- add a config option to explicitly enumerate pii fields beyond email - in query controller, strip pii of user table results before sending out the door.
