Custom Question security and prohibited data
Custom Questions are powerful but come with rules. Don't capture highly sensitive PII (SSN, full DL number, payment cards). Use the Insured fields for standard PII. Mark sensitive Custom Questions for export consent so they don't leak through casual exports.
In short: Don’t put SSN, full driver license numbers, or payment card data in a Custom Question — use the Insured/standard fields instead. For other sensitive data, mark the question for export consent.
What’s prohibited
Don’t capture this data in Custom Questions:
- Social Security Numbers (SSN) — SALT doesn’t capture SSN as a standard field for a reason. Capturing through a Custom Question creates regulatory exposure for your agency without the encryption and consent flows SALT applies to standard PII.
- Full driver license numbers — there’s a standard Insured field for this with appropriate encryption. Use it instead.
- Payment card data (PAN, CVV) — never. Payment data goes through the proper PCI-compliant channels (Stripe), not free-form fields.
- Full bank account or routing numbers — same reasoning.
- Health information (HIPAA-covered) — generally outside SALT’s scope and creates regulatory complications.
These restrictions protect both your agency and the consumer.
What’s allowed but should be marked sensitive
Some data is legitimate to capture but warrants extra handling:
- Income or net-worth ranges
- Employment details
- Property valuations
- Prior loss history detail
- Credit-related answers (where lawful and disclosed)
For data in this category, mark the Custom Question as requiring export consent. This adds a guardrail before the data leaves SALT in an export.
What export consent does
When a Custom Question is marked for export consent:
- The data is captured normally on Submissions.
- Standard CSV exports don’t include the field by default — your agency has to accept an export consent prompt first.
- Consent acceptance is logged. Per-export logging shows who accepted, when.
- The data still appears in the SALT UI for authorized users.
This prevents a casual export from accidentally exposing sensitive data to a downstream system or person who shouldn’t have it.
Marking a Custom Question for export consent
When creating or editing a Custom Question, look for the option to mark it as requiring export consent (sometimes labeled “Sensitive” or “Requires export consent”). Save with the option on, and the export gating applies from that point forward.
What about consumer privacy?
Custom Questions are subject to the same privacy principles as standard questions:
- Data is encrypted at rest where applicable.
- Data is only visible to authorized users.
- TCPA and other consent requirements apply when applicable.
- The consumer can request data deletion subject to standard policies.
Don’t ask for data you don’t have a clear business reason to collect. “Nice to have” data adds liability without meaningful upside.
Common questions
My Custom Question’s data is missing from my CSV export — what gives? The question is likely marked for export consent. Accept the consent prompt and re-export. See Exporting Submissions and Bulk export.
I need to capture something prohibited because of a specific use case. What do I do? Don’t work around the restriction with a Custom Question. Contact SALT support to discuss whether the standard library can be extended, or whether your use case requires a different approach.
Can I see who accepted the export consent and when? Yes — consent records are auditable. An admin or compliance officer can review.
If I unmark a question’s export consent, does past data immediately become exportable? Yes — the gating is on the question, not on individual answers. Removing the gate exposes the field in future exports. Make this change deliberately.