Security & Architecture
Sage by Plansight
Security, architecture, and compliance overview for executive and IT security review.
Security, architecture, and compliance overview for executive and IT security review.
Sage is an AI-powered support assistant that helps Plansight users find answers, watch training videos, and explore guided walkthroughs — all without leaving the app.
Sage runs on independent infrastructure with zero access to Plansight's database, servers, or user credentials.
TLS 1.2+ in transit, AES-256 at rest, AES-256-GCM for API