tests/security/test_sensitive_data.py

import requests


def test_sensitive_data_exposure():
    url = "http://127.0.0.1:8000/api/v1/insightfy/register"
    payload = {"email": "testuser@example.com", "mobile": "+14155552671", "name": "Test User"}
    response = requests.post(url, json=payload)
    assert "password" not in response.text, "Sensitive data exposed in API response!"