AZ Azerbaijan / AZN
MUPZA OperatorOwner accountMU
M
MUPZAOSRestaurant OS command
Day 19 / 30 · Sensitive Data Redaction Preview v1

Sensitive Data Redaction

Safe local preview for Restaurant SaaS owner/admin, POS, billing, domain, notification and audit surfaces. Reveal is deny-by-default, all examples are synthetic placeholders, and no source file stores raw secret values.

15Required redaction examples covered.
5Redaction modes represented.
14Examples require audit evidence.
0Reveal grants allowed by default.

Deny-by-default safety policy

allowedToReveal falseEvery preview row denies reveal by default.
false
Never read from .envPreview data is local static TypeScript and does not read local environment files.
safe
No runtime credential importNo external service, real backend or runtime secret import is used.
safe
No real customer dataOnly synthetic placeholders and documentation-only examples are displayed.
safe

Mode coverage

Full mask5 examples use redactionMode: full-mask
full-mask
Partial mask5 examples use redactionMode: partial-mask
partial-mask
Prefix + suffix1 examples use redactionMode: prefix-suffix
prefix-suffix
Safe summary2 examples use redactionMode: safe-summary
safe-summary
Blocked2 examples use redactionMode: blocked
blocked

Redaction examples

API keysurface: Owner/Admin provider settingsdataCategory: owner-admin · originalExampleType: synthetic-api-key-shaperedactedValue: prefix_demo_…A1B2redactionMode: prefix-suffix · viewerRole: owner · allowedToReveal: falsereason: Provider credentials are never revealed in the preview; only a non-sensitive prefix marker and last four placeholder characters are shown.auditRequired: true · severity: critical
Prefix + suffixcritical
Webhook secretsurface: Notification webhook settingsdataCategory: notification · originalExampleType: synthetic-webhook-credential-shaperedactedValue: ••••••••••••••••redactionMode: full-mask · viewerRole: admin · allowedToReveal: falsereason: Webhook signing material is fully masked for every viewer role in this local preview.auditRequired: true · severity: critical
Full maskcritical
Payment provider tokensurface: Billing payment provider consoledataCategory: billing · originalExampleType: synthetic-payment-provider-credential-shaperedactedValue: ••••••••••••••••redactionMode: full-mask · viewerRole: billing-operator · allowedToReveal: falsereason: Payment credentials are treated as critical operational secrets and cannot be revealed from preview UI or mock APIs.auditRequired: true · severity: critical
Full maskcritical
Firebase/private config valuesurface: Runtime configuration readinessdataCategory: runtime-config · originalExampleType: synthetic-private-config-shaperedactedValue: ••••••••••••••••redactionMode: full-mask · viewerRole: owner · allowedToReveal: falsereason: Private runtime configuration values must remain server-side and are represented only by a mask.auditRequired: true · severity: critical
Full maskcritical
Customer phonesurface: POS customer lookupdataCategory: pos · originalExampleType: synthetic-customer-phone-shaperedactedValue: +000 ••• •• 42redactionMode: partial-mask · viewerRole: cashier · allowedToReveal: falsereason: Cashier and POS surfaces should show only enough placeholder contact context for support without exposing the full number.auditRequired: true · severity: high
Partial maskhigh
Customer emailsurface: Owner/Admin customer historydataCategory: owner-admin · originalExampleType: synthetic-customer-email-shaperedactedValue: cu••••••@example.invalidredactionMode: partial-mask · viewerRole: admin · allowedToReveal: falsereason: Email previews are partially masked and use a reserved invalid example domain only.auditRequired: true · severity: high
Partial maskhigh
Payment referencesurface: Billing transaction listdataCategory: billing · originalExampleType: synthetic-payment-reference-shaperedactedValue: PAY-••••-Z9Y8redactionMode: partial-mask · viewerRole: billing-operator · allowedToReveal: falsereason: Payment references are partially masked so reconciliation views do not expose full provider identifiers.auditRequired: true · severity: high
Partial maskhigh
Fiscal receipt / VÖEN datasurface: Fiscal receipt archivedataCategory: billing · originalExampleType: synthetic-fiscal-receipt-voen-shaperedactedValue: VÖEN ••••••7890 · receipt ••••-2042redactionMode: partial-mask · viewerRole: auditor · allowedToReveal: falsereason: Fiscal receipt and VÖEN placeholders are partially masked to preserve audit context without exposing taxpayer data.auditRequired: true · severity: high
Partial maskhigh
Tenant domain DNS tokensurface: Tenant domain routingdataCategory: domain · originalExampleType: synthetic-domain-dns-challenge-shaperedactedValue: ••••••••••••••••redactionMode: full-mask · viewerRole: owner · allowedToReveal: falsereason: DNS challenge material is fully masked to avoid domain takeover risk in screenshots or support handoffs.auditRequired: true · severity: critical
Full maskcritical
Staff invite tokensurface: Owner/Admin staff invitationsdataCategory: owner-admin · originalExampleType: synthetic-staff-invite-credential-shaperedactedValue: ••••••••••••••••redactionMode: full-mask · viewerRole: admin · allowedToReveal: falsereason: Invite credentials can grant account access, so the preview blocks reveal and stores no raw invite value.auditRequired: true · severity: critical
Full maskcritical
Audit log actor IPsurface: Audit log event detaildataCategory: audit · originalExampleType: synthetic-actor-network-address-shaperedactedValue: 203.0.113.xxxredactionMode: partial-mask · viewerRole: auditor · allowedToReveal: falsereason: Network address examples use documentation ranges and mask the host portion by default.auditRequired: true · severity: medium
Partial maskmedium
Audit log user agentsurface: Audit log event detaildataCategory: audit · originalExampleType: synthetic-browser-client-shaperedactedValue: Desktop browser family · major version only · raw string withheldredactionMode: safe-summary · viewerRole: auditor · allowedToReveal: falsereason: Raw user agent strings can fingerprint users; summaries are safer for routine review.auditRequired: false · severity: medium
Safe summarymedium
Error stack tracesurface: Owner/Admin error consoledataCategory: support · originalExampleType: synthetic-error-trace-shaperedactedValue: Application error summary · route group only · stack frames withheldredactionMode: safe-summary · viewerRole: support-operator · allowedToReveal: falsereason: Stack traces can leak paths, credentials or tenant details, so only a safe operational summary is shown.auditRequired: true · severity: high
Safe summaryhigh
Environment variable namesurface: Runtime environment matrixdataCategory: runtime-config · originalExampleType: synthetic-env-name-value-shaperedactedValue: EXAMPLE_PROVIDER_CREDENTIAL = [value blocked]redactionMode: blocked · viewerRole: owner · allowedToReveal: falsereason: Configuration names may be visible for readiness checks, but values are blocked and never loaded from local environment files.auditRequired: true · severity: critical
Blockedcritical
Admin note containing secret-like textsurface: Owner/Admin support notesdataCategory: support · originalExampleType: synthetic-admin-note-shaperedactedValue: Admin note contains [REDACTED-SENSITIVE-TEXT] and is blocked from reveal.redactionMode: blocked · viewerRole: support-operator · allowedToReveal: falsereason: Free-text notes are scanned conceptually in the preview and secret-like fragments are redacted before display.auditRequired: true · severity: critical
Blockedcritical