Privacy and Security

Key Business Use Cases: Privacy & Security

Privacy

Encrypted data at rest and in transit
All data whether in transit or at rest is encrypted. During transit we use TLS 1.2 and at rest we use AES-256 bit encryption. Data retention policies can be customized at the PDE level, so customers have full control and ability to customize data storage as fits their use cases.

Least access rights
For privacy compliance we make sure that only certain people have access to certain environments based on their role. Roles-based privilege can be determined differently on a per-customer basis.

Provider flows
These are Flows that contain credentials to third party systems. Regular Flows that call these systems (e.g. Salesforce) have an authentication step that does not reveal any system-level authentication credentials; those are obfuscated by the Provider Flows, thus preventing the wrong people from having access to that information.

Masking PII
We can redact PII in live conversations and generated transcripts using traditional redaction NLP, regex, and LLMs. We can also mute recordings and their corresponding transcripts on an utterance by utterance basis via our native voice stack.

Security

Security overview
OneReach.ai works with customers with the strictest data security and compliance requirements including those from the medical, insurance, and government industries. If there are specific security or compliance needs we can customize the account to match your specifications.

Security certifications
GDPR
AICPA SOC 2/audit
CAN-SPAM
CCPA
CASL
HIPAA

End user authentication support
Voice biometrics, Device biometrics, MFA, Silent Auth, Active Directory (Azure AD), AWS SSO, Duo SSO, Adaptive SSO, LastPass SSO, LDAP, OAuth2, Okta SSO, OneLogin SSO, OpenID Connect, RSA SecurID, SecureAuth Identity Platform, Symantec VIP Access

Security documentation
Since OneReach.ai offers Private Dedicated Environments with hyper-personalized client security, we have both robust security documentation and security professionals on staff to support any security needs the client may have.

Secure data access
Private multi-tenant architecture ensures that while resources are shared, data access remains secure and compliant with organizational policies and regulations. Sensitive information is safeguarded, and access is strictly controlled based on roles and needs. Each team operates within its own private tenant space, ensuring that their development activities and data are isolated from others. This separation is crucial for security, privacy, and preventing unintended interactions between different AI skills.

Compliance

PII masking
Support to anonymization/obfuscation/masking of sensitive data such as personally identifiable information, protected health information or payment card information by appropriate data security means such as redaction, tokenization, encryption or a similar approach.

Secured financial transactions
Secure customer identification and tracking.

Explainability and Auditability

Enterprise-grade explainability
The explanation from the AI agent can be logged to enterprise data archives and made available for audit. Explainability includes tracking prompts submitted to LLMs, whether user identity has been confirmed, tracing role-based access, and capturing confidence scores associated with deterministic models.

Real-time explainability tracking provides visibility into decisions made, actions executed, tool calls, reasoning steps, outcomes, latency and response times, token usage, escalation rates, and external source citations.

GSX offers detailed traceability of agent logic, enabling both technical and business users to review decision pathways, rationale, and contributing factors that lead to each outcome, delivering the reliability and transparency required for mission-critical enterprise applications.

Comprehensive audit and logging trails
GSX maintains detailed logs that capture all agent activities and execution events. This includes:

• Decision attribution: Capturing the specific logical steps and reasoning chains an agent follows
• Data provenance: Tracking which information sources, whether through RAG or direct system integration, influence a specific agent decision
• Action tracking: Recording every system invocation, API call, and external integration each agent performs

Distributed tracing and real-time observability
GSX provides advanced observability capabilities that deliver transparency across complex, multi-agent workflows:

• Context flow monitoring: Following the movement of context and data across agents and system components to identify where processes deviate from intended logic
• Real-time telemetry: Monitoring agent behavior patterns, system health, and compliance events as they occur, enabling immediate intervention
• OpenTelemetry integration: Support with open-source observability standards to track performance, reliability, and risk across heterogeneous enterprise environments

Human-in-the-Loop oversight
GSX embeds human oversight directly into operational workflows, ensuring accountability and controlled automation:

• Tiered oversight: Enabling designated users to monitor, validate, and intervene in automated processes as they run
• Correction logs: Recording human overrides and adjustments, which can be used to improve future agent performance
• Escalation auditing: Documenting every instance in which an agent hands off a task to a human, providing visibility into escalation patterns and confidence thresholds

Deterministic guardrails over probabilistic models
GSX enforces auditable behavior by layering deterministic control logic over LLM-driven processes at runtime:

• Policy enforcement: Defining and enforcing strict policies governing agent behavior, model usage, and data access
• Response enforcement: Requiring all LLM-generated outputs to pass through a governance plane that validates responses against enterprise compliance and safety rules before delivery

Built-in versioning and rollback
To support compliance, governance, and operational resilience, GSX includes built-in version control and recovery mechanisms:

• Change logs: Maintaining a complete, auditable history of updates to agent configurations, prompt templates, and workflow logic
• Safe rollbacks: Enabling immediate reversion to a previously audited and approved agent state if unintended behavior is detected in production

Agent Reasoning: Transparency and Observability

Advanced judgment and trade-off reasoning
GSX agents are designed to handle complex decision-making involving trade-offs and uncertainty. They routinely make judgment calls across multi-step processes and provide clear justifications for their choices.

Chain of Thought (CoT)
Agents built in GSX use Chain of Thought reasoning to break complex problems into intermediate steps that can be processed sequentially. This task-based approach makes it easy to identify where an agent may deviate and correct issues efficiently.

Transparent Chain-of-Thought Reasoning
OneReach.ai GSX supports chain-of-thought reasoning and explainable AI, enabling agents to clearly articulate the step-by-step logic and underlying data behind every decision.

Transparent, contextual decision framework
Agents in GSX can evaluate multiple options, access real-time enterprise data, and leverage explainable reasoning frameworks to ensure every action is both goal-optimal and justified to stakeholders.

What sets GSX apart is its robust stateful memory, native support for advanced orchestration protocols like MCP, and visual tools for configuring decision logic. Built-in auditability and observability ensure that complex decisions take into account relevant data, prior conversation history, and contextual factors.

Access Controls

Least access rights
For privacy compliance we make sure that only certain people have access to certain environments based on their role. Roles-based privilege can be determined differently on a per-customer basis.

Hyper-customized access control
Solution access can be configured in multiple ways based on the solution that is designed, configured and implemented on the OneReach.ai platform. We have supported everything from ID/Password, multiple SSO implementations, PIN/Passcodes, biometrics, etc.

Departmental access management
Each department has control over its domain of knowledge. GSX provides access management that reflects organizational structures and permissions accurately. For example, HR policies should be managed by HR professionals, not by team members in Sales. Similarly, pricing information should be under the purview of relevant financial or sales departments.

GUI admin controls
OneReach.ai has a built in advanced admin controls GUI for all aspects of the platform. User roles and configurations are all easily managed and governed from simple GUIs within the “Action Desk” module of the OneReach.ai platform. As an additional access control, each flow offers unique password protection in addition to standard role assignment.