Enterprise AI Security. Built Inside Salesforce.

GPTfy Product Architecture and Security. GPTfy is an AppExchange app that brings the power of Generative AI like ChatGPT to your Salesforce org securely, easily, and very cost effectively. Let's dive into what makes it work. GPTfy is an AppExchange security approved app. A hundred percent of GPTfy's processing and storage happens on your Salesforce org. This ensures that GPTfy's multi-layered security keeps your sensitive data on Salesforce and prevents it from going to AI. In addition, this supports a bring your own model approach from an AI standpoint, so you can run your AI on your preferred vendor and in your preferred region, which is great to ensure data residency and compliance related regulations. Finally, there is no third party data store that GPTfy accesses. Everything that GPTfy does in terms of processing and storage happens either on your Salesforce org or on your Salesforce AI instance. What you see on the right is a screen with GPTfy native Lightning component embedded in a Salesforce page. GPTfy is a managed package produced by Cloud Compliance, a Salesforce ISV AppExchange partner. Everything in GPTfy is 100% native Salesforce technologies. GPTfy is built with custom UI components done in Lightning. GPTfy configuration settings and processing use custom objects, metadata, and custom settings. GPTfy automation processes and APIs are all written natively. GPTfy operates 100% within the context of your Salesforce security model. GPTfy cannot make any external outbound web call unless you or your admin configures it to do so. All GPTfy APIs are hosted on your org and only accessible by your API-authorized users. GPTfy masks sensitive data before it ever goes to AI from your Salesforce org, using a fairly complex multi-layered security approach. GPTfy extracts data from your Salesforce objects, whether they are custom, managed package, or standard objects. In this example, GPTfy is extracting data from case and all related emails, activities, case comments, other custom objects, and grandchild-type relationships. Once this information is extracted, GPTfy masks it, which means it will remove sensitive information using a combination of approaches. It will look for fields that contain sensitive information as you have specified. It will take out information that is sensitive from unstructured data and long text fields using regular expressions and other block list approaches. What this does is replace sensitive data with anonymized or masked information so that AI cannot become a source of data leakage. Then this information is sent to your AI running on an infrastructure of your choice — it could be OpenAI on Microsoft Azure, Vertex on Google Cloud, Bedrock on Amazon, or anything else. Once a response is received, GPTfy re-identifies the masked or anonymized data and injects back the information it withheld in Salesforce. Finally, that information is presented to end users. GPTfy also supports automation, so if it needs to update fields — for example, case sentiment, opportunity sentiment, account summary, things like that — it can do that. Since GPTfy is running inside your Salesforce, GPTfy's actions are within the Salesforce security parameters of your org. GPTfy itself is AppExchange security approved, which means every release gets approved by Salesforce AppExchange security. Since GPTfy only works with your AI instance, you can control a hundred percent of the security of whatever AI you're using. GPTfy only connects with instances that you have explicitly configured and authorized. Your AI credentials are accessed from Salesforce's named or external credentials over HTTPS or TLS. Finally, your organization owns and controls 100% of AI security and infrastructure with a provider of your choice. This architecture ensures that you can meet the most stringent compliance, legal, and information security requirements. Here is another look at the broader picture from an enterprise architecture perspective: Salesforce and GPTfy operating within Salesforce security with AppExchange approval. On the infrastructure where your AI resides, you may also have other third party sources. GPTfy does process attachments and applies AI on PDFs. Your organization can control the security for all of that. In addition, GPTfy can pull data from non-Salesforce sources that are OData-compliant using Salesforce's Lightning Connect. The OData security and the security for those external systems is also controlled by your organization. As you can see across the board, whether it is Salesforce data or data coming from external systems, your organization is 100% in control of how security, compliance, and legal requirements are met. GPTfy follows a secure development and release process. GPTfy's publisher Cloud Compliance has been in business for more than four years with a focus on data security and data privacy. Development is on a GitHub private repository, and source code escrow is offered via Codekeeper. Every release is tested internally against a number of regression tests, and significant time is invested to ensure that the release meets requirements and follows the security and best practices that Salesforce recommends. Finally, every new release on AppExchange must be scanned via Checkmarx, and a clean code scan report must be submitted to AppExchange — which means every release of GPTfy you install and any subsequent upgrade you apply will be Checkmarx code-scanned. GPTfy only works with customer dev sandboxes, which do not have any production data. At the end of it, your team deploys to production and the GPTfy team remotely supports your organization. All of this ensures that whether it is installation, integration, implementation, or any other part of bringing Salesforce plus AI to your organization, the GPTfy team is working every step of the way with you, ensuring security and best practices all across the board.