variable for each key you want to use, then reference it in the tag's email fields.

Create the MD5 Placeholder Variable

The Email MD5 field needs a 32-character value. This variable takes the SHA256 value, validates it, and returns its first 32 characters as a placeholder. Set it up as a Custom JavaScript variable in GTM.

function () {
var hashed = ;
if (!hashed) return undefined;
// normalise
hashed = String(hashed).trim().toLowerCase();
// basic validation: SHA256 hex is 64 chars [0-9a-f]
if (!/^[0-9a-f]{64}$/.test(hashed)) return undefined;
return hashed.slice(0, 32);
}

 

Reference this variable in the Email MD5 field. Replace with the name of your own SHA256 variable if it differs.

If you are still stuck, contact support@profitmetrics.io.