Security Layers

Picture of Kalanithi Balasubramanian

Kalanithi Balasubramanian

Updated on December 16, 2024

GPTfy offers a powerful feature that allows you to anonymize sensitive data in Salesforce before it is sent to AI. This feature helps you identify and anonymize sensitive data in a seamless manner. It has the following capabilities:

GPTfy can identify and anonymize sensitive data in multiple layers:

  • Layer 1: Record Specific Field Value-based: This layer focuses on specific field values and can be customized to use Regex for specific data types (e.g., Email, Phone, Name).
  • Layer 2 – Global Format-based (Regex): This layer uses Regex patterns to identify and anonymize sensitive data, including common data types like Email, Phone, SSN, Drivers License, Zip Code, and their
    international/locale-specific variants.
  • Layer 3: Global Blocklist Value-based: In this layer, you can specify a list of values that should be anonymized, such as product names or other sensitive information.


Layers 2 and 3 work on the text area fields, where the text inside the field values are scrutinized for PII data, and those values will be specifically anonymized. The type of layer can be determined in the field mapping window of Data Context Mapping.

Security Layer records are added as prepackaged data when GPTfy is installed. These will have a list of Regexes and Blocklists, which can take care of values of different data types.

The following checkboxes enhance the functionality of the Regex UI by providing more control over matching patterns:

Match Complete Word

  • Function: This checkbox ensures that the search only matches entire words and not parts of words.

  • Implementation:
    When checked, the Optimized Search Pattern field gets updated with two parts: (?<=\s) and (?=\s).
    This is a positive look behind and lookahead assertion combination that ensures the matched word is surrounded by whitespace characters (spaces, tabs, newlines) or the beginning/end of the string.

  • Benefit: Prevents partial matches within other words. For example, searching for “cat” with this option enabled wouldn’t match “category.”

Ignore Special Characters

  • Function: This checkbox allows the search to ignore specific special characters at the beginning and end of the matching word or number. (e.g., . , ; ‘ [ ] { } 🙂

  • Implementation:
    The list of special characters mentioned includes punctuation marks, brackets, curly braces, colon, and quotation marks.

Note: The PII key will not contain these special characters. Instead, the code will disregard them and replace the match with the replacement value.

  • Benefits: Increases flexibility by matching variations of the target pattern with special characters. For example, searching for “ID” with this option enabled would match “ID.”, “ID:”, or “[ID]”.
    Useful when dealing with data that might have inconsistent formatting.
Checkbox Name Functionality Benefits Drawbacks
Match Complete Word

Adds (?<=\s)(?= \s) for matching whole words

Improves accuracy for isolated words

Might miss matches without whitespace boundaries

Ignore Special Characters

Disregards specified special characters

Increases flexibility for variations

Potential for unintended matches based on special character meaning

Steps to Use Security Layers in Data Context Mapping

Step 1: Accessing Security Layers

  • To configure the security layers, you need to navigate to the field mapping window within the Data Context Mapping.

Step 2: Selecting Layer for Field Mapping

  • When creating or editing a Data Context Mapping, you can select the appropriate layer for different types of fields:
    • For non-text area fields, choose “Entire Value” to utilize Layer 1.
    • For text area fields, select “Specific Patterns” to utilize Layer 2 and Layer 3.

Step 3: Save Field Mapping

  • Once you’ve selected the layer for each field, click the “Save” button to save your field mapping settings.

Step 4: Activate the Prompt

  • To apply the security layers, you can either run an activated prompt (if available) or create a new one using the mapping created in the previous steps. Activate the prompt to ensure that then can be used in console to run GPTfy.

Step 5: Running the Prompt

  • Run the prompt on any record in Salesforce.

Step 6: Verify Anonymization

  • After running the prompt, open the security audit record created for that record.

  • In the security audit record, review the “Data (PII Key)” and “Data (PII Removed)” fields. These fields will display the data before and after anonymization, showcasing how the security layers have effectively masked PII data.
  • In the above example, following list will show values anonymized by different Security Layers.
    “34e” : “SF-0179-022” – Layer 2 – By Regex
    “12321” : “SF-0174-001” – Layer 2 – By Regex
    “3333-454-45” : “SF-0175-001” – Layer 2 – By Regex

    When the rules run they process the larger value first then it process the remaining values.

For example – When we have a bigger number (+49 1234 5678901) and a regex (SF-0926-002)is covering the small number (5678901) which is a part of the big number, so the regex of bigger number (SF-0924-005) is at the top of the smaller one. ‘5678901’ belonged to a bigger phone number, so the secondary regex didn’t conflict.