Mask PII Before AI Sees It

Raw data stays in Salesforce. Only masked data reaches your AI provider. GPTfy is a Salesforce-native managed package - orchestration happens inside your Salesforce org, no external servers, no data warehouse, no caching layer. Masking happens inside Salesforce before any data leaves. Your AI provider (OpenAI, Azure, AWS Bedrock, etc.) only receives masked tokens. The secure mapping table that links tokens to original values is stored in your Salesforce org - never externally. GPTfy cannot make external API calls unless your Salesforce admin explicitly configures named credentials and remote site settings.

Usually no. Most AI tasks - sentiment analysis, case classification, email summarization - work perfectly with masked data. AI doesn't need a real customer name to detect a frustrated tone. When context matters: Some tasks need the data's meaning without the actual values. GPTfy's semantic masking (Layer 4, Apex) preserves analytical properties - shifting dates while keeping minors as minors, varying amounts while maintaining proportionality - so AI gets the context it needs without ever seeing real PII.

Layer 2 (pattern-based detection) catches it automatically. Example scenario: User types 'Customer SSN is 123-45-6789, card ending 5678'. GPTfy detects SSN pattern (XXX-XX-XXXX) and credit card pattern. AI receives 'Customer SSN is ***-**-****, card ending ****'. This is why Layer 2 is critical: Even if users accidentally paste PII into notes or comments, GPTfy masks it before AI sees it.

Two layers of protection. First: You can configure zero data retention with your AI provider, so prompts and responses are never stored on their side. Microsoft Azure, Amazon AWS, and Google Cloud Platform (GCP) all support this for their common AI models. Second: Even if data was retained, GPTfy's masking layer ensures what was sent contained only masked tokens - no raw PII or PHI. The mapping table that links tokens to real values lives in your Salesforce org, not with the AI provider. In the unlikely event of a breach investigation, complete audit logs show exactly what data was sent, when, and by whom.

You don't have to - GPTfy fully respects the Salesforce Security Model your admin already configured. GPTfy runs in the context of the logged-in user. That means profiles, permission sets, field-level security, encrypted fields, record types, sharing rules, and role hierarchy all apply automatically. A compliance officer sees more than a sales rep - the same way they do in Salesforce today. On top of that, GPTfy adds granular control: prompts are assigned to profiles, so admins decide which fields are extracted in each data context mapping and which prompts a given user can run.

All of them. GPTfy masking works across every Salesforce edition and industry cloud: Core clouds (Sales Cloud, Service Cloud, Experience Cloud including communities and portals) and Industry clouds (Financial Services Cloud, Health Cloud, Manufacturing Cloud, Automotive Cloud, Communications Cloud, Education Cloud, Nonprofit Cloud, Consumer Goods Cloud). Field compatibility: Masking applies to standard fields, custom fields, and fields from third-party managed packages. If a field exists in your org and is accessible via standard Apex/APIs, GPTfy can mask it. Experience Cloud: Masking is also enforced when prompts or AI-generated output are exposed through communities pages.

GPTfy can mask SSN, DOB, credit card numbers, bank account numbers, email addresses, phone numbers, IP addresses, medical record numbers, driver's license numbers, custom patterns you define (any regex), and blocklisted keywords (project codenames, competitor names, sensitive terms). HIPAA: GPTfy masks 16 of the 18 HIPAA PHI identifiers. Biometric identifiers and full-face photographs are not currently supported. Salesforce field coverage: Works across all standard field types - text, long text area, rich text, phone, email, URL, picklist, and custom fields.