Security built into every automation
OpFlow uses TrustLayer, our purpose-built de-identification system, to strip personal information from your data before it enters any AI model. Every automation we build is designed with your privacy as the default.
Three pillars of data protection
De-identification by default
Personal information is detected and replaced with secure tokens before your data reaches any AI system. The AI works with anonymised data and never sees the original values.
Encrypted at rest
Token maps that link anonymised data back to originals are encrypted with AES-256-GCM and stored in a dedicated database. They expire automatically after a configurable period.
Full audit trail
Every de-identification and re-identification event is logged with an immutable audit entry. You receive processing reports showing exactly what was detected, when, and in which automation.
How TrustLayer works
When an automation flow needs to send your data to an AI model, TrustLayer intercepts the data, identifies personal information, replaces it with secure tokens, and only then passes it to the AI. After processing, TrustLayer restores the original values.
Your data enters the automation
A form submission, email, document, or record triggers your automation flow. The data contains personal information: names, email addresses, phone numbers, and more.
TrustLayer scans and de-identifies
Before the data reaches any AI, TrustLayer detects personal information using pattern matching tuned to your industry. Each piece of PII is replaced with a unique token. The original values are encrypted and stored securely.
AI processes anonymised data
The AI model receives only the tokenised version. It can analyse, categorise, summarise, or respond without ever seeing real personal information.
Original values are restored
After AI processing, TrustLayer replaces the tokens with the original values. The final output is complete and accurate, and the AI never had access to the real data.
Please review the account for Sarah Chen ([email protected], 0412 345 678). Her ABN is 51 824 753 556.
Please review the account for [PERSON_1] ([EMAIL_1], [PHONE_1]). Her ABN is [ABN_1].
What TrustLayer detects
TrustLayer includes detectors for the most common types of personal and sensitive information in Australian business data.
Detection profiles are tailored to your industry. A finance client has different sensitivity requirements to a health practice or a retail business.
Our data commitments
- AI never sees raw personal data. Every AI-using automation in OpFlow's library is built with TrustLayer de-identification as a mandatory step.
- Your data stays in Australia. TrustLayer runs on Australian infrastructure. Token maps and audit logs are stored domestically.
- Token maps expire automatically. Encrypted mappings between tokens and original values are deleted after a configurable retention period. No personal data lingers.
- Every event is audited. You receive regular processing reports showing exactly which data types were detected and de-identified, across which automations, and when.
- No data is used for AI training. We use Anthropic's Claude API with explicit data usage policies that prevent your information from being used to train AI models.
- Client-facing platforms are separate. Your automations run on isolated accounts. OpFlow's internal systems and your business data never share infrastructure.
- We use platforms you already trust. Automations run on Make.com, Microsoft 365, Zoho, and other established platforms. We do not route your data through unknown third parties.
Questions about data security?
If you have specific questions about how your data would be handled, or if your industry has particular compliance requirements, we are happy to walk you through the detail.
Get in touchSee what automation could do for your business
Book a free Automation Assessment. We review your workflows, identify the biggest time-wasters, and give you a one-page report with recommended automations and how your data will be protected.
Book a free Assessment