Security · Privacy · Ethics · Compliance
Deploy AI Without Exposing New Attack Surface
GPTfy runs inside your Salesforce org and connects to your AI provider - Azure, AWS, or Google Cloud. From conversational AI to agentic AI workflows, every interaction runs on infrastructure your team already controls. No new vendors to validate. No new infrastructure to audit. Your security team wraps up in days, not months.
$4.88M
Average cost of a data breach in 2024
IBM / Ponemon Institute
55%
Of employees use unapproved AI tools at work
Salesforce State of IT, 2024
68%
Of CISOs rank AI governance as a top concern
PwC Global Digital Trust Insights
Your security team has enough on their plate.
6+ Months

The queue never ends

Every team wants AI deployed yesterday. Every new AI tool means another round of vendor questionnaires, data flow maps, compliance certifications, and legal review. The backlog keeps piling up while the rest of the organization waits.

"There are quite a few third-party providers who are trying to do that, and all of them need me to send them accounts, and it goes into a separate system... which I'm not a big fan of at all."- CTO, Debt Collection / Financial Services
Sprawling Surface

More vendors, more painstaking work

Every external API, data copy, and vendor server is another point to monitor. More risk registers. More pen tests. More incident response plans. Tedious, repetitive work that multiplies with every vendor your team has to vet.

"At the moment, there's no granular reporting in Data Cloud that would allow me to tell you by profile or by user how many people used a prompt, or a bot."- Salesforce Implementation Partner, Financial Services
Shadow AI

Reviews drag on, ChatGPT doesn't wait

While reviews sit in the queue for months, your reps and agents are already using uncontrolled AI. The longer the backlog, the bigger the shadow AI risk becomes - and that creates even more work to clean up.

"At times, we end up building stuff just for building it, and users just don't capture value out of it."- CTO, Debt Collection / Financial Services
What if AI ran on infrastructure you've already secured?
Today

6-month review queues. External data centers to audit. Shadow AI spreading. Laborious vendor questionnaires piling up while the organization waits for AI.

Turn On GPTfy

Install from AppExchange (Salesforce security-reviewed). Connect to YOUR Azure, AWS, or Google Cloud AI. Security & Trust Layer runs inside your org. Your admin controls every callout.

Result

Security review in days, not months - nothing new to validate. Zero new attack surface. Full audit trails. AI runs on infrastructure your team already secured.

The S.P.E.C. Framework - Security · Privacy · Ethics · Compliance
Enterprise AI governance in four layers
S

Security: Mask Data Before AI Sees It

4-layer protection: field masking, regex patterns, blocklists, custom Apex. AI only processes masked data. Content safety screening on every interaction.

  • Point-and-click config, zero code for Layers 1-3
  • Role-based masking (doctors vs. billing vs. compliance)
  • De-masking honors Salesforce field-level security
P

Privacy: Your Data. Your Infrastructure.

Complete data sovereignty. You choose where AI runs - US, EU, or APAC. Zero data retention with AI providers - your provider processes data transiently and stores nothing.

  • GDPR, CCPA, CPRA compliant architecture
  • Regional data residency controls
  • Zero data retention with AI providers
E

Ethics: Guardrails on Every Interaction

Prompt grounding rules enforce ethical, content, and security guardrails before AI responds. GPTfy applies four types of grounding - ethical, content, dynamic, and data security - to every prompt.

  • Bias detection and toxicity filtering
  • Hallucination prevention via content grounding
  • Dynamic grounding for locale and context
C

Compliance: Track and Prove Everything

GPTfy logs every AI interaction: user ID, timestamp, input, masked output, AI response, and policies applied. Supervisor dashboards. E-discovery ready.

  • Configurable retention and deletion policies*
  • One-click e-discovery export for regulatory exams
  • Real-time usage monitoring and supervisor dashboards
Your Infrastructure. Your AI. Your Control.
Bring your own model. Industry-specific compliance. Deploy in days, not months.
Zero-Trust Architecture - GPTfy's Security & Trust Layer Runs Inside Your Org
Everything runs in your controlled environment. Your IT team stays in control.
Frontend
Your M365 / Salesforce

Your SSO. Your conditional access policies. Salesforce Lightning, Copilot, Slack, Teams.

Security & Trust Layer
Inside YOUR Salesforce Org

Managed package. 4-layer data masking, audit trails, ethics controls, and compliance enforcement. Admin-controlled callouts. Zero external servers.

AI Backend
YOUR AI Infrastructure

Azure OpenAI. AWS Bedrock. Google Vertex. Your contracts. Your data residency. Your security controls.

