Article · Internal Copilots
Secure AI features for SaaS products
Shipping AI features in a multi-tenant SaaS product without exposing one customer's data to another — or to the LLM provider.
Shipping AI features in a multi-tenant SaaS product without exposing one customer's data to another — or to the LLM provider.
Shipping AI in multi-tenant SaaS is harder than it looks
AI features in a SaaS product have to satisfy three audiences at once: your end users (the feature should be useful), your customers (their data should stay theirs), and your security reviewers (the data flow needs to be defensible). Most "we added AI" launches optimize for the first and discover the other two later.
A defensible shape
- Tenant isolation in your application. Each request only ever reads data the calling tenant owns.
- Masking at the gateway. Whatever data you do send gets substituted before it leaves your perimeter.
- No body retention. Observability captures metadata, not prompts or responses.
- BYOK option. Customers who want to control the underlying provider relationship can provide their own key, encrypted at rest.
- Honest claims. Tell prospects what the gateway does, what it does not do, and where your own controls take over.
What to say in a security review
- Customer data in AI prompts is masked into deterministic placeholders before being forwarded to the model provider.
- The mapping between raw values and placeholders is held in memory for the duration of a single request and discarded after the response is rehydrated.
- Prompt and response bodies are not persisted by the gateway. Request metadata (model, latency, masked-entity counts) is recorded for operational purposes.
- Provider credentials, when supplied via BYOK, are encrypted at rest with AES-GCM.
- Gateway API keys are stored as SHA-256 hashes.
What not to claim
Privian's beta does not claim HIPAA, SOC 2, or PCI compliance, and your product should not piggyback on certifications Privian does not hold. It also does not currently defend against prompt injection or jailbreak attempts. Be precise about scope.
How Privian fits
Privian provides the masking, routing, and credential layer for the AI features in your SaaS. Your application stays in charge of tenancy and product logic. See AI Features for SaaS for the worked example.
Written under our editorial principles: implementation-grounded, honest about limitations, educational first.
Try Privian during beta
Protect prompts before they reach GPT, Claude and other models.
BYOK · Zero retention · Provider-agnostic. Privian is currently in beta — pricing and limits may change.
FAQ
Frequently asked questions
- How do I keep tenant A's data out of tenant B's prompts?
- Tenancy is your application's job — only fetch the data the requesting tenant owns. The gateway protects against a different risk: that whatever you do fetch gets exposed to the model provider.
- What do I tell prospects about how their data is handled?
- If you use Privian: customer data is masked before it reaches a third-party model, the gateway does not persist prompt or response bodies, and provider credentials are encrypted at rest. Avoid claiming HIPAA, SOC 2, or PCI compliance unless you have your own attestation.
- Can I let customers bring their own provider key?
- BYOK at the customer level is application-specific — your product would need to surface it. Privian supports BYOK at the account level today and stores credentials encrypted with AES-GCM.
More articles
Continue reading
Internal Copilots
How to build secure internal copilots
A reference architecture for internal copilots that lets employees query LLMs without exposing customer or employee data to the provider.
Prompt Privacy
What is prompt privacy?
A definition-first explainer for prompt privacy: reducing prompt-level exposure before data reaches AI models, and how it differs from data privacy, AI security and governance.
Prompt Privacy
Prompt privacy vs. AI security
Two related but distinct disciplines. Prompt privacy reduces what reaches the model; AI security is the broader program around it. A side-by-side, layered-control framing.
