Gusto, founded in 2011, employs 2,400 people, has raised more than $650M in funding, and serves more than 300,000 businesses, processing tens of billions of dollars in payroll.
Challenge
Gusto sought to enhance customer support efficiency by integrating an LLM-powered API into their Salesforce system. However, this integration created significant security concerns since customer support tickets frequently contained sensitive personally identifiable information (PII) and protected health information (PHI).
The core risk was clear: sending unfiltered support ticket data to an external LLM provider could expose customer PII and PHI, violating data privacy obligations and regulatory requirements.
Solution
Gusto adopted the Formal HTTP Connector as an intermediary between their Salesforce instance and the LLM provider's API. The Formal Connector utilizes machine learning with an Open-Policy-Agent-powered engine to identify and dynamically mask sensitive data within customer support tickets in real-time, preventing data leakage.
The ML model continuously learns from hundreds of thousands of processed requests, improving its detection capabilities over time.
Implementation timeframe: 5 days, including proxy setup, configuration, policy creation, and instant masking.
"Formal Satellites simplified ensuring any PII or PHI entities between Salesforce and our LLM provider were automatically detected and masked, without needing detailed data structure knowledge."
— Ian Wardell, Data Privacy Lead at Gusto
"With Formal, we quickly set up automated data protection in complex scenarios, allowing our Privacy Security team to agilely support business needs."
— Justin Collins, Head of Security at Gusto
Results
Gusto's Formal HTTP proxy implementation successfully processed hundreds of thousands of requests, securely masking sensitive data in real-time while maintaining comprehensive audit logs. This advancement enabled Gusto to confidently adopt advanced AI for customer support while maintaining top-tier data security without sacrificing efficiency.
- Hundreds of thousands of requests processed with real-time PII/PHI masking
- Comprehensive audit logs maintained for all data interactions
- Confident adoption of AI-powered customer support
- Top-tier data security preserved without sacrificing operational efficiency
- 5-day deployment from start to finish
Products and Features Used
- Formal HTTP Connector: intermediary proxy between Salesforce and LLM provider
- ML-powered data masking: automatic detection and masking of PII/PHI
- Open Policy Agent engine: policy-driven enforcement of data protection rules
- Real-time PII/PHI detection: continuous scanning of support ticket content
- Audit logging: comprehensive logs of all data access and masking events