Hashing PII is one of those topics where the API looks trivial and the edge cases are the entire job.

The short version: match rates that hold up across platforms is mostly a matter of doing the obvious thing carefully. Normalise first, then SHA-256, then send. Lowercase the email, strip whitespace, format the phone in E.164. Skip the normalisation and your match rates will quietly suffer.

You take on the responsibility of getting the normalisation right. Worth it; not glamorous. That trade-off is the one most teams underweight when they plan the work, and it is the one that quietly determines whether the project ships on time.

If you want a longer treatment, we have a deeper post in the series. For now, the takeaway is small enough to fit on a sticky note: When in doubt, follow the destination platform's normalisation guide to the letter.