SOFI
[ SOURCE ][ MASK ][ VDB ][ REFRESH ]
SOFI Test Data for private databases

Realistic test data without exposing production.

SOFI runs inside your environment to mask, virtualize, and refresh databases for dev, QA, demos, and analytics. Teams get production-like data; sensitive values stay under your control.

Plan on-prem deploymentTry playground

or start free on SaaS — no card · 1,000 free credits

< 60s
provision
95%
less storage
0
raw data leaves
private test data run
sofi engine
$
sourcequeued
scanqueued
riskqueued
savedqueued

Detected fields

running
tables
42
sensitive
17
customer.emailPIIhigh
cards.numberPCIhigh
orders.totalsafekept
tenant.idjoin keypreserve
Raw production values stay inside your environment.

Built for private data teams

Runs inside your environmentProduction data stays privateRead-only source accessConsistent masking rulesAudit trail for every refresh

connectors for the databases you already run

Connect production sources once. Reuse them for every safe test environment.

See supported connectors
postgresql
Postgres
mysql
MySQL
oracle
Oracle
sqlserver
SQL Server
mongodb
MongoDB
redis
Redis
clickhouse
ClickHouse
snowflake
Snowflake
postgresql
Postgres
mysql
MySQL
oracle
Oracle
sqlserver
SQL Server
mongodb
MongoDB
redis
Redis
clickhouse
ClickHouse
snowflake
Snowflake
postgresql
Postgres
mysql
MySQL
oracle
Oracle
sqlserver
SQL Server
mongodb
MongoDB
redis
Redis
clickhouse
ClickHouse
snowflake
Snowflake
kafka
Kafka
bigquery
BigQuery
redshift
Redshift
databricks
Databricks
elasticsearch
Elasticsearch
cassandra
Cassandra
trino
Trino
db2
DB2
kafka
Kafka
bigquery
BigQuery
redshift
Redshift
databricks
Databricks
elasticsearch
Elasticsearch
cassandra
Cassandra
trino
Trino
db2
DB2
kafka
Kafka
bigquery
BigQuery
redshift
Redshift
databricks
Databricks
elasticsearch
Elasticsearch
cassandra
Cassandra
trino
Trino
db2
DB2

01 / product surface

The test data workflow your teams keep rebuilding by hand.

SOFI combines source connectivity, masking, virtualization, refresh, and audit controls in one on-prem platform for lower environments.

Virtualize

Test databases without copy tickets

Create isolated VDBs from production snapshots without making every team wait for a full database copy.

Mask

Mask sensitive data before teams use it

Replace PII with realistic values while preserving formats, joins, constraints, and application behavior.

Refresh

Keep lower environments current

Refresh dev, QA, demo, and analytics databases without repeating slow export, copy, and sanitize jobs.

Operate

Operate under your security controls

Deploy in your VPC, private cloud, or bare metal network with SSO, RBAC, audit logs, and private routing.

02 / discover · mask · comply

See the masking flow in motion.

Sensitive columns are discovered, replaced with realistic values, and signed off against the compliance frameworks your auditors care about.

Sensitive Discovery

Scanning…
FULL_NAMEMatheus Vilarino
EMAIL_ADDRmath@sofi.io
CPF_DOC522.345.678-09
PHONE_NUM+55 11 98888-7777
CREDIT_CARD4532...1122
ZIP_CODE04533-010
SOFI Test Data
SOFI Masking Hub

Compliant Data

Waiting…
FULL_NAME
EMAIL_ADDR
CPF_DOC
PHONE_NUM
CREDIT_CARD
ZIP_CODE

Certified Standards & Regulations

GDPR
GDPR
LGPD
LGPD
HIPAA
HIPAA
PCI
PCI DSS
SOC2
SOC 2

03 / developer first

A CLI and API surface your platform team can standardize.

SOFI can be driven from the dashboard, CLI, REST API, CI/CD, or agent tooling. The important part is that every path enforces the same masking, RBAC, TTL, and audit controls.

CLI

REST

Webhooks

$ sofi workspace create

04 / workflow

From production source to safe test database.

SOFI connects to the source, detects sensitive fields, applies masking, and provisions a usable database for the team that requested it.

