From e969101eee87a4bfa248fc951891bfa68f5a257e Mon Sep 17 00:00:00 2001
From: Jay Kim <jay@nullavenue.com>
Date: Thu, 27 Oct 2022 16:55:15 -0700
Subject: [PATCH] add changelog

---
 CHANGELOG.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2487b3024..4c7bde11e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,30 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+### 6.4.8
+### Changed
+Starting with this release, as a privacy enhancement, Iterable’s iOS SDK
+encrypts the following data when storing it at rest:
+
+- `email` — The user's email address.
+- `userId` — The user's ID.
+- `authToken` — The JWT used to authenticate the user with Iterable's API.
+- `lastPushPayload` — The JSON payload that came along with the last push
+  notification received by the app.
+
+(Note that Iterable's iOS SDK does not store in-app messages at rest—before or
+after this update.)
+
+When a user upgrades to a version of your app that uses this version of the SDK
+(or higher), the fields shown above are encrypted. No data that's already stored 
+is lost.
+
+For more information about the encryption described above, examine the SDK
+source code:
+
+- [`IterableKeychain`](https://github.com/Iterable/swift-sdk/blob/master/swift-sdk/Internal/IterableKeychain.swift)
+- [`KeychainWrapper`](https://github.com/Iterable/swift-sdk/blob/master/swift-sdk/Internal/KeychainWrapper.swift)
+
 ## 6.4.7
 ### Added
 - Added `setEmail` and `setUserId` as publicly accessible functions, which will set the identity of the SDK to attribute to events. The optional second parameter will take in a JWT if you already have one at the time of this call (as opposed to through `IterableAuthDelegate`).