Data Masking for AI
Before any data is sent to a large language model, all personally identifiable information is masked. Names, email addresses, and other identifiers are replaced with anonymised placeholders. The original data is restored only within our own secure infrastructure after processing, so the AI itself never sees a real name or email.
How the masking pipeline works
Incoming text is scanned for personal data: names, emails, phone numbers, and other identifiers.
Each identifier is replaced with an anonymised placeholder, e.g. names become tokens like [PERSON_1].
Only the masked text is sent to the language model, which runs in EU-region Azure OpenAI.
The original identifiers are restored from the mapping inside our own secure infrastructure. The model output is then returned to you.
What this means in practice
The LLM never sees real names, emails, or other identifiers.
AI processing happens inside the EU. Microsoft contractually confirms that submitted data is not used to train OpenAI models.
Optionally configure Sally to use your organization's own language models, so no data ever leaves your infrastructure for AI processing.
Upcoming (end of July 2026): Sally is launching its own large language model in production, replacing Azure OpenAI for default AI processing. From that point on, every step of inference happens inside Sally's own infrastructure — Sally will be fully independent of external AI providers.
The masking described above applies to Sally's own AI processing. If your organization connects Sally to external AI tools via MCP (Claude, ChatGPT, etc.), that data flow is not masked — see External AI Tools (MCP) for the responsibility split.
See also: Hosting & Subprocessors for where AI processing happens, and the TOMs PDF for the technical control reference.