Commitment to Security
Ressl AI Security & Data Protection White Paper
1. Introduction
Ressl AI builds AI-powered Salesforce Help Desk agents and administrative assistants designed to enhance productivity while upholding the highest standards of security, privacy, and compliance. This white paper outlines our security architecture, data handling practices, governance, and compliance measures to help enterprise customers evaluate our platform.
Our guiding principles: data isolation, transparency, encryption everywhere, zero data leakage from AI models, and customer control.
2. Governance & Ethical AI
AI Policy & Oversight
AI Governance Committee: Cross-functional team (engineering, legal, security, product) reviews deployments, oversees audits, and ensures compliance.
Responsible AI Officer: Ensures adherence across engineering, operations, and customer-facing teams.
Policy Review: Quarterly updates reflecting regulatory, technological, and customer-driven changes.
Ethical Principles
Transparency: AI-generated decisions are auditable and explainable.
Human-in-the-Loop: AI assists; it does not autonomously execute destructive actions.
Bias Controls: Monitoring and safeguards reduce unintended discrimination.
Reliability: All AI features undergo rigorous validation against accuracy, hallucination, and edge-case performance.
3. Data Architecture & Isolation
Customer Data Boundaries
Each customer’s data resides in separate database schemas or tenants depending on deployment model.
No cross-client data access is possible.
Data Types Stored
Metadata, audit logs, and configuration data only.
No access to Salesforce records containing PII such as contacts, leads, or opportunities.
LLM & AI Data Handling
AI models (Claude Sonnet 4 by default) operate statelessly.
No customer data is retained, logged, or used for training.
A self-hosted LLM option is available for enterprises with stricter controls.
4. Authentication & Access Controls
Salesforce Integration
OAuth 2.0 used with minimal scopes (e.g., Metadata.Read, AuditTrail.Read).
Tokens are encrypted, refreshed securely, and never persist in plain text.
Role-based access, customer-specific API keys, and Salesforce custom permissions enforced.
Slack Integration
Only scoped OAuth permissions required (e.g., app_mentions:read, im:history).
No access outside of approved channels or conversations.
Access Controls
Role-Based Access Control (RBAC) across platform.
Two-Factor Authentication (2FA) for administrative access.
Audit Logs capture every authentication and action.
5. Encryption & Data Security
Data in Transit: Encrypted with TLS 1.3.
Data at Rest: Encrypted with AES-256.
Logs: Sanitized to remove sensitive data before storage.
Data Residency: Support for regional hosting (e.g., India, EU, US).
6. Monitoring, Logging & Incident Response
Comprehensive Audit Trails: All access, AI interactions, and system events are logged with full traceability.
Monitoring & Alerts: Intrusion detection and anomaly detection with real-time alerting.
Incident Response: Defined playbooks to report, contain, analyze, and remediate security incidents.
Customers may export logs and full audit history on demand.
7. Compliance & Vendor Security
SOC 2.
ISO 27001 certified hosting providers.
Continuous Internal Audits: Policy violations trigger investigation, disciplinary actions, and escalation if regulatory exposure exists.
8. Deployment Models & Customer Controls
SaaS (Default): Multi-tenant backend with logical isolation.
On-Premise Option: Full customer control over infrastructure, including AI model hosting.
Customer Rights
Export, delete, or review their data at any time.
Configure data flow and access permissions.
Choose between Anthropic Claude API or self-hosted LLMs (Llama, Mixtral, etc.).
9. Training & Awareness
Annual training for all employees on AI ethics, security, and compliance.
Specialized training for ML engineers on adversarial risks and data sensitivity.
Customer-facing staff trained to interpret AI output responsibly.
10. Summary
Ressl AI delivers enterprise-grade AI automation for Salesforce without compromising on security, compliance, or customer trust.
Key assurances:
Zero customer data retention in AI models
Encryption at every layer (TLS 1.3, AES-256)
Role-based access & full audit logs
SOC 2 & ISO 27001 aligned controls
On-premise option for regulated industries
Our commitment is simple: your data remains your data—secure, private, and fully under your control.
