Stay compliant with a Salesforce data masking solution

Deploying data from production to other Salesforce orgs is great for realistic testing. But sensitive records need to be obfuscated for data security and compliance.

Start free trial
Johnson & Johnson

Gearset’s data deployment tool makes our dev sandboxes really powerful and relevant. It means developers can work with real org data in context, and make informed decisions at every stage of production. If you don’t have sight of example data, you can make all sorts of assumptions which may not be correct.

Will Roberts | Delivery Manager | Color Consultancy

Protect your customers’ confidentiality

Data regulations such as the CCPA and GDPR require you to protect personally identifiable information (PII). Thanks to data masking, there’s no need to have sensitive records in your sandbox data. You can get realistic data for testing, training and troubleshooting, without exposing real data.

Keep your customers’ trust and gain peace of mind by masking the data you deploy.

Security you can trust

Gearset is ISO 27001 certified and offers you enterprise-grade security. Your Salesforce data and metadata is encrypted in transit and at rest, hosted on the same AWS data centers trusted by Salesforce, with 24/7 intrusion detection.

ISO 27001
24/7 Protection
Advanced Encryption SSL TLS 1.2 AES-256
UKAS Management Systems
Configure masking for custom fields

Quickly migrate masked data to any environment

Not all Salesforce data masking tools work the same way. Salesforce’s Data Mask can obfuscate some data in full or partial sandboxes, and it’s often a slow process. With Gearset’s sandbox seeding add-on you can quickly deploy masked data to any Salesforce sandbox org, developer org or scratch org. Anonymize test data for features on standard or custom objects.

Mask individual fields and types of fields

Fine-grained control of data masking

Data masking is better than using dummy data or scrambling all records to produce random characters. You still want field values to look and behave like your production data, so you can be confident features tested in lower environments will still work in production. With Gearset, you can selectively mask fields, or use a simple toggle to mask all fields of a particular type. You can select the required format for custom fields. And you can select a region for localization of variable record formats — such as phone numbers.

First-class support as standard

Each Gearset license comes with dedicated customer support as standard. Talk to a real Salesforce DevOps expert whenever you need help, all from within the app.

Customer happiness
Support response time

Data masking FAQs

Masking, redaction and encryption are all methods for concealing records, but only data masking replaces records with dummy data in the same format. Data masking gives you realistic data for testing, but obfuscates the real data for compliance and security.

You can mask data using the following types: Boolean, city, company name, country, currency, date, department name, email, first name, integer, last name, national insurance number (UK), percent, phone number, postal code, random text, social security number (US), social security number (South Africa), state, street address, website.

With Gearset, you can deploy masked data to sandboxes, developer orgs and scratch orgs. To avoid data loss, Gearset prevents you from deploying masked data to production.

Any sensitive information should be masked. At minimum, personally identifiable information (PII) needs to be anonymized, such as names and email addresses. But other business data may also be in scope. If in doubt, it’s better to err on the side of caution and mask records.

Gearset prevents you masking records deployed to production, so this isn’t possible. Orgs protected with Gearset’s backup solution can be restored from any loss or corruption of data.

Org data for sandbox seeding and masking purposes is never permanently stored by Gearset, but it does pass through our servers to allow us to run data deployments. After a data deployment completes, the data is automatically disposed of by the service. As with metadata, it is encrypted at all times when in transit or at rest. Learn more on our security page.

When creating a Gearset account, users choose a data storage location — either the US, Canada, EU or Australia. All user data, including metadata and any organization data is then handled solely by an AWS data center in the relevant region — either Oregon (US West 2), Canada (CA Central 1), Ireland (EU West 1) or Australia (AP Southeast 2). This includes any backups taken as part of our disaster recovery program.

Gearset is a UK company, and we have our headquarters in Cambridge, UK. We don’t outsource any of our development — all of which is handled in-house by our expert team in the UK. Support is provided by our expert teams in the UK and US.

For more information on our security standards see our security page.

Ready to get started with Gearset?