tl;dr: Should there be a sha256_ prefix to city, regon, postal code, country, and should I hash them or not?

---- details I am wondering wether google doesn't consider city, region and postal code a sensitive information or the docs are incomplete. Judging by the second example, I don't need to hash even street address. And yet I believe I should hash everything... [Using smarty in the examples]

                gtag('set', 'user_data', {                     "sha256_email_address": "{hash('sha256', $order_info.email)}",                     "address": {                         "sha256_first_name": "{hash('sha256', $order_info.firstname)}",                         "sha256_last_name": "{hash('sha256', $lastname)}",                         "sha256_street": "{hash('sha256', $address)}",                         "sha256_city":"{hash('sha256', $city)}",                         "sha256_region":"{hash('sha256', $country)}",                         "sha256_postal_code": "{hash('sha256', $zipcode)}",                         "sha256_country": "{hash('sha256', $country)}"                     }                 }); 

**Resources: ** https://support.google.com/analytics/answer/14171598 https://developers.google.com/analytics/devguides/collection/ga4/uid-data

"sha256_city":"{hash('sha256', $city)}", vs "city":"{hash('sha256', $city)}", vs "city":"{$city}",

I understand that sha256 is not good for hashing passwords because it's too fast, so attackers can brute-force the output of commonly used passwords. I recently used Google Ads API and other ad platforms to upload conversions. A hashed (using sha256) user email is included in the uploaded conversion. I'm wondering why sha256 is okay for hashing email in this case. If an attacker manages to obtain the user email database, wouldn't he be able to easily find out a user's original email?