Commitment to Security
Ressl AI Security & Data Protection White Paper
1. Introduction
Ressl AI builds AI-powered Salesforce Help Desk agents and administrative assistants designed to enhance productivity while upholding the highest standards of security, privacy, and compliance. This white paper outlines our security architecture, data handling practices, governance, and compliance measures to help enterprise customers evaluate our platform.
Our guiding principles: data isolation, transparency, encryption everywhere, zero data leakage from AI models, and customer control.
2. Governance & Ethical AI
AI Policy & Oversight
AI Governance Committee: Cross-functional team (engineering, legal, security, product) reviews deployments, oversees audits, and ensures compliance.
Responsible AI Officer: Ensures adherence across engineering, operations, and customer-facing teams.
Policy Review: Quarterly updates reflecting regulatory, technological, and customer-driven changes.
Ethical Principles
Transparency: AI-generated decisions are auditable and explainable.
Human-in-the-Loop: AI assists; it does not autonomously execute destructive actions.
Bias Controls: Monitoring and safeguards reduce unintended discrimination.
Reliability: All AI features undergo rigorous validation against accuracy, hallucination, and edge-case performance.
3. Data Architecture & Isolation
Customer Data Boundaries
Each customer’s data resides in separate database schemas or tenants depending on deployment model.
No cross-client data access is possible.
Data Types Stored
Metadata, audit logs, and configuration data only.
No access to Salesforce records containing PII such as contacts, leads, or opportunities.
LLM & AI Data Handling
AI models (Claude Sonnet 4 by default) operate statelessly.
No customer data is retained, logged, or used for training.
A self-hosted LLM option is available for enterprises with stricter controls.
4. Authentication & Access Controls
Salesforce Integration
OAuth 2.0 used with minimal scopes (e.g., Metadata.Read, AuditTrail.Read).
Tokens are encrypted, refreshed securely, and never persist in plain text.
Role-based access, customer-specific API keys, and Salesforce custom permissions enforced.
Slack Integration
Only scoped OAuth permissions required (e.g., app_mentions:read, im:history).
No access outside of approved channels or conversations.
Access Controls
Role-Based Access Control (RBAC) across platform.
Two-Factor Authentication (2FA) for administrative access.
Audit Logs capture every authentication and action.
5. Encryption & Data Security
Data in Transit: Encrypted with TLS 1.3.
Data at Rest: Encrypted with AES-256.
Logs: Sanitized to remove sensitive data before storage.
Data Residency: Support for regional hosting (e.g., India, EU, US).
6. Monitoring, Logging & Incident Response
Comprehensive Audit Trails: All access, AI interactions, and system events are logged with full traceability.
Monitoring & Alerts: Intrusion detection and anomaly detection with real-time alerting.
Incident Response: Defined playbooks to report, contain, analyze, and remediate security incidents.
Customers may export logs and full audit history on demand.
7. Compliance & Vendor Security
SOC 2.
ISO 27001 certified hosting providers.
Continuous Internal Audits: Policy violations trigger investigation, disciplinary actions, and escalation if regulatory exposure exists.
8. Deployment Models & Customer Controls
SaaS (Default): Multi-tenant backend with logical isolation.
On-Premise Option: Full customer control over infrastructure, including AI model hosting.
Customer Rights
Export, delete, or review their data at any time.
Configure data flow and access permissions.
Choose between Anthropic Claude API or self-hosted LLMs (Llama, Mixtral, etc.).
9. Training & Awareness
Annual training for all employees on AI ethics, security, and compliance.
Specialized training for ML engineers on adversarial risks and data sensitivity.
Customer-facing staff trained to interpret AI output responsibly.
10. Summary
Ressl AI delivers enterprise-grade AI automation for Salesforce without compromising on security, compliance, or customer trust.
Key assurances:
Zero customer data retention in AI models
Encryption at every layer (TLS 1.3, AES-256)
Role-based access & full audit logs
SOC 2 & ISO 27001 aligned controls
On-premise option for regulated industries
Our commitment is simple: your data remains your data—secure, private, and fully under your control.
Commitment to Security
Ressl AI Security & Data Protection White Paper
1. Introduction
Ressl AI builds AI-powered Salesforce Help Desk agents and administrative assistants designed to enhance productivity while upholding the highest standards of security, privacy, and compliance. This white paper outlines our security architecture, data handling practices, governance, and compliance measures to help enterprise customers evaluate our platform.
