What types of data can GPTfy mask?

GPTfy can mask: SSN, DOB, credit cards, account numbers, email addresses, phone numbers, medical record numbers, driver's license numbers, IP addresses, custom patterns you define. Supports all 18 HIPAA PHI identifiers.

Does data masking require coding?

No. Layers 1-3 (record-level masking, pattern detection, blocklists) are point-and-click configuration. Layer 4 (Apex enforcement) is optional for custom requirements that can't be handled with clicks.

How does GPTfy de-mask data after AI processing?

GPTfy maintains a secure mapping table in your Salesforce org. After AI processes masked data, GPTfy automatically de-masks it before presenting results to the user - only if they have permission to see the original data.

Can I configure different masking rules for different users?

Yes. Masking rules can be configured by: Profile, Role, Permission Set, Record Type, Custom logic (Apex). Example: Doctors see full PHI, billing staff see masked data.

What happens if a user types SSN into a free-text field?

Layer 2 (pattern-based detection) catches it. If a user types 'His SSN is 123-45-6789' in a notes field, GPTfy detects the pattern and masks it to 'His SSN is ***-**-****' before sending to AI.

One Unmasked Field Is All It Takes

Your users are pasting PII into AI prompts right now.

Accidental Exposure

One paste away from a breach

Users copy SSN, DOB, and account numbers into AI prompts every day. One slip and PII is sitting inside an LLM with no way to recall it.

Regulatory Risk

Regulators don't care if it was accidental

HIPAA, FINRA, GDPR, and PCI DSS apply the same penalties whether the leak was deliberate or a careless paste. Unmasked PHI in an LLM is a violation - period.

All-or-Nothing

Block AI or let everything through

The choice between blocking AI entirely or letting everything through and hoping nothing leaks is not really a choice. Neither works. Blocking just pushes users to channels you can't see or control.

What if sensitive data was automatically masked before AI saw it?

GPTfy's Security & Trust Layer applies 4 layers of masking before any data reaches your AI provider. Point-and-click configuration. Zero code for Layers 1-3. Automatic de-masking for authorized users.

4-Layer Data Masking

4 Layers

Of Protection Before AI Sees Anything

16 of 18

HIPAA PHI Identifiers Masked

Zero Code

Required for Layers 1-3

Download Security Datasheet Visit Trust Center

How It Works

Extract → Mask → AI → De-mask → Automate

The Security & Trust Layer masks sensitive data before AI processing, then automatically de-masks results for authorized users.

Step 1

Extract

Pull Salesforce data your user is authorized to see

Step 2

Mask/Anonymize

Replace PII with tokens (John → Person1)

Step 3

AI Processing

AI analyzes masked data only

Step 4

De-mask

Restore original data (Person1 → John)

Step 5

Automate

Show AI insights to user, or update fields/records

✓ AI never sees unmasked PII/PHI. Mapping table stored securely in YOUR Salesforce org. Data extraction honors field-level security.

Security & Trust Layer

Multi-Layer Protection for Every Data Type

Each layer catches different types of sensitive data. Configure all four for maximum protection.

Record-Level Masking

Layer 1

Mask Account Balances, DOB, Policy Numbers Before AI Sees Them

Choose which fields to mask and how - from full redaction to reversible tokenization that preserves AI accuracy - with different rules per role, profile, or record type. No code required.

Real Example

Prompt:"Summarize this case and suggest next steps"

AI Receives:Contact.Phone = "[MASKED]" ... "Customer requesting refund for duplicate charge..."

AI Responds:"Customer disputes duplicate charge. Recommend calling [MASKED] to resolve."

User Sees:"Customer disputes duplicate charge. Recommend calling 555-123-4567 to resolve."

Pattern-Based Detection

Layer 2

Catch Sensitive Data in Free-Text Fields

Even when fields aren't configured for masking, users paste sensitive data into notes, descriptions, and comments. GPTfy scans free-text with pre-built patterns (SSN, credit cards, phone, email, medical record numbers) plus custom regex you define.

Real Example

User Types:Case.Description = "Customer SSN is 987-65-4321, card ending 5678"

AI Receives:Case.Description = "Customer SSN is ***-**-****, card ending ****"

Blocklists & Keywords

Layer 3

Mask Sensitive Terms Before AI Sees Them

Maintain an org-wide list of terms that should never reach AI in plain text - project codenames, product defect codes, military references, competitor names, or any sensitive keyword. Applied to every prompt across your entire Salesforce org. When a match is found, GPTfy masks the term and sends the rest of the prompt through. AI still processes the request, just without the sensitive context.

Real Example

Blocklist:["Project Falcon", "DEF-7291", "military"]

User Writes:"Summarize the Project Falcon status update for the military contract"

AI Receives:"Summarize the [MASKED] status update for the [MASKED] contract"

User Sees:"The Project Falcon status update shows progress on the military contract with..."

Apex Enforcement

Layer 4

Transform Data While Preserving Its Meaning

When simple masking removes too much context for AI to work with, GPTfy lets you apply semantic masking with Apex - changing values while preserving their analytical properties. Shift dates while keeping minors as minors. Vary transaction amounts while maintaining proportionality. Match encryption keys with external systems for cross-system analysis on masked data.

Real Example - Semantic Masking

Scenario:Insurance claim - AI needs to determine if claimant is a minor

Original:Contact.DOB = "03/15/2010" (age 15, minor)

Simple Mask:Contact.DOB = "[MASKED]" - AI can't determine age at all

Semantic Mask:Contact.DOB = "04/02/2010" (age 15, still a minor) - AI correctly applies minor protections

Industry Applications

Masking for Financial Services, Healthcare, Insurance

Each industry has unique PII/PHI requirements. GPTfy masks what regulators care about.

Financial Services (FINRA, SEC)

Mask SSN, account numbers, trading terms
Detect credit card patterns (PCI-DSS)
Blocklist project codenames, deal terms
Enforce Regulation S-P consumer privacy
Role-based: advisors vs. compliance officers

Healthcare (HIPAA, HITECH)

Mask 16 of 18 PHI identifiers
Names, DOB, MRN, addresses, SSN
Catch SSN, MRN pasted into clinical notes
Blocklist gender, orientation, ethnicity terms
Role-based: care providers vs. billing staff

Insurance (NAIC, State Laws)

Mask policyholder PII, policy numbers
Driver's license, bank account patterns
Blocklist settlement terms, liability language
Mask claims history across triage and review
Role-based: agents vs. adjusters vs. underwriters

Explore Zero-Trust Architecture Explore Audit Trails & Governance

Common Questions

Frequently Asked Questions

The questions your compliance and security teams will ask - and the answers that accelerate review.

Raw data stays in Salesforce. Only masked data reaches your AI provider.

GPTfy is a managed package running 100% inside your Salesforce org - no external servers, no data warehouse, no caching layer
Masking happens inside Salesforce before any data leaves
Your AI provider (OpenAI, Azure, AWS Bedrock, etc.) only receives masked tokens
The secure mapping table that links tokens to original values is stored in your Salesforce org - never externally

GPTfy cannot make external API calls unless your Salesforce admin explicitly configures named credentials and remote site settings.

Raw Data Stays in Salesforce. Only Masked Data Reaches AI.

Four layers of protection. Point-and-click configuration. Automatic de-masking for authorized users. Your admin controls every callout.

Visit GPTfy Trust Center Download Security Datasheet

*GPTfy provides technical capabilities to support regulatory requirements. Your organization is responsible for compliance policies and procedures.