Frequently Asked Questions

Shadow AI is AI tools (like ChatGPT, Claude, Gemini) that employees use without IT/compliance approval or governance. You should care because: (1) it creates compliance violations (HIPAA, SOC 2, data protection), (2) sensitive data is being shared with external systems you don't control, and (3) you have zero visibility into what's being shared. Research shows 70%+ of organizations have shadow AI, with 40-60% of users pasting sensitive data.

Blocking AI tools doesn't work — staff find workarounds or use personal devices. We take a different approach: eliminate shadow AI by replacing it with something better. You get a governed AI platform with PHI/PII protection, multi-model access (GPT-4, Claude, Gemini), complete audit trails, and compliance controls. Users adopt it because they gain capability, not because they're forced to.

It's a 5-7 day discovery process: (1) anonymous staff survey about AI tool usage, (2) IT infrastructure review (network logs, SaaS spend analysis), (3) credit card review to find AI subscriptions, (4) department interviews to understand workflows, and (5) risk assessment mapping PHI/PII exposure. You get a detailed report showing all shadow tools discovered, risk ratings, use case analysis, and a recommended governance roadmap.

Typical timeline: Week 1 = Shadow AI discovery, Weeks 2-3 = Platform setup and SSO integration, Weeks 4-9 = 6-week pilot with 20-50 users, Weeks 10-13 = Enterprise rollout. Total: 90 days from discovery to org-wide governed AI adoption. The pilot validates ROI before you commit to full deployment.

Yes. We maintain BAAs with all major AI model providers (OpenAI, Anthropic, Google) on your behalf. PHI protection scans every prompt before it reaches AI models, blocking or redacting protected data. All interactions are logged for audit compliance. We support HIPAA Security Rule requirements: access controls, audit logs, encryption in transit and at rest.

Our platform is SOC 2 Type II certified. We provide the controls you need for your own SOC 2 audit: audit logging, access controls, data protection, and vendor management. Multiple customers have passed SOC 2 audits with our platform as part of their AI governance controls.

Real-time scanning before prompts reach AI models using pattern matching, contextual analysis, and configurable custom patterns. When sensitive data is detected: (1) block the prompt entirely (strict mode), (2) redact sensitive portions and send the rest (balanced mode), or (3) alert but allow (monitoring mode). Detection accuracy typically exceeds 95% in validation testing.

No. Our BAAs with AI providers explicitly prohibit training on customer data. This is different from free consumer versions of ChatGPT/Claude which may use inputs for training. All interactions go through enterprise API tiers with contractual data protection guarantees.

We recommend a three-layer approach: (1) Communicate that the governed AI platform is the approved tool (policy), (2) Make it easier to use the governed platform than shadow tools (enablement beats enforcement), (3) Monitor for shadow AI usage (network monitoring, SaaS spend review). Most organizations see 100% elimination within 90 days.

All major models through a single platform: OpenAI (GPT-4, GPT-4 Turbo, GPT-3.5), Anthropic (Claude 3.5 Sonnet, Claude 3 Opus), Google (Gemini Pro, Gemini Ultra), Meta (Llama 3). You can switch models mid-conversation to compare responses.

Yes. You can create custom prompt templates, approved use case libraries, and department-specific configurations. Examples: Revenue cycle gets appeal letter templates, Legal gets contract review workflows, HR gets recruiting templates with bias checking.

Complete audit trail: user, timestamp, model used, prompt (full text), response (full text), sensitive data detected. Reports available: usage by department, user, time period; sensitive data exposure attempts; most common use cases; ROI metrics. Logs are exportable for compliance audits.

SSO integration: Active Directory, Okta, Azure AD, Google Workspace, OneLogin. API access for custom integrations. Chrome extension for in-browser AI access. Slack bot for team AI workflows. SIEM integration for security monitoring. Most customers are up and running with SSO within 2-3 days.

Enterprise pricing is based on number of users and usage volume. Typical mid-market company (100-500 employees): $40K-80K annually. This replaces $15K-40K in shadow AI subscriptions + eliminates compliance risk + delivers 3-8X ROI in productivity gains. We recommend starting with a 6-week pilot to validate ROI.

Our customers report 3:1 to 8:1 ROI in the first year. ROI sources: (1) Time savings (3-6 hours saved per week per user), (2) Shadow AI cost elimination ($15K-40K annual savings), (3) Compliance risk reduction, (4) Revenue impact (faster appeals, better proposals). Pilot programs validate ROI before full deployment.

We don't offer self-service free trials because implementation requires discovery, SSO integration, and PHI/PII configuration. Instead, we offer a Shadow AI Risk Check followed by a 6-week paid pilot with 20-50 users. The pilot validates ROI and proves value before enterprise deployment.

Minimal. Admin training: 2 hours. End user training: 30-60 minutes. Most users familiar with ChatGPT are productive immediately. We provide training materials, recorded sessions, and office hours during rollout.

Implementation: Dedicated customer success manager through 90-day deployment. Ongoing: Email/chat support (4 hour response), monthly governance reviews, quarterly business reviews. Enterprise plans include Slack/Teams channel, custom integration support, and named technical account manager.

Yes, and we recommend it. Typical pilot: 20-50 users, 6 weeks, includes discovery + platform setup + user training + results measurement. After pilot success, most organizations roll out org-wide within 30 days.

We build custom features for enterprise customers. Examples: custom sensitive data patterns, department-specific workflows, custom integrations (EHR systems, billing platforms, CRM), and advanced reporting. Enterprise plans include quarterly product roadmap input.

Healthcare gets: HIPAA-specific PHI detection patterns, BAAs with all AI model providers. Other industries get industry-specific configurations: Financial Services (PII + SEC), Legal (attorney-client privilege), Tech (IP/code + SOC 2). Core platform is the same; compliance frameworks adapt.

We work with organizations from 25 to 5,000+ employees. Sweet spot is 100-1,000 employees in regulated industries. Smaller orgs benefit from faster deployment, higher relative ROI, and simpler governance. Pricing and implementation complexity scale to org size.