GPTfy cannot make external callouts unless your Salesforce Admin explicitly configures them via named credentials.
How We Build - Engineering Rigor Behind Every Release
430+
Regression tests run
per release
321+ hrs
Testing investment
per release
Checkmarx
SAST security scan
every AppExchange release
Code Escrow
Source code held by Codekeeper
for business continuity
Bring Your Own Model
Use your AI infrastructure - not ours
No Vendor Lock-In

Switch from OpenAI to Claude to Bedrock without rebuilding. GPTfy adapts to your AI choices.

Your Contracts

Use existing Azure EA, AWS EDP, or GCP committed spend. Your negotiated pricing, not ours.

Data Residency

Choose Azure US East, AWS Frankfurt, GCP Singapore. Your compliance needs, your choice.

Full Transparency

Know exactly which model version processes your data. No opaque platform updates.

Industry Compliance
Pre-built configurations for regulated industries
Financial Services

FINRA/SEC compliance with MNPI protection and supervisor review dashboards.

  • FINRA Rule 3110: AI interaction supervision
  • Regulation S-P: PII/MNPI masking
  • One-click export for regulatory exams
Healthcare

16 of 18 HIPAA PHI identifiers masked. BAA provided. With masking, your AI provider may never see PHI.

  • §164.312(a): Access controls via SF profiles
  • §164.312(b): Audit trails for every PHI access
  • BAA simplification: masked data reduces scope
Insurance

NAIC Model Law #668 alignment. Claims processing with PII masked. 50-state breach readiness.

  • Policyholder PII: SSN, DOB, DL, accounts
  • 50-state breach notification readiness
  • Configurable retention for state requirements
"I don't know when they will stabilize and make it much more convenient for me to do these things. But I don't have the patience for it, so that's why I would like to move forward."
- CTO, Debt Collection / Financial Services
Questions From CISOs and Security Teams
Data Residency
Does GPTfy store or process any of our data?
No. GPTfy is a managed package inside your Salesforce org. Your data remains in your infrastructure at all times - GPTfy transiently sends only a masked, sanitized version to your AI infrastructure for processing. Zero GPTfy servers. Zero caching. Zero data copies.
AI Governance
Can we control which AI models users access?
Completely. Your admin configures each prompt once - with specific fields, data access rules, and an AI model - then assigns it to one or more Salesforce user profiles. Your admin controls exactly who can run what, with which data, on which model. No duplication. No per-profile variants. Standard Salesforce profile management.
Data Masking
How does the Security & Trust Layer mask data?
GPTfy reviews every field against your masking rules before anything reaches AI. Four layers: (1) Field value - replace sensitive fields with tokens. (2) Regex - detect and mask PII across structured and unstructured data. (3) Blocklists - mask sensitive terms (competitor names, project codenames) before they reach AI. (4) Custom Apex - your own masking, tokenization, or encryption logic. All configurable through point-and-click.
AI Firewall
Does GPTfy work with our AI firewall?
Yes. GPTfy's ConnectorClass architecture supports integration with internal or third-party AI firewalls. Authentication and processing classes route through your centralized AI security layer - your existing prompt injection detection, content filtering, and policy enforcement stay in the loop. Your security stays consolidated; GPTfy plugs into it, not around it.
Salesforce Shield
Is GPTfy compatible with Salesforce Shield?
Yes. GPTfy runs as a managed package inside your org, so it inherits your Shield implementation. Platform Encryption, Event Monitoring, and Field Audit Trail all work as configured. If you've invested in Shield, that investment extends to your AI deployment with no additional configuration.
Microsoft Copilot
How secure is the Microsoft Copilot integration?
Three layers: (1) AppSource Marketplace security reviewed. (2) Runs in your Microsoft infrastructure - respects Entra ID, conditional access, and user permissions. (3) Azure connector between Copilot and Salesforce runs in your infrastructure. Code available for security review on request.
Data Retention
Are hyperscaler data retention policies respected?
Fully. GPTfy calls your AI provider's API directly - Azure OpenAI, AWS Bedrock, Google Vertex - so all hyperscaler-level controls apply. Zero data retention configured on Azure? It applies to every GPTfy prompt. Content filtering, abuse monitoring, regional policies - GPTfy respects all of them per your infosec policies.
Trust Center
What's in your security review packet?
AppExchange security approval documentation, Checkmarx SAST scan results, SOC 2-equivalent trust packet, shared responsibility matrix, data governance and access control policies, and incident response procedures. Available at gptfy.ai/trust-center
Review Our Security Posture
Trust packet, shared responsibility matrix, and compliance documentation.
Visit GPTfy Trust Center → Start with GPTfy Prove →
Validate compliance in your own org Fixed pricing - no per-conversation cost risk Forward-deployed engineers, your real data
Tips for best PDF quality:
• Use Chrome or Edge browser
• Select "Save as PDF" as the destination
• Disable "Headers and footers" in print settings
• Enable "Background graphics" for colors