FAQs

Frequently Asked Questions

Have questions? We’re here to help.

We have a team of data scientists who will work with your AI governance team to understand your data pipeline and test pre- and post-training results of your AI models for evidence of bias and discrimination.

Traditional data generation uses random lists, but Truyo de-identification goes into your system and grabs information using data you store. Your sample set will match your production systems rather producing randomized data. We de-identify your real consumer data from names to emails in a usable format. Mix phone number digits, scramble everything left and right of ‘@’ separately for emails, and rearrange SSNs by section to defy SSN rules. Truyo can de-identify, replace, hash,and 2-way encrypt so you can decrypt data with the key.

Truyo will scan your content, such as documents in SharePoint, to find indicators of generative AI usage through API connectors to isolate instances of AI use cases
for governance review. We will also scan your website and source code for mention of AI tools and fingerprints that point to an AI tool being used to generate code. Scans can be set to run on a recurring basis and no data is saved after the scan.

BitBucket, GitHub, Azure Repo, and more coming soon

Truyo provides a holistic platform that encompasses all components of AI governance from AI inventory to risk management. Truyo reduces the manual workload of producing an AI inventory, provides a full suite of assessments, helps you identify bias and discrimination in your AI models, and more. Combined with our comprehensive and automated data privacy platform, you have one solution to manage compliance and governance that will scale with your business.

An AI scorecard provides you with documented representation of your AI governance efforts to show your consumers and business partners, both internal and external, that you are using AI responsibly and monitoring risks.

Great news! You won’t need to circumvent your current ticketing system. Truyo can integrate to dispatch tickets and listen for the results in a fully automated fashion without interrupting your current organizational work flows.

We can create customized solutions using restful APIs, file exchange, direct to database connectors, or most commonly a remote software agent to connect to internally-developed systems. Truyo has the capability to connect to virtually every type of data system.

Yes, with the new generation of agents our tool will comply with all jurisdictions to provide compliant DSAR fulfillment.

Truyo’s Framework Assessment Module includes privacy impact assessments, vendor assessments, CMMC, NIST, and ISO.

Truyo currently supports regulations for the following states: California, Colorado, Connecticut, Nevada, Utah, and Virginia. Internationally, Truyo supports regulations for Australia, GDPR, MENA, PIPEDA, and Quebec. We are always adding new regulations as they arise and at no additional charge to our customers.

Within one month we have saved:

  • A large retail chain $2.7m in operating costs with CCPA automation
  • A mid-size restaurant chain $350k in operating costs with CCPA automation
  • A national home goods chain $1.1m in operating costs with CCPA automation
  • A national health and wellness chain $2.6m in staffing costs with CCPA automation
  • A salon chain $180k in operating costs with CCPA automation

Oftentimes, legacy applications or printed materials have no possibility of an API connection. In these cases, automation may not be possible. But Truyo can automatically create a manual Task for your team members when it is necessary to interact with these sources.

Truyo can integrate with any system capable of supporting an API. Truyo uses over 100 pre-built Connectors to all of the most popular CRMs, ERPs, marketing tools, HR tools, etc. For systems where Truyo does not have a pre-built Connector, we use a flexible API builder that includes standard components like error checking, caching, retries, etc.

Through your secure, branded Data Subject Portal, Data Subjects are guided through options to help them formulate exactly what they are trying to Request. Your users do not need to be knowledgeable about the regulations, but their Requests are properly structured so you can act on them easily and quickly without having to interact with the Data Subject.

Truyo leverages a secure, immutable ledger to log and timestamp all system interactions and changes associated with your SAR operation, including requests, task assignments and task fulfillment. We then provide simple graphical reports as well as flexible filters so you can see and create the reports you need very quickly, whether for internal purposes, or for external purposes like an audit or legal defense.

Truyo will create common reports such as those for CCPA & CPRA compliance – average time to complete requests, number of requests, etc. We also have complete reporting for any transactional element in the platform such as when a request is accepted or completed. We have system reporting for connections that are managing processes and how long it takes. All reporting can easily be exported to spreadsheets or reporting tools at no additional cost for our customers.

Yes, we can deploy on a company’s own cloud instance. Truyo is built on Kubernetes and can manage and maintain remote installations while keeping your data secure on your infrastructure. Truyo can also be deployed on-premise or in a hosted multi-tenant environment.

Yes, many companies do not require automation because they get very few, if any, Requests from Data Subjects, or they have very few back-end systems which hold data. These companies use the Truyo secure portal, task management system, logging and reporting engine without any connected data sources, while supporting manual responses to SARs. This is a cost-effective and more compliant alternative to receiving SARs to an email alias or a simple web form. But if you do start getting a lot of SARs, it is an easy upgrade to start adding automation to the system.

Yes, the entire product is built for variable enterprise requirements and stringent security standards and is driven by a set of flexible APIs so it can be largely tailored to your specifications. Customizations are performed and billed as a Professional Service.

By default, Truyo sends verification links to any emails or SMS endpoints given by the Data Subject before a Request becomes “verified” and actionable. But Truyo can incorporate many additional verification methods, including integration with 3rd party verification tools and even integration to your own authentication systems for customers and employees. Truyo also offers you the option of requiring the Data Subject to upload a photo ID.

If you have over 10 back-end systems that contain privacy data, AND you get or plan to get at least one SAR per week, then you should consider at least some level of automation. Back-end systems include CRMs, ERPs, billing systems, help desk and ticketing systems, marketing systems, analytics, e-commerce, applicant tracking systems and payroll systems, just for example. The first level of automation — validating identities, validating requests, generating tasks, logging and reporting — will cut out 20 to 30% of your operational overhead without any systems integration required. The next level of automation, information gathering and compiling, will cut out another 30 to 40% of your overhead, and will require simple data ingestion integration to your systems. The last level of integration, fully automating changes to back-end systems, requires more integration effort, but will help you achieve a fully-automated, self-service experience for your customers and employees.

Personal data is any information that can be used to directly or indirectly identify a person. This information ranges from social media activity, credit card information, medical information to computer IP address. Public, private and work data is all covered under the regulation.

Also called a SAR or DSAR, a Data Subject Access Request refers to the new requirements under privacy regulations that allow a person, the Data Subject, to request to see the data that a given company is tracking on them. This includes a very broad set of data tied to that person’s identity in your systems, like website visits, shopping history, demographic information, etc. For most companies, this data resides in multiple back-end systems. Companies have 30 days under the GDPR or 45 days under CCPA to compile this information and deliver it to the requestor in a format that is understandable. Further, a Data Subject can also ask for that data to be deleted from all systems, for it to be modified, or for it to be provided in an exportable format, depending on the regulation.

Modern privacy regulations are very broad, and cover many areas like breach notification, security practices and privacy by design. Truyo helps automate and streamline the area of Individual Rights. That is, the rights of a person to request to see the data a company is tracking on them, and to exercise control over that data. This is one of the main areas of exposure to a company, and serves as the primary entry point for complaints and fines if not done properly, so it is important to execute Individual Rights properly, and to the degree a company receives many Requests, to do so at scale.

Witness the Innovation with Truyo

Connect with an Expert