diff --git a/src/Modules/Notifications/Modules.Notifications/IntegrationEventHandlers/BillingEmailSender.cs b/src/Modules/Notifications/Modules.Notifications/IntegrationEventHandlers/BillingEmailSender.cs
index 0cc96e70ad..9159df9b8b 100644
--- a/src/Modules/Notifications/Modules.Notifications/IntegrationEventHandlers/BillingEmailSender.cs
+++ b/src/Modules/Notifications/Modules.Notifications/IntegrationEventHandlers/BillingEmailSender.cs
@@ -26,7 +26,9 @@ await mail.SendAsync(new MailRequest(
         }
         catch (Exception ex)
         {
-            logger.LogWarning(ex, "Failed to send {Context} email to {Email}", context, email);
+            // Do not log the recipient address — it is PII and the log is an external sink
+            // (CodeQL cs/exposure-of-sensitive-information). The context identifies the operation.
+            logger.LogWarning(ex, "Failed to send {Context} email", context);
         }
     }
 }