Benefits for Compliance Officers

Enterprise AI with built-in governance, PII protection, data classification, audit trails, and encryption—designed for regulated industries.

PII De-Identification Pipeline

OpenRails includes a dedicated pipeline for detecting and redacting personally identifiable information before it enters the knowledge base or is exposed in responses.

1. Detection

Configurable PII detectors scan ingested content for names, email addresses, phone numbers, social security numbers, credit card numbers, and other sensitive patterns.

2. Classification

Each detected PII instance is classified by type and confidence score. Low-confidence detections are flagged for human review.

3. Redaction

PII is redacted, masked, or tokenized based on your governance policy. Original values can be stored in a separate secure vault if reversible de-identification is required.

4. Audit

Every detection and redaction action is logged with timestamp, entity type, confidence, and action taken—creating a complete audit trail.

Important: PII pipelines should be configured and tested with your compliance team before processing production data. Detection rules are customizable to match your organization's specific PII definitions.

Data Governance Levels

Every piece of content in OpenRails is assigned a security tier. This classification governs who can access what, at every layer of the system — from open access through to highly restricted.

        Configurable tiers: Organizations define their own security tiers to match existing classification schemes — from broadly accessible content through to highly restricted materials requiring executive clearance.
      

        Enforcement is pervasive: Security tiers are enforced at the document, collection, agent, API, and chat response levels. Users only see content matching their clearance — even in AI-generated responses that draw from your knowledge base.
      

Audit Trails

Comprehensive logging captures every significant action in the system for compliance review and forensic analysis.

User actions: Login, document upload, chat queries, agent executions, configuration changes
System events: Document ingestion, PII detection, security level changes, connector operations
Agent activity: Every tool call, LLM interaction, decision point, and output is recorded with full context
Access logs: Who accessed what content, when, and from where
Retention policies: Configure how long audit logs are retained based on your regulatory requirements

On-Premise Deployment

For organizations in regulated industries, on-premise deployment ensures no data leaves your controlled environment.

Complete Data Sovereignty

All data—documents, embeddings, chat logs, agent outputs—resides on your infrastructure. No cloud dependency required.

Air-Gap Capable

Run with local AI models for fully air-gapped environments with zero external network access.

Your Security Perimeter

Integrate with your existing network security, firewalls, VPNs, and identity providers.

Encryption

All data is encrypted at rest with enterprise-grade encryption. Key rotation is supported without system downtime.

In transit: TLS 1.2+ for all API and real-time communication
At rest: Strong encryption for all stored documents, embeddings, and logs
Key management: Integration with HSM and cloud KMS providers
Key rotation: Automated rotation schedules with zero-downtime key transitions

Prove Your Security Works

OpenRails evaluation framework goes beyond testing AI quality — it can verify your security boundaries are enforced through the AI layer. Run evaluations as a specific user or permission level to confirm that restricted content never appears in AI responses.

Auditor-ready: Generate evidence that your access controls hold end-to-end, including through LLM-generated responses. Schedule these evaluations to run automatically and flag any violations immediately.