Secure Your Production Data. Empower Your Teams.

Automated PII & PCI masking platform that transforms production databases into safe, realistic copies for development, testing, and analytics—without exposing sensitive customer data.

Try DataShield Free
DataShield - Data Protection Platform

The Data Sharing Dilemma

Production databases are goldmines for development and testing, but sharing them creates massive compliance and security risks.

Compliance Violations

Sharing real customer names, emails, SSNs, credit cards across teams exposes you to GDPR, HIPAA, and PCI-DSS violations with severe penalties.

Manual Masking Doesn't Scale

Hand-coding SQL scripts to mask PII is error-prone, time-consuming, and breaks every time your schema changes.

Security Exposure

Production data in dev environments means broader access, weaker controls, and higher breach risk, one leak can cost millions.

Development Bottlenecks

Teams wait weeks for sanitized test data, slowing releases and preventing realistic testing with production-quality datasets.

How DataShield Works

From database connection to obfuscated data in 7 simple steps—no manual scripting required.

Connect

Add source and destination database connections. DataShield validates connectivity and securely stores encrypted credentials.

1

Discover

Auto-detect PII and PCI fields across your entire schema. DataShield reflects tables, columns, relationships, and flags sensitive data.

2

Review

Adjust auto-detected classifications. Override any field's classification or add custom sensitive columns as needed.

3

Configure

Select tables, set row limits, apply date filters, exclude columns. Choose realistic or masked mode. Save as reusable profile.

4

Estimate

Run dry-run to preview exact row counts and validate your configuration before committing to the full obfuscation job.

5

Obfuscate

Start the job and monitor real-time progress. DataShield processes data in parallel batches while preserving all foreign keys.

6

Preview & Deploy

Compare source and obfuscated data side-by-side in browser. Verify results and hand off clean database to your team.

7

Enterprise Features That Scale

Built for production workloads with security, performance, and developer experience at the core.

Automatic Discovery

🔍 Automatic PII/PCI Discovery

No manual tagging. DataShield scans your schema and auto-detects sensitive fields with 85-90% confidence scores.

  • Names, emails, phones, addresses, SSNs, dates of birth
  • Credit cards, CVV, expiry dates, bank accounts, IBAN
  • IP addresses, usernames, login credentials
  • Review and override classifications before obfuscation
Obfuscation Modes

🎭 Dual Obfuscation Modes

Choose between realistic or masked data based on your use case.

  • Realistic Mode: Authentic-looking data for testing validation logic
  • Masked Mode: Visually anonymized placeholders (J** D**, ***@domain.com) for audit logs
  • Switch modes per job—flexibility for different teams
Referential Integrity

🔗 Referential Integrity Preserved

Foreign key relationships stay intact across your entire database—your data works just like production.

  • Auto-detect FK relationships from schema metadata
  • Deterministic value generation—same input always produces same fake output
  • Parent tables auto-included when child tables selected
  • Self-referential table detection and warnings
Granular Control

⚙️ Granular Table & Column Control

You decide exactly what gets obfuscated with surgical precision.

  • Select any combination of tables across schemas
  • Exclude specific columns from obfuscation per table
  • Apply date range filters to extract time windows (e.g., last 90 days)
  • Set row limits with sampling strategies (First N, Last N, Random N)
  • Search and filter table lists for large schemas
Dry-Run Estimation

🧮 Dry-Run Estimation

Preview exact row counts before committing to potentially hours-long jobs.

  • Fast count using database statistics—no data movement
  • Validate filters, limits, and table selections before running
  • Estimate job duration based on row counts and throughput
  • Adjust configuration and re-estimate until satisfied
Real-Time Monitoring

📊 Real-Time Job Monitoring

Track every discovery and obfuscation job with live telemetry.

  • Overall progress percentage and rows processed vs total
  • Tables processed status (queued, running, completed, errored)
  • Throughput in rows/second and estimated time remaining
  • Kill any running job instantly if needed
Data Preview

👁️ Side-by-Side Data Preview

Compare source and obfuscated data in browser—no database client needed.

  • See exactly which columns were obfuscated
  • Verify output looks correct before handing off to teams
  • Sample rows from any table in destination database
  • Instant validation without leaving DataShield
Multi-Database Support

🗄️ Multi-Database Support

Connect to virtually any relational database your organization uses.

