GPTfy helps you protect sensitive information by applying multi-layered anonymization before sending any Salesforce data to AI. These Security Layers work seamlessly within the Data Context Mapping feature and ensure that personally identifiable information (PII) is masked to meet compliance and privacy standards.
What You Can Do
With GPTfy’s security capabilities, you can:
- Identify and anonymize sensitive data using custom and prebuilt rules
- Apply different anonymization strategies based on field type
- Mask data dynamically using Regular Expressions (Regex), blocklists, field logic, or custom Apex classes
- Audit and verify anonymization via Security Audit records
GPTfy Security Layers Explained
GPTfy supports four distinct layers of data anonymization:
| Layer | Description | Best Use |
|---|---|---|
|
Layer 1: Field Value Based |
Email, Phone, Name fields
|
Masks complete field values based on field mapping. |
|
Layer 2: Format-Based (Regex) |
Mask patterns within long text fields using Regex. |
Emails, Phones, SSNs inside notes |
|
Layer 3: Blocklist-Based |
Mask sensitive words/terms from long text using blocklists. |
Product names, Confidential IDs |
|
Layer 4: Apex-Based |
Executes custom Apex logic to mask complex or unmatched data patterns. |
Special cases beyond regex/blocklist coverage |
Note: Layers 2 and 3 operate only on long text fields and are designed to mask specific strings within unstructured content.
Field-Level Controls for Regex Matching
To improve the precision of anonymization, GPTfy includes advanced options for Regex matching:
| Checkbox | Functionality | Benefits | Potential Drawbacks |
|---|---|---|---|
|
Match Complete Word |
Adds (?<=\s)(?= \s) for matching whole words |
Prevents partial matches within other words (e.g., avoids matching ‘cat’ in ‘category’) |
Might miss matches not surrounded by whitespace |
|
Ignore Special Characters |
Ignores special characters at the start or end of a match (e.g., . , : ; { }) |
Allows flexible matching when data is inconsistently formatted |
Could result in unintended matches if special characters are meaningful |
Steps to Use Security Layers in Data Context Mapping
Step 1: Access the Field Mapping Window
- Navigate to Data Context Mapping from the GPTfy Cockpit
- Select an object and click Field Mappings
Step 2: Choose the Appropriate Security Layer
- For regular fields (e.g., Email, Phone), select Entire Value (Layer 1)
- For long text fields, select Specific Patterns to activate Layers 2 and 3
Step 3: Save Your Field Mapping
After configuring the masking layer and values, click Save
Step 4: Activate the Prompt
- To apply the configured security layers, activate an existing prompt or create a new one that uses the mapping
Step 5: Run the Prompt
- Run the prompt on any Salesforce record to trigger the anonymization process
Step 6: Verify Anonymization in the Security Audit Record
- Open the Security Audit record linked to the processed record
- Review the following fields:
- Data (Original): Original field value
- Data (PII Removed): Value after masking
- Data (Original): Original field value
How Layer 4 (Apex Security Layer) Works
The Apex Security Layer lets you create custom masking logic when field masking, Regex, and blocklist filters are insufficient.
- Create a new Apex Class implementing the interface AIApexSecurityLayerInterface.
- Create a new security layer of record type Apex.
- Add the Apex class name in the layer and activate it.
- Select the new Security Layer in the additional settings of the Data Context Mapping
- GPTfy will automatically validate the Apex class when saving.
- Your Apex class will:
- Receive already masked data.
- Add/modify additional masking keys.
- Further anonymize complex patterns.
Sample Apex Class
global class SampleApexSecurityLayerClass implements ccai.AIApexSecurityLayerInterface{
global ccai.AIApexSecurityLayerDataWrapper getExtractData(ccai.AIApexSecurityLayerDataWrapper wrapper){
Map<String, String> pIIKey = (Map<String, String>)JSON.deserialize(wrapper.response.ccai__Data_PII_Key__c, Map<String, String>.class);
pIIKey.put('489-36-83535566u', 'AP-0874-001');
pIIKey.put('489-36-83535566u)', 'AP-0874-001');
wrapper.response.ccai__Data_PII_Key__c = JSON.serialize(pIIKey);
return wrapper;
}
}
Sample Example
| Original Value | Masked By | Security Layer |
|---|---|---|
|
34e |
SF-0179-022 |
Layer 2 – Regex |
|
12321 |
SF-0174-001 |
Layer 2 – Regex |
GPTfy applies rules in a top-down approach. Larger values are prioritized before submatches.
| Field Name | Original Value | Masked By | Security Layer |
|---|---|---|---|
|
Description |
Contact at 489-36-83525566u |
AP-0874-001 |
Layer 4 – Apex |
Description 1: Includes sensitive text (489-36-83525566u) — masked by Apex layer.
Description 2: Regular masking (using Layer 2 or 3) applies first.
Name field: (Entire Value masking by Layer 1.)
Important: Apex logic is triggered after Layer 1, 2, and 3 if masking is still required.
Summary
Use Layer 1 for complete field-level anonymization
Use Layers 2 and 3 for inline masking within long text
Use Layer 4 (Apex) when custom, complex masking is needed.
Customize Regex behavior using checkboxes to improve accuracy
View and audit anonymization results directly in GPTfy’s security logs
This multi-layered approach helps you stay compliant and confident in how your data is handled.