Our guiding principles: data isolation, transparency, encryption everywhere, zero data leakage from AI models, and customer control.
2. Governance & Ethical AI
AI Policy & Oversight
AI Governance Committee: Cross-functional team (engineering, legal, security, product) reviews deployments, oversees audits, and ensures compliance.
Responsible AI Officer: Ensures adherence across engineering, operations, and customer-facing teams.
Policy Review: Quarterly updates reflecting regulatory, technological, and customer-driven changes.
Ethical Principles
Transparency: AI-generated decisions are auditable and explainable.
Human-in-the-Loop: AI assists; it does not autonomously execute destructive actions.
Bias Controls: Monitoring and safeguards reduce unintended discrimination.
Reliability: All AI features undergo rigorous validation against accuracy, hallucination, and edge-case performance.
3. Data Architecture & Isolation
Customer Data Boundaries
Each customer’s data resides in separate database schemas or tenants depending on deployment model.
No cross-client data access is possible.
Data Types Stored
Metadata, audit logs, and configuration data only.
No access to Salesforce records containing PII such as contacts, leads, or opportunities.
LLM & AI Data Handling
AI models (Claude Sonnet 4 by default) operate statelessly.
No customer data is retained, logged, or used for training.
A self-hosted LLM option is available for enterprises with stricter controls.
4. Authentication & Access Controls
Salesforce Integration
OAuth 2.0 used with minimal scopes (e.g., Metadata.Read, AuditTrail.Read).
Tokens are encrypted, refreshed securely, and never persist in plain text.
Role-based access, customer-specific API keys, and Salesforce custom permissions enforced.
Slack Integration
Only scoped OAuth permissions required (e.g., app_mentions:read, im:history).
No access outside of approved channels or conversations.
Access Controls
Role-Based Access Control (RBAC) across platform.
Two-Factor Authentication (2FA) for administrative access.
Audit Logs capture every authentication and action.
5. Encryption & Data Security
Data in Transit: Encrypted with TLS 1.3.
Data at Rest: Encrypted with AES-256.
Logs: Sanitized to remove sensitive data before storage.
Data Residency: Support for regional hosting (e.g., India, EU, US).
6. Monitoring, Logging & Incident Response
Comprehensive Audit Trails: All access, AI interactions, and system events are logged with full traceability.
Monitoring & Alerts: Intrusion detection and anomaly detection with real-time alerting.
Incident Response: Defined playbooks to report, contain, analyze, and remediate security incidents.
Customers may export logs and full audit history on demand.
7. Compliance & Vendor Security
SOC 2.
ISO 27001 certified hosting providers.
Continuous Internal Audits: Policy violations trigger investigation, disciplinary actions, and escalation if regulatory exposure exists.
8. Deployment Models & Customer Controls
SaaS (Default): Multi-tenant backend with logical isolation.
On-Premise Option: Full customer control over infrastructure, including AI model hosting.
Customer Rights
Export, delete, or review their data at any time.
Configure data flow and access permissions.
Choose between Anthropic Claude API or self-hosted LLMs (Llama, Mixtral, etc.).
9. Training & Awareness
Annual training for all employees on AI ethics, security, and compliance.
Specialized training for ML engineers on adversarial risks and data sensitivity.
Customer-facing staff trained to interpret AI output responsibly.
10. Summary
Ressl AI delivers enterprise-grade AI automation for Salesforce without compromising on security, compliance, or customer trust.
Key assurances:
Zero customer data retention in AI models
Encryption at every layer (TLS 1.3, AES-256)
Role-based access & full audit logs
SOC 2 & ISO 27001 aligned controls
On-premise option for regulated industries
Our commitment is simple: your data remains your data—secure, private, and fully under your control.
We support companies in accelerating Salesforce delivery — completing projects, resolving issues, and documenting changes with speed and precision. Our solutions reduce turnaround time and enable deeper customization without draining internal resources.
We support companies in accelerating Salesforce delivery — completing projects, resolving issues, and documenting changes with speed and precision. Our solutions reduce turnaround time and enable deeper customization without draining internal resources.