Beta Trade effort for impact with Runway’s AI analyst

How to build a financial model and keep sensitive data anonymized

Play video

Building a financial model means handling sensitive data—salaries, vendor contracts, revenue, cost breakdowns. But you can’t do it in isolation. Your finance team needs inputs. Department heads need visibility. Planning is a team sport.

And yet… not everyone needs to see everything.

Your head of sales should forecast hiring. They don’t need to see engineering comp. Marketing should understand their budget, but not payroll data across the company.

That’s where Runway comes in. With column-level anonymization and fine-grained access controls, you can model freely—without leaking sensitive information.

Sensitive data and shared models don’t always mix

Data leaks happen. Someone shares a screen too fast. Maybe a spreadsheet gets forwarded without a second look. Or a contractor opens a file they shouldn’t.

The fallout isn’t just awkward. It’s actually expensive.

Leaked salary data sparks distrust. Shared vendor pricing weakens your position. Revealing revenue figures can violate confidentiality agreements.

And even when it’s not a compliance issue, it's a trust issue. Who gets to see what—and when—is foundational to how teams work together.

Spreadsheets are powerful. But when it comes to permissioning, they fall short. That’s why your financial model needs privacy built-in. One source of truth. Different views, depending on role.

Runway’s approach to anonymizing sensitive data

In Runway, you can anonymize data at the column level. Just mark a column as sensitive, and everyone except admins sees asterisks (***) wherever that data shows up.

That redaction carries across:

  • Database views
  • Driver tables
  • Reports
  • Pages

Admins keep full visibility, so they can build and maintain the model. Everyone else sees only what you’ve explicitly revealed.

If you need to make exceptions, you absolutely can. Selectively reveal salary data to a department head on a filtered page, and keep it redacted everywhere else.

So sales can plan comp for their team without seeing other departments. And the CFO still sees the full picture.

Set up your databases and access controls

Start by organizing your data. Runway integrates with over 750 tools, such as:

  • QuickBooks
  • Xero
  • Rippling
  • Snowflake

Or bring in spreadsheets. Or build from scratch.

Once data is in, organize it into connected databases. Examples include:

  • Employee records with salary info
  • Vendor contracts and payment terms
  • General ledger transactions

Then assign roles. Every user gets a permission level that defines what they can see and do.

The 4 roles in Runway

Runway includes four role types with different permissions:

  • Admin: Full access to all data, settings, and models. Ideal for the finance team.
  • Manager: Edit access across most areas, but redacted views of sensitive columns unless explicitly revealed. Perfect for department heads.
  • Member: Access only where granted. Can’t create or explore outside their scope.
  • Guest: View-only. Best for external stakeholders like board members or investors.

Roles and anonymization go hand-in-hand. Give department heads manager access, then anonymize salary details outside their teams.

Step-by-step: how to anonymize sensitive data in Runway

It takes three clicks.

  1. Open the database with sensitive information.
  2. Click the column header (e.g., “salary”).
  3. Toggle “Anonymize data” in the settings.

That’s it. Now, non-admins see *** anywhere that column is referenced—reports, driver tables, dashboards.

The model stays accurate. But the sensitive details stay private.

Most common use case: salary data

You need salary data to model headcount. But you don’t want it showing up everywhere.

If your employee database includes name, department, and salary:

  • Open the “salary” column.
  • Turn on anonymization.

Now:

  • Sales sees sales roles and names—but not salary figures.
  • Admins still see everything.
  • Aggregates and summaries still compute correctly.

You protect individual data, without sacrificing accuracy.

Reveal data on specific pages only

Sometimes, you want to show sensitive data, but only in one place. Example: Your sales leader is planning hiring. They need salary details for their team, but nothing else.

Here’s how to do that in Runway:

  1. Create a “Sales Planning” page.
  2. Add your employee database as a block.
  3. Filter to show only the sales department.
  4. Click “Customize” on the block.
  5. Turn on “Reveal hidden data in this block.”

Now, the sales leader sees actual salary numbers, but only here. No access to finance, engineering, or ops comp.

They can’t remove filters or add new fields. Everything else remains protected.

Pro tip: make one page per department, and permission accordingly.

(Note: Data revelation currently works on database blocks, not driver tables.)

Bring anonymization into your modeling workflow

This isn’t an add-on. It’s part of how Runway works.

As you build out your model—from raw data to forecasts and reports—anonymized columns stay redacted everywhere unless revealed.

That applies to salary, vendor rates, revenue streams—any sensitive input.

  • Sales can view their own contract pipeline.
  • Procurement controls who sees vendor pricing.
  • HR and finance manage comp securely.

It’s modeling, with trust built in.

Build a secure, collaborative model from day one

You don’t have to choose between collaboration and confidentiality.

With Runway, everyone gets the access they need. Nothing more, nothing less. You scale your model, your users, and your team without scaling the risk.

Start by identifying sensitive fields. Use anonymization to protect them. Layer on role-based access. Then reveal selectively when planning requires it.

It’s flexible, fast, and built to scale.

Want to see it in action? Book a demo and see how Runway makes collaboration safe by default.