destination header fix, add new info

forstisabella · forstisabella · commit b41af0e1139c · 2023-08-23T13:53:42.000-04:00
diff --git a/src/connections/destinations/add-destination.md b/src/connections/destinations/add-destination.md
@@ -2,13 +2,17 @@
 title: Sending Segment Data to Destinations
 ---
 
-You've decided how to format your data, and collected it using [Segment Sources](/docs/connections/sources/). Now what do you do with it? You send the data to Destinations!
+You've decided how to format your data, and collected it using [Segment Sources](/docs/connections/sources/). Now what do you do with it? You send the data to Destinations.
 
 Destinations are tools or services which can use the data sent from Segment to power analytics, marketing, customer outreach, and more.
 
 > info ""
-> Each Segment Workspace has its own set of destinations, which are connected to the workspace's sources. When you add or modify a destination, make sure you're working with the correct workspace!
+> Each Segment Workspace has its own set of destinations, which are connected to the workspace's sources. When you add or modify a destination, make sure you're working with the correct workspace.
 
+> info "HLS customers can encrypt data flowing into their destinations"
+> If you are a HLS customer with a HIPAA Eligible workspace, you can enable data encryption to encrypt data before it flows into your destination. 
+>
+> To learn more about data encryption, see the [HIPAA Eligible Segment](/docs/privacy/hipaa-eligible-segment/#data-encryption) documentation.
 
 ## Adding a destination
 
@@ -58,21 +62,21 @@ You can use the Segment Public API to add destinations to your workspace using t
 
 Adding a destination can have a few different effects, depending on which sources you set up to collect your data, and how you configured them.
 
-#### Analytics.js
+### Analytics.js
 
 If you are using [Segment's JavaScript library, Analytics.js](/docs/connections/sources/catalog/libraries/website/javascript/), then Segment handles any configuration changes you need for you. If you're using Analytics.js in cloud-mode, the library sends its tracking data to the Segment servers, which route it to your destinations. When you change which destinations you send data to, the Segment servers automatically add that destination to the distribution list.
 
 If you're using Analytics.js in device-mode, then Analytics.js serves as a wrapper around additional code used by the individual destinations to run on the user's device. When you add a destination, the Segment servers update a list of destinations that the library queries. When a user next loads your site, Analytics.js checks the list of destinations to load code for, and adds the new destination's code to what it loads. It can take up to 30 minutes for the list to update, due to CDN caching.
 
 You can enable device-mode for some destinations from the destination's Settings page in the Segment web app. You don't need to use the same mode for all destinations in a workspace; some can use device-mode, and some can use cloud-mode.
 
-#### Mobile sources
+### Mobile sources
 
 By default, Segment's [mobile sources](/docs/connections/sources/catalog/#mobile) send data to Segment in cloud-mode to help minimize the size of your apps. In cloud-mode the mobile source libraries forward the tracking data to the Segment servers, which route the data to the destinations. Since the Segment servers know which destinations you're using, you don't need to take any action to add destinations to mobile apps using cloud-mode.
 
 However, if the destination you're adding has features that run on the user's device, you might need to update the app to package that destination's SDK with the library. Some destinations require that you package the SDK, and some only offer it
 
-#### Server sources
+### Server sources
 
 Segment's [server sources](/docs/connections/sources/catalog/#server) run on your internal app code, and never have access to the user's device. They run in cloud-mode only, and forward their tracking calls to the Segment servers, which forward the data to any destinations you enabled.
 
diff --git a/src/privacy/hipaa-eligible-segment.md b/src/privacy/hipaa-eligible-segment.md
@@ -35,12 +35,12 @@ These logs can be provided upon request. For specific requests, please reach out
 
 ## Data encryption
 
-Segment can encrypt PHI/PII before sending it to event stream, cloud mode destinations, further supporting HIPAA compliance in your destinations. 
-
-Segment encrypts the data in fields [marked as yellow in the Privacy Portal](/docs/privacy/portal/#default-pii-matchers) with a public/private key pair. After Segment encrypts the data, it is converted into a `string`. Any downstream validation that looks for `integer` data types will fail for encrypted values.
+Segment encrypts the data in fields [marked as yellow in the Privacy Portal](/docs/privacy/portal/#default-pii-matchers) before sending it to event stream, cloud mode destinations, further supporting HIPAA compliance in your destinations. 
 
 > info "Data encryption is currently in public beta"
-> Data encryption supports event-stream, cloud-mode destinations. Engage destinations are not supported. Only data fields in `context`, `traits`, and `property` objects can be encrypted.  =
+> Data encryption supports event-stream, cloud-mode destinations. Engage destinations are not supported. Only data fields in `context`, `traits`, and `property` objects can be encrypted. 
+>
+> After Segment encrypts the data, it is converted into a `string`. Any downstream validation that looks for `integer` data types will fail for encrypted values.
 
 ### Configure data encryption for a new destination
 
@@ -55,7 +55,7 @@ To configure data encryption while setting up a new destination:
 8. Click **Create destination**.
 
 > error "Private Key is not recoverable"
-> Segment does not save the private key created during the data encryption setup flow, and cannot retrieve the key after you finish setting up your destination. You can generate a new key without decrypting your data using the instructions in the [Configure new key pairs](#configure-new-key-pairs) section.
+> Segment does not save the private key created during the data encryption setup flow, and cannot retrieve the key after you finish setting up your destination. You can generate a new key without decrypting your data using the instructions in the [Configure new key pairs](#configure-new-key-pairs) section. Any data encrypted prior to generating a new key pair cannot be decrypted with the new key. 
 
 ### Configure data encryption for an existing destination
  
@@ -68,8 +68,7 @@ To configure data encryption for an existing destination:
 6. Click **Save**.
 
 > error "Private Key is not recoverable"
-> Segment does not save the private key created during the data encryption setup, and cannot retrieve the key after you add data encryption to your destination. Segment cannot decrypt data if this key is lost. You can generate a new key any time using the instructions in the [Configure new key pairs](#configure-new-key-pairs) section. All updates are forward looking 
-
+> Segment does not save the private key created during the data encryption setup, and cannot retrieve the key after you add data encryption to your destination. Segment cannot decrypt data if this key is lost. You can generate a new key any time using the instructions in the [Configure new key pairs](#configure-new-key-pairs) section. Any data encrypted prior to generating a new key pair cannot be decrypted with the new key. 
 
 ### Configure new key pairs
 
