Fisqal Suite
Incognito
Production-grade data obfuscation for Business Central. Mask, randomize, or replace sensitive data in sandboxes and copies — preserving referential integrity and keeping environments usable for testing, demos, and partner access.
Capabilities
Four obfuscation methods, one click
Pick the right method for each field: mask with asterisks, randomize values, generate realistic fake data, or fully anonymize. Incognito handles primary keys, table relations, and cross-company data automatically.
Mask
Replace sensitive values with asterisks or generic labels while preserving field length. Names become 'MASKED***', codes become 'MSK***'. Quick and visible — ideal when you need to clearly signal that data is not real.
Fake Data
Generate realistic but fictitious values: names, email addresses, phone numbers, street addresses, country codes, and valid IBANs with correct check digits. The obfuscated environment looks and behaves like production.
Randomize
Replace values with random strings that maintain the correct field type and length. Each record gets a unique value — no two masked records look alike. Useful for stress-testing and data volume simulations.
Anonymize
Strip all identifying information from fields with consistent, non-reversible replacement values. Goes beyond masking: no pattern remains that could re-identify the original data.
Automatic PII Detection
Incognito ships with a pre-configured library of common sensitive field patterns — personal identification, contact details, addresses, financial data, employment records, and government identifiers. New rules are suggested automatically when you enable a table.
Referential Integrity
Primary key fields are handled via Rename operations instead of value changes, preserving all table relations and ledger entries. Composite keys with multiple fields are processed as a group. Your obfuscated environment stays functionally intact.
Special Table Handling
Some tables need more than field masking. Incognito supports three actions for special tables: Change Value (replace specific fields), Rename Primary Key (re-key records while keeping relations), and Delete Data (remove records entirely). Apply filters to target specific records.
Processing History & Audit
Every obfuscation run is logged: which tables were processed, how many records, duration, who ran it, and whether errors occurred. Skipped fields are logged with reasons. Full transparency for compliance reviews.
How It Works
Three steps to a clean sandbox
Configure
Select tables and fields to obfuscate. Incognito suggests sensitive fields automatically based on field name patterns (names, addresses, bank accounts, emails). Choose an obfuscation method per field — or accept the intelligent defaults.
Run
Execute the obfuscation on your sandbox or company copy. Incognito processes tables in order, respects primary key relationships, and commits per table. A progress indicator shows real-time status. Production databases are protected by a built-in safety check.
Verify
Review the processing history: records processed per table, duration, and any skipped fields with explanations. Re-run selectively if needed — Incognito tracks which rules have been applied and which are pending.
Data Coverage
What Incognito can obfuscate
Incognito works at the table-and-field level across the entire Business Central database. It covers any text, code, BLOB, media, or GUID field — including fields added by other extensions.
Personal Identification
Names, surnames, full names, initials
Contact Information
Email addresses, phone numbers, fax numbers
Address Information
Street addresses, cities, postal codes
Financial Information
Bank accounts, IBANs, SWIFT codes, credit card numbers
Employment Information
Employee IDs, social security numbers, salary data
Government Identifiers
VAT numbers, registration numbers, licence numbers
Use Cases
Who needs Incognito?
Partner & Vendor Access
Give implementation partners, support vendors, or auditors access to a realistic Business Central environment — without exposing real customer names, bank details, or contract values.
Training & Demos
Run training sessions and customer demos on data that looks real but isn't. Incognito's Fake Data method generates plausible names, addresses, and IBANs that make scenarios credible.
Development & Testing
Developers and QA teams work with production-shaped data without GDPR risk. Referential integrity is preserved — posting, reporting, and workflows behave exactly as they would in production.
GDPR & Compliance
Reduce personal data exposure in non-production environments as part of your GDPR program. Incognito covers six PII categories: personal identification, contact information, addresses, financial data, employment records, and government identifiers.
API-First · AI-Agent Ready
Built-in REST APIs & MCP Server Access
This app publishes native REST API pages inside Business Central. AI agents connect to Incognito data instantly via the BC MCP Server — no middleware required.
REST APIs
Standard OData-compatible endpoints. Read, create, update records programmatically.
MCP Server
AI agents access published API pages directly via the Business Central MCP Server.
Copilot Studio
Build custom agents in Microsoft Copilot Studio that interact with Incognito data.
Any AI Client
VS Code, Claude, ChatGPT, or any MCP-compatible tool can connect.
Frequently Asked Questions
Common Questions
What obfuscation methods does Incognito support?
Does Incognito preserve referential integrity?
Yes. Primary key fields are handled via Rename operations, not value changes — so all related ledger entries, document lines, and table relations remain valid. Composite primary keys (multi-field) are processed as a group. The obfuscated environment stays functionally intact for testing and demos.
Can Incognito run on production data?
No — by design. Incognito includes a built-in safety check that detects production databases and blocks execution. It only runs on sandboxes, company copies, and non-production environments. Your live data is never at risk.
What data can Incognito mask?
Any text, code, BLOB, media, or GUID field in Business Central — including fields from other extensions. The app ships with pre-configured patterns for six PII categories: personal identification, contact information, addresses, financial data, employment records, and government identifiers. You can add custom rules for any table and field.
How does automatic PII detection work?
Incognito maintains a library of common sensitive field name patterns (e.g. fields containing 'name', 'email', 'phone', 'address', 'bank', 'IBAN'). When you enable a table for obfuscation, it automatically suggests which fields to mask and which method to use. You review and adjust before running.
Can I obfuscate specific records instead of entire tables?
Yes. Special Table handling lets you apply filters to target specific records — for example, only obfuscate customers in a certain country or vendors above a certain balance. You can also choose to delete filtered records entirely instead of masking them.
Is there an audit trail for obfuscation runs?
Yes. Every run is logged with: tables processed, record count, duration, user who ran it, success/failure status, and error details. Fields that were skipped (e.g. due to permission issues or primary key constraints) are logged with the specific reason. This history supports GDPR accountability requirements.
Does Incognito work with on-premises Business Central?
Yes. Incognito supports both cloud (SaaS) and on-premises deployments. For on-premises, it uses a database name check to distinguish production from non-production environments instead of the sandbox flag.