  • PostgreSQL, MySQL, MariaDB (RDS + standard auth + AWS IAM)
  • Microsoft SQL Server (standard auth)
  • Oracle Database, SQLite (file path)
  • System schemas auto-excluded for all engines
Security by Design

🔐 Security by Design

Built with security as a first principle, not an afterthought.

  • Email OTP verification, JWT session management with auto-refresh
  • Database passwords Fernet-encrypted at rest, never logged
  • AWS IAM tokens generated at runtime—no secrets stored
  • Non-destructive by design—source database never modified
  • Per-user data isolation—users only see their own resources

Built for Every Team

From engineering to compliance, DataShield empowers teams to work with production-quality data safely.

Engineering Teams

Safe dev/test databases without production PII. Develop against realistic data that mirrors production volume and complexity.

QA & Testing

Realistic test data matching production schema and volume. Run comprehensive tests without compliance risk.

Data Analytics

Anonymized datasets for BI reporting and analysis. Explore production patterns without exposing customer identities.

warning-solid

Compliance & Risk

Demonstrate PII/PCI controls for GDPR, HIPAA, PCI-DSS audits. Show auditors your non-production data is properly masked.

Enterprise Database Support

Connect to the databases your organization already uses—no migration required.

PostgreSQL

Standard Auth AWS IAM RDS

MySQL

Standard Auth AWS IAM RDS

MariaDB

Standard Auth AWS IAM RDS

SQL Server

Standard Auth

Oracle

Standard Auth

SQLite

File Path

Simple, Transparent Pricing

Two ways to use DataShield — choose what works best for your team.

Cloud

Hosted by LagrangeDATA. Try DataShield with no setup required.

Free

No credit card required

  • Unlimited database connections
  • PostgreSQL, MySQL, SQL Server, Oracle, SQLite
  • Automatic PII & PCI detection
  • Unlimited rows per job
  • Realistic and Masked obfuscation modes
  • Unlimited run profiles
  • Real-time job monitoring
  • Side-by-side data preview
  • Community support

Note: Database must be publicly accessible

Try DataShield Free
Enterprise

Self-Hosted

Deployed in your environment. Your data never leaves your infrastructure.

$15,000/year

Billed annually upfront

  • Everything in Cloud, plus:
  • Private VPC & on-premise connectivity
  • AWS IAM authentication (RDS)
  • Column-level exclusions
  • Row limits & sampling (First/Last/Random)
  • Dry-run row estimation
  • Resumable jobs
  • Configurable batch size & parallelism
  • AWS ECS deployment
  • Priority email support
Contact Sales

Discount: Our customers receive discounts off Year 1 in exchange for a case study and product feedback.

Multi-year discounts available. Contact us to discuss.

Frequently Asked Questions

Everything you need to know about DataShield

Does DataShield ever see or store my data?

+

No. DataShield only reads the schema (table and column names, data types, relationships) during discovery. During obfuscation, data is read from your source database and written directly to your destination database. No data passes through or is stored on DataShield's servers. On the Self-Hosted tier, everything runs entirely within your own infrastructure.

What databases does DataShield support?

+

PostgreSQL, MySQL / MariaDB, Microsoft SQL Server, Oracle Database, and SQLite. AWS RDS IAM authentication is available for PostgreSQL and MySQL on the Self-Hosted tier.

Can I use the Cloud tier with a database behind a firewall?

+

No. The Cloud tier requires your database to be publicly accessible because DataShield's hosted servers need network access to connect. For private, VPC-hosted, or on-premise databases, the Self-Hosted tier is required.

How is the Self-Hosted license enforced?

+

The license covers one deployment (one organization). The annual fee provides access to the software, updates, and support for the license period. Run DataShield in your own environment with no usage-based metering and no dependency on vendor callbacks, under a standard annual license.

What happens when my Self-Hosted license expires?

+

Your deployment continues to function. You will no longer receive software updates or priority support until the license is renewed.

Is there a multi-year discount?

+

Yes — contact us to discuss multi-year pricing.

Do you offer a discount?

+

Our customers receive discounts off Year 1 Pricing, in exchange for a case study and product feedback. Contact us to enquire.

Ready to Secure Your Data?

Start masking production data in minutes. No credit card required for trial.

Try DataShield Free Schedule a Demo