Hello,
I identified that the Help Center pages automatically inject a script block containing the HelpCenter.user object, which includes the logged-in user’s email address in plain text within the page source.
Although this information is only visible to the authenticated user, our internal security policy requires that email addresses — which are used as authentication identifiers — must not appear in clear text within the page source.
Is there any supported way to suppress, hide, or mask the email field within the HelpCenter.user object?
If not, is there any configuration, setting, or alternative implementation approach that would allow us to prevent the email address from being exposed in the rendered HTML/JavaScript response?
I would appreciate clarification on whether this behavior is mandatory for Guide functionality or if there is an enterprise-level option to modify it.
By default, Zendesk Guide includes the logged-in user’s email address in plain text within the HelpCenter.user object in the page source to support personalization and essential functionality. There is currently no built-in or configurable way to suppress or mask this email field in the Help Center. While you can overwrite or remove the email value via client-side JavaScript after page load, the email will still be visible in the original HTML response. For enterprises with strict security policies, the available options are limited: you can explore building a custom Help Center frontend using Zendesk APIs to fully control exposed data, implement complex proxying or custom authentication flows to filter sensitive information, or consult Zendesk directly to discuss any potential enterprise-level solutions. However, as of now, this behavior is mandatory for Zendesk Guide’s proper operation and not configurable through standard settings.