01

Connect the production source

Register the database engine, route, and read-only credentials inside the customer network.

source ready
02

Find sensitive columns

Profile schemas for PII, relationships, tenant keys, formats, and fields that need protection.

risk map
03

Apply masking rules

Use deterministic rules so masked data keeps joins, constraints, dates, totals, and formats intact.

policy active
04

Create the test database

Provision isolated VDBs for dev, QA, demos, analytics, or pull-request environments.

VDB ready
05

Refresh safely over time

Keep test environments current without reopening tickets or exposing raw production values.

refresh active

05 / real-time data flow

Continually sync. Continually save.

Log-based CDC keeps VDBs in step with production. CoW thin clones turn a 10TB source into a few TB of unique blocks — zero impact, maximum consistency.

Source Cluster
StatusProduction Live
Physical Volume
10.0 TB
Block usageCritical (85%)
SOFI Test Data
Test Data Engine
Data Timeflow
Space Saving10.0 TB
Physical: 10TBVirtual: 10.0TB

06 / deployment

Built for teams that cannot send production data to a SaaS.

The control plane, workers, masking jobs, snapshots, and VDB provisioning run inside your VPC, private cloud, or bare metal environment.

SSO + RBAC
Private registry
Audit exports
Storage policies
SaaS / PaaS / IaaSOn-prem / Private CloudLegacy / Mainframe
Dev / Test
Analytics
Recovery (SRE)
SOFI Test Data
SOFI TEST DATA

07 / integrations

Use the tools already in your delivery path.

SOFI integrates with the systems that request, approve, run, observe, and revoke lower-environment data.

See integrations
connected

CI/CD

Create masked workspaces for pull requests, release branches, QA windows, and demos.

GitHub ActionsGitLab CIJenkins
connected

Identity

Use SAML, OIDC, LDAP, and RBAC so data access follows enterprise controls.

SAMLOIDCLDAP
connected

Automation

Send provisioning, refresh, policy, and audit events to internal tools through webhooks.

RESTWebhooksAPI keys
connected

AI agents

Expose safe test-data operations as typed tools while keeping masking and audit enforced.

MCPOpenAICursor

08 / use cases

Where production-like data is worth the controls.

Teams adopt SOFI where fake fixtures are too weak, raw production is too risky, and manual database copies are too slow.

Explore customer workflows

Pull-request databases

Give each review app a short-lived masked database that behaves like production.

QA refresh cycles

Refresh lower environments from approved snapshots without copy tickets.

Audit-ready sandboxes

Let analytics and support teams work with realistic data under policy evidence.

Platform self-service

Move database requests from manual scripts into governed CLI, API, and dashboard flows.

// 06 / agent ready //

Built for AI agents too.

Expose safe test-data operations as typed tools to Cursor, Claude Code, Windsurf, or any MCP-compatible agent. Masking, RBAC, audit — all still enforced.

MCP Server

Skill file

Typed tools

RBAC inherited

See AI integrations

~/.cursor/mcp.json

{
  "mcpServers": {
    "sofi": {
      "command": "npx",
      "args": ["@sofi/mcp", "--workspace", "acme"],
      "env": { "SOFI_API_KEY": "${SOFI_API_KEY}" }
    }
  }
}

cursor · agent prompt

live

user> Spin up a masked dev DB for PR #482

agent> Calling sofi.workspaces.create with source=prod_postgres, policy=checkout_pii…

✓ ready at postgresql://checkout-pr-482.sofi.local:5432/app

09 / operating model

Stop waiting days for a safe database copy.

Replace manual refresh tickets, full copies, and after-the-fact sanitization with repeatable masked VDBs for every team.

Manual DB copy01
4 days

tickets, scripts, approvals

Mask after copy02
18 min

sensitive data exists before cleanup

SOFI masked VDB03
< 60 sec

virtualize, mask, refresh

[ MASK ][ VIRTUALIZE ][ REFRESH ][ AUDIT ][ COMPLY ]

// ready for safer test data

Give teams useful test databases without handing them raw production data.

Start free on SaaSTry playgroundPlan on-prem

no card on SaaS · 14-day on-prem pilot