Media Service enables you to send transactional emails to customers without having to store their email addresses, reducing the liability involved with storing Personally Identifiable Information (PII).
The Media Service will store the email address on your behalf and instead will grant you a capability to send email to the address without exposing the address to you. You can store and manage these capabilities within your systems without fear of leaking sensitive data. This helps you maintain compliance with the increasing number of online privacy laws such as the EU General Data Protection Regulation (GDPR) and the upcoming California Consumer Privacy Act of 2018 (CCPA). Now, with the Media Service, you no longer need to store sensitive email addresses yourself while retaining the ability to contact your customers.
How does it work?
First, you will create and verify an Email Domain Identity, which will create the domain from which you would like to send email. For example,
Next, when the customer provides their email address to you, you will create two IDs for the email, a derived ID and a custom ID. The derived ID is derived from the email address itself (such as a hash or a keyed hash), while the custom ID will be random (see details in Create Email)
With all three, you create an Email entry within your Email Domain Identity and receive capabilities to
deleteEmail to that email address. You can safely store the custom ID and the capabilities within your systems.
To send an email, you invoke the
sendEmail capability with your message.