#13. Data Masking
iSyncSF Data Masking protects sensitive and PII data when syncing to non-production Salesforce orgs. Configure masking rules per field to replace real names, emails, phone numbers, and other sensitive values with randomized or static placeholder data before records are written to the target.
Purpose: Data masking protects sensitive information (PII, financial data, confidential fields) when syncing data to non-production environments. Instead of copying real values like names, emails, phone numbers, or SSNs, the system replaces them with randomized or static placeholder values. This enables realistic sandbox data without exposing actual customer information. Where It Fits: Data masking is configured during setup (on the Object Setting -> Data Masking tab or at the template line level) and applied automatically during sync execution. When masking is active, it runs after source data is retrieved and before it's sent to the target org. Users typically configure masking once per object and it applies to all subsequent syncs. The "Preview" feature helps verify masking behavior before running a real sync.
#13.1 Overview
Data masking allows users to conceal sensitive field values (PII, confidential data) during the sync process. Instead of the original values, masked/randomized values are written to the target org.
#13.2 Configuration (Two Approaches)
Approach 1: Object Setting Masking Tab (Recommended) - Accessed from the Object Setting record page -> Data Masking tab - See Data Masking tab in Object Settings for details on what users can do
Approach 2: Template-Level Masking - Can also configure masking at the template line level - Each template line has a "Skip Masking" checkbox to bypass masking for that specific object
#13.3 Masking Rules
| Rule | What It Does | Example |
|---|---|---|
| Random Text | Replaces with random characters | John Smith → xK9mQp2rLw |
| Random Number | Replaces with random digits | 415-555-1234 → 829-371-5678 |
| Random Double | Replaces with random decimal | 99.95 → 42.17 |
| Static Value | Replaces with a fixed value | john@email.com → redacted@company.com |
| Clear Value | Sets to empty/blank | Confidential Notes → `` |
#13.4 Preview Feature
Users can generate sample masked values to verify the masking behavior without modifying any real data.
#Masking Active Toggle
The Masking Active toggle is located in the General Settings tab of Object Settings (not in the Masking tab). When toggled ON, all masking rules configured in the Data Masking tab will be applied to records synced for this object. When OFF, masking is completely skipped even if rules are defined. This gives you a quick way to enable or disable masking without deleting your masking configuration.
#Lazy Loading of Fields
For objects with many fields, the Data Masking tab loads fields in batches of 25 to keep the interface responsive. Scroll down to load additional fields, or use the search input to quickly find a specific field by name. Only fields with masking rules configured will show a masking indicator.
#Previewing Masked Data
Before running a full sync, you can preview how masking rules will transform your data. The preview shows a sample of source records alongside their masked versions, so you can verify that the masking strategy produces the desired output for each field. This is especially useful when combining multiple masking strategies across different fields to confirm the transformation logic.
#GDPR and Compliance Considerations
Data masking is essential for GDPR, CCPA, and other data protection regulations when syncing production data to non-production environments. By replacing real PII (names, emails, phone numbers, addresses) with randomized values before records leave the source org or before they are written to the target, iSyncSF ensures that sensitive data never reaches sandbox, development, or testing environments. Configure masking rules for all fields containing personal data to maintain compliance across all sync operations.