API keysurface: Owner/Admin provider settingsdataCategory: owner-admin · originalExampleType: synthetic-api-key-shaperedactedValue: prefix_demo_…A1B2redactionMode: prefix-suffix · viewerRole: owner · allowedToReveal: falsereason: Provider credentials are never revealed in the preview; only a non-sensitive prefix marker and last four placeholder characters are shown.auditRequired: true · severity: critical
Prefix + suffixcritical
Webhook secretsurface: Notification webhook settingsdataCategory: notification · originalExampleType: synthetic-webhook-credential-shaperedactedValue: ••••••••••••••••redactionMode: full-mask · viewerRole: admin · allowedToReveal: falsereason: Webhook signing material is fully masked for every viewer role in this local preview.auditRequired: true · severity: critical
Full maskcritical
Payment provider tokensurface: Billing payment provider consoledataCategory: billing · originalExampleType: synthetic-payment-provider-credential-shaperedactedValue: ••••••••••••••••redactionMode: full-mask · viewerRole: billing-operator · allowedToReveal: falsereason: Payment credentials are treated as critical operational secrets and cannot be revealed from preview UI or mock APIs.auditRequired: true · severity: critical
Full maskcritical
Firebase/private config valuesurface: Runtime configuration readinessdataCategory: runtime-config · originalExampleType: synthetic-private-config-shaperedactedValue: ••••••••••••••••redactionMode: full-mask · viewerRole: owner · allowedToReveal: falsereason: Private runtime configuration values must remain server-side and are represented only by a mask.auditRequired: true · severity: critical
Full maskcritical
Customer phonesurface: POS customer lookupdataCategory: pos · originalExampleType: synthetic-customer-phone-shaperedactedValue: +000 ••• •• 42redactionMode: partial-mask · viewerRole: cashier · allowedToReveal: falsereason: Cashier and POS surfaces should show only enough placeholder contact context for support without exposing the full number.auditRequired: true · severity: high
Partial maskhigh
Customer emailsurface: Owner/Admin customer historydataCategory: owner-admin · originalExampleType: synthetic-customer-email-shaperedactedValue: cu••••••@example.invalidredactionMode: partial-mask · viewerRole: admin · allowedToReveal: falsereason: Email previews are partially masked and use a reserved invalid example domain only.auditRequired: true · severity: high
Partial maskhigh
Payment referencesurface: Billing transaction listdataCategory: billing · originalExampleType: synthetic-payment-reference-shaperedactedValue: PAY-••••-Z9Y8redactionMode: partial-mask · viewerRole: billing-operator · allowedToReveal: falsereason: Payment references are partially masked so reconciliation views do not expose full provider identifiers.auditRequired: true · severity: high
Partial maskhigh
Fiscal receipt / VÖEN datasurface: Fiscal receipt archivedataCategory: billing · originalExampleType: synthetic-fiscal-receipt-voen-shaperedactedValue: VÖEN ••••••7890 · receipt ••••-2042redactionMode: partial-mask · viewerRole: auditor · allowedToReveal: falsereason: Fiscal receipt and VÖEN placeholders are partially masked to preserve audit context without exposing taxpayer data.auditRequired: true · severity: high
Partial maskhigh
Tenant domain DNS tokensurface: Tenant domain routingdataCategory: domain · originalExampleType: synthetic-domain-dns-challenge-shaperedactedValue: ••••••••••••••••redactionMode: full-mask · viewerRole: owner · allowedToReveal: falsereason: DNS challenge material is fully masked to avoid domain takeover risk in screenshots or support handoffs.auditRequired: true · severity: critical
Full maskcritical
Staff invite tokensurface: Owner/Admin staff invitationsdataCategory: owner-admin · originalExampleType: synthetic-staff-invite-credential-shaperedactedValue: ••••••••••••••••redactionMode: full-mask · viewerRole: admin · allowedToReveal: falsereason: Invite credentials can grant account access, so the preview blocks reveal and stores no raw invite value.auditRequired: true · severity: critical
Full maskcritical
Audit log actor IPsurface: Audit log event detaildataCategory: audit · originalExampleType: synthetic-actor-network-address-shaperedactedValue: 203.0.113.xxxredactionMode: partial-mask · viewerRole: auditor · allowedToReveal: falsereason: Network address examples use documentation ranges and mask the host portion by default.auditRequired: true · severity: medium
Partial maskmedium
Audit log user agentsurface: Audit log event detaildataCategory: audit · originalExampleType: synthetic-browser-client-shaperedactedValue: Desktop browser family · major version only · raw string withheldredactionMode: safe-summary · viewerRole: auditor · allowedToReveal: falsereason: Raw user agent strings can fingerprint users; summaries are safer for routine review.auditRequired: false · severity: medium
Safe summarymedium
Error stack tracesurface: Owner/Admin error consoledataCategory: support · originalExampleType: synthetic-error-trace-shaperedactedValue: Application error summary · route group only · stack frames withheldredactionMode: safe-summary · viewerRole: support-operator · allowedToReveal: falsereason: Stack traces can leak paths, credentials or tenant details, so only a safe operational summary is shown.auditRequired: true · severity: high
Safe summaryhigh
Environment variable namesurface: Runtime environment matrixdataCategory: runtime-config · originalExampleType: synthetic-env-name-value-shaperedactedValue: EXAMPLE_PROVIDER_CREDENTIAL = [value blocked]redactionMode: blocked · viewerRole: owner · allowedToReveal: falsereason: Configuration names may be visible for readiness checks, but values are blocked and never loaded from local environment files.auditRequired: true · severity: critical
Blockedcritical
Admin note containing secret-like textsurface: Owner/Admin support notesdataCategory: support · originalExampleType: synthetic-admin-note-shaperedactedValue: Admin note contains [REDACTED-SENSITIVE-TEXT] and is blocked from reveal.redactionMode: blocked · viewerRole: support-operator · allowedToReveal: falsereason: Free-text notes are scanned conceptually in the preview and secret-like fragments are redacted before display.auditRequired: true · severity: critical
Blockedcritical