Governance & Compliance

PII de-identification, tiered security controls, enterprise-grade encryption, de-identification rules, and comprehensive audit trails

shield

Overview

Enterprise AI adoption is blocked by security and compliance concerns more than any other factor. OpenRails addresses this head-on with governance controls that are built into the platform core — not bolted on as an afterthought. From PII de-identification to five-tier security levels, enterprise-grade encryption, and complete audit trails, OpenRails provides the controls that security teams, compliance officers, and regulators require.

Key Value: OpenRails is the only AI platform in its class that offers PII de-identification, tiered security levels, and enterprise-grade encryption as standard features. These are not premium add-ons — they are available in every deployment.

person_off

PII De-Identification

How It Works

Before any text is sent to an LLM, the PII de-identification engine scans for and removes or masks personally identifiable information. This includes names, email addresses, phone numbers, Social Security numbers, credit card numbers, and custom patterns defined by your organization.

De-identified text is sent to the LLM, and the response is re-identified (where appropriate) before being shown to the user. This ensures LLM providers never see raw PII data.

Configurable Rules

Organizations define their own de-identification rules to match their compliance requirements. Rules can be customized per project and tuned to detect the specific types of sensitive data your industry cares about.

Detect and redact personal identifiers (names, emails, phone numbers, SSNs)
Define custom patterns for industry-specific data (employee IDs, account numbers, medical codes)
Apply different rule sets to different projects based on sensitivity

lock

Tiered Security Controls

OpenRails supports multiple configurable security tiers — from broadly accessible content through to highly restricted materials. Each tier can enforce different rules for:

Access Control
Who can view, search, and interact with content at each tier

LLM Routing
Whether content can be processed by cloud models or must stay on local infrastructure

De-Identification
Which PII scrubbing rules apply before content enters AI workflows

Audit Requirements
Level of logging and compliance tracking for each tier

Fully customizable: Organizations define their own tier labels and policies to match existing classification schemes. OpenRails adapts to your security model — not the other way around.

How It Works: Each document, collection, and project can be assigned a security level. The system enforces controls automatically — a Level 3 document will never be sent to a cloud LLM, regardless of the user's request.

enhanced_encryption

Encryption

All data is encrypted at rest with enterprise-grade encryption. Keys can be rotated without system downtime.

vpn_key

Key Rotation

Rotate encryption keys seamlessly without re-encrypting all data or taking systems offline.

security

Data Protection

Enterprise-grade encryption protects all stored data including documents, embeddings, and credentials.

verified_user

Compliance Ready

Built to support your compliance programs with enterprise-grade controls.

receipt_long

Audit Trails

Every action in OpenRails is logged with an immutable audit trail. This includes user authentication, document access, AI queries, agent executions, tool invocations, configuration changes, and administrative actions.

What Is Logged

User identity and session details
Timestamp and action type
Resources accessed (documents, collections, projects)
AI queries and responses (with PII de-identified)
Agent workflow execution steps and decisions
Tool invocations and external API calls
Configuration and permission changes

Audit Features

Immutable log storage (append-only)
Searchable and filterable via UI and API
Exportable for external SIEM integration
Retention policies per security level
Real-time alerting for suspicious patterns
Compliance report generation

lightbulb

Use Cases

local_hospital

Healthcare

Healthcare organizations use PII de-identification and tiered security to handle sensitive patient data

account_balance

Financial Services

Financial institutions leverage audit trails and encryption for regulatory compliance

military_tech

Government & Defense

Air-gapped deployment with Level 4 security and local LLMs for classified workloads

Related Feature Sheets

AI Chat — how governance controls apply to chat
Agent Orchestration — Human-in-the-Loop approval gates and budget controls
MCP Integration — tool access controls and approval workflows