1. 12twenty Support
  2. Career Center Admins
  3. Career Center User Basics

Sandbox Environment

Updated

✨ 12twenty is updating the sandbox environment scrub process as of March 2025. Please read the following updates below for information on the new scrub cadence and scrub process.

Sections

  1. New Scrub Cadence
  2. New Data Scrub Process
  3. Frequently Asked Questions

 

New Scrub Cadence

Starting March 1st, 2025, the sandbox environment will scrub data from production based on the following schedule: The process will begin on the 1st of each month, and will complete at some point within the first 7 days of the month.

Why is 12twenty making this change?

12twenty is moving to this monthly schedule so it’s easier for teams to track and plan around data scrub activities. Previously, the scrubs took place every six weeks, which often led to confusion and made it harder for people to remember when the process would happen next. By setting it to the first of each month (and completing within the first week), 12twenty provides a clear, predictable cadence that simplifies planning and keeps everyone aligned.

What does this mean?

Starting March 1st, 2025, data will be copied from your production environment down to your Sandbox environment on a monthly schedule, beginning on the 1st of each month, and will complete at some point within the first 7 days of the month.

What do I need to do?

This updated cadence will go into effect automatically, and you don’t need to do anything differently. Just be aware of the new monthly timing. If you rely on the sandbox for development or testing, plan those activities around the new schedule so that your work aligns with each monthly data refresh.

 

New Data Scrub Process

Starting April 1st, 2025, the sandbox environment will no longer copy down personally identifiable information from production to sandbox.

Why is 12twenty making this change?

When creating a sandbox environment—especially for testing, development, or training purposes—it’s considered a best practice to avoid using real, sensitive data. Below are some key reasons why 12twenty is scrubbing Personally Identifiable Information (PII) when copying data from production to a sandbox:

  • Real user data often includes names, email addresses, student IDs, and other personally identifiable details. Removing or anonymizing this information prevents unauthorized individuals from accessing sensitive user details in the sandbox environment, which may have different authorization (site access) methods than production. For example, production may require administrators to login with SSO, while sandbox does not.
  • When PII is removed, developers testing an API integration can focus on functionality and system performance without worrying about handling or exposing sensitive data. It also makes sharing the sandbox environment safer and more convenient.
  • Users expect their personal data to be handled responsibly. Demonstrating that you take every measure to protect sensitive data—even during testing and within test environments—helps maintain confidence in 12twenty's data handling practices.

What does this mean?

Starting April 1st, 2025, the following fields will be scrubbed (obfuscated), however 12twenty IDs (i.e., the 12twenty ID for a student, an outcome or job posting) will remain the same. For example, if a student "Andrew Chen" is available in production with a 12twenty ID of "12345," visiting the same student profile URL in sandbox will return a student name that has been randomized (e.g., "John Doe"), while maintaining the identical 12twenty ID of "12345."

List of fields that will be scrubbed

  • Student

    • Name

    • Email

    • Passwords

    • Phone

    • Address

    • DOB

    • LinkedIn Profile URL

    • Biography

    • SSO Login ID

    • Unique ID (Student ID)

  • Note text

  • Contact

    • Name

    • Email

    • Phone

    • Address

  • Job Postings

    • Contact info

  • Outcomes

    • Salary
  • Orders
    • Contact information

  • API key

  • Webhook key

  • SSO encryption key

  • Site instance emails (email activity, email tab on student and contact profiles)

  • File names

  • Application document names

  • Application document text

  • Calendar sync authorization

  • Stripe payment authorization

What do I need to do?

The updated data scrubbing process  will go into effect automatically starting April 1st, 2025, and you don’t need to do anything differently. However, here are the key considerations you should keep in mind:

Be Aware of Obfuscated Data in Sandbox

  • After April 1st, 2025, any student, contact, or other PII-related information you see in sandbox will be replaced with placeholder (randomized) values.
  • The 12twenty IDs (e.g., “12345”) will stay the same, so if you are testing integrations or URLs, the records themselves remain consistent—just with anonymized data fields.

Check Any Testing or Integrations That Rely on Real Data

  • If you have tests, reports, or processes that depend specifically on real user information in sandbox (e.g., emails or names), you will need to adjust your approach.
  • For example, if you were sending test emails from sandbox to actual addresses, you’ll need to switch to using the randomized or test addresses.

Update Documentation or Training Materials

  • If your training or internal documentation references “real” user data in sandbox (like real student names), consider updating screenshots or instructions to match the new scrubbed data.

 

 

Frequently Asked Questions

  • How can I log in to our sandbox environment?
    You can log in to your Sandbox environment at {siteinstance}.admin.sandbox-12twenty.com. Please note that a sandbox environment is a paid add-on and must be enabled by your CSM. Please contact customersuccess@12twenty.com for more information.

  • What is my sandbox username and password?
    Your sandbox username and password is the same as your production username and password.

  • Are emails sent out of sandbox?
    No, emails are not sent out of sandbox environments, except for password reset emails. That said, you will still see all emails included on the "Email Activity" page.
  • What is our sandbox API key?
    Your API key to sandbox is different than your production key, and can be provided to you upon request. Please contact support@12twenty.com to receive your sandbox API key.

  • What data is scrubbed from production? I.e., what data is different between production and sandbox?

    • Data that is modified

      • Student

        • Name

        • Email

        • Passwords

        • Phone

        • Address

        • DOB

        • LinkedIn Profile URL

        • Biography

        • SSO Login ID

        • Unique ID (Student ID)

      • Note text

      • Contact

        • Name

        • Email

        • Phone

        • Address

      • Job Postings

        • Contact info

      • Outcomes

        • Salary
      • Orders
        • Contact information 
    • Data that is not scrubbed down (i.e., not copied from production to sandbox)
      • Audit log entries
      • Email activity
      • Application document text
  • How can I be added as an administrator to the sandbox environment?
    A current administrator can add you to the Sandbox environment by following the instructions in this article Adding an Admin (Career Center) User.
  • Do I need a new sandbox API key every time a scrub occurs?
    No, you can use your existing Sandbox API key.

  • Why is my sandbox password different after a scrub?
    If you’ve changed your password in Production since the last scrub occurred, you will have to use your new Production password to access the site.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more