How does the Security & Trust Layer mask data?

Every field is reviewed against your masking rules before anything reaches AI. Four layers: (1) Field value - replace sensitive fields with tokens. (2) Regex - detect and mask PII across structured and unstructured data. (3) Blocklists - remove restricted terms that should never reach AI. (4) Custom Apex - your own masking, tokenization, or encryption logic. All configurable through point-and-click.

Can we control which AI models users access?

Completely. Each prompt is configured once - with specific fields, data access rules, and an AI model - then assigned to one or more Salesforce user profiles. Your admin controls exactly who can run what, with which data, on which model.

Are hyperscaler data retention policies respected?

Fully. GPTfy calls your AI provider's API directly - Azure OpenAI, AWS Bedrock, Google Vertex - so all hyperscaler-level controls apply. Zero data retention configured on Azure? It applies to every GPTfy prompt. Content filtering, abuse monitoring, regional policies - all respected as per your infosec policies.

Is GPTfy compatible with Salesforce Shield?

Yes. GPTfy runs as a managed package inside your org, so it inherits your Shield implementation. Platform Encryption, Event Monitoring, and Field Audit Trail all work as configured.

What's in your security review packet?

AppExchange security approval documentation, Checkmarx SAST scan results, SOC 2-equivalent trust packet, shared responsibility matrix, data governance and access control policies, and incident response procedures. Available at gptfy.ai/trust-center.

Deploy AI Without Exposing New Attack Surface

Your security team has enough on their plate.

6+ Months

The queue never ends

Every team wants AI deployed yesterday. Every new AI tool means another round of vendor questionnaires, data flow maps, compliance certifications, and legal review. The backlog keeps piling up while the rest of the organization waits.

Sprawling Surface

More vendors, more painstaking work

Every external API, data copy, and vendor server is another point to monitor. More risk registers. More pen tests. More incident response plans. Tedious, repetitive work that multiplies with every vendor.

Shadow AI

Reviews drag on, ChatGPT doesn't wait

While reviews sit in the queue for months, your reps and agents are already using uncontrolled AI. The longer the backlog, the bigger the shadow AI risk - and that creates even more work to clean up.

What if AI ran on infrastructure you've already secured?

GPTfy's Security & Trust Layer runs inside your Salesforce org and connects to your AI provider - Azure, AWS, or Google Cloud. No new vendors to validate. No new infrastructure to audit. Your security team wraps up in days, not months.

“There are quite a few third-party providers trying to do that, and all of them need me to send them accounts to a separate system. I'm not a big fan of that at all. This helps me to keep everything in Salesforce.”

- CTO, Enterprise Debt Collection and Financial Services

Zero-Trust Architecture

Zero

External Data Centers

4 Layers

Data Masking Before AI Sees Anything

Days

Not Months to Clear Review

Download Security Datasheet Visit Trust Center

Three-Tier Architecture

How It Works

Everything runs in your controlled environment. Your IT team stays in control.

Frontend Layer

Your M365 / Salesforce UI

Microsoft Copilot (optional)
Salesforce Lightning
Mobile Apps
Your SSO / Entra ID
Conditional access policies

Security & Trust Layer (GPTfy)

Inside YOUR Salesforce Org

Managed package in YOUR org
4-layer data masking
Prompt injection detection
Audit trails & e-discovery
Bias detection & toxicity filtering
Admin-controlled callouts

AI Backend (BYOM)

Your AI Infrastructure

Azure OpenAI
AWS Bedrock
Google Vertex AI
Anthropic Claude
Your on-premise AI

✓ GPTfy cannot make external callouts unless your Salesforce Admin explicitly configures them via named credentials.

What This Means For Your Team

Why Security Reviews Close in Days

When your security team asks “where does our data go?” - the answer is simple.

Raw Data Stays in Salesforce

Only masked data reaches your AI provider. 4-layer masking before any data leaves Salesforce. AES-256 at rest, TLS 1.2+ in transit. Zero data retention. Built for SOC 2, HIPAA, FINRA, PCI DSS, and GDPR.

100% Salesforce-native managed package

No third-party data infrastructure

AppExchange Security Reviewed

Explore 4-Layer Data Masking

Your Admin Controls Every Callout

Every external connection is configured through Salesforce named credentials. GPTfy cannot make outbound calls unless your admin explicitly authorizes them. Field-level security and granular per-user permissions.

No unauthorized external callouts

Admin configures AI endpoints

Standard Salesforce profile management

Explore Audit Trails & Governance

Your Existing Contracts Apply

BYOM means your Azure EA, AWS EDP, or GCP agreements cover AI costs. Your BAA, DPA, and compliance certifications carry through. No new vendor risk assessment.

Use your negotiated hyperscaler pricing

Choose data residency (US, EU, APAC)

Switch AI providers without rebuilding

Explore Bring Your Own Model

Bring Your Own Model

Use Your AI Infrastructure - Not Ours

Connect GPTfy to YOUR AI provider and LLM. You control where data flows, which models process it, and how it's secured.

No Vendor Lock-In

Switch from OpenAI to Claude to Bedrock without rebuilding. GPTfy adapts to your AI choices.

Your Contracts

Use existing Azure EA, AWS EDP, or GCP committed spend. Your negotiated pricing, not ours.

Data Residency

Choose Azure US East, AWS Frankfurt, GCP Singapore. Your compliance needs, your choice.

Full Transparency

Know exactly which model version processes your data. No opaque platform updates.

Azure OpenAIAWS BedrockGoogle Vertex AIOpenAIAnthropic ClaudeCohereDeepseekYour On-Premise AI

Questions From CISOs and Security Teams

Frequently Asked Questions

The questions your security team will ask - and the answers that accelerate review.

No. GPTfy is a managed package inside your Salesforce org. Your data remains in your infrastructure at all times - only a masked, sanitized version is transiently sent to your AI infrastructure for processing. Zero GPTfy servers. Zero caching. Zero data copies.

Your Data Never Leaves Your Infrastructure

Clear security review in days, not months. GPTfy's Security & Trust Layer runs inside your org. Your admin controls every callout.

Visit GPTfy Trust Center Download Security Datasheet

*GPTfy provides technical capabilities to support regulatory requirements. Your organization is responsible for compliance policies and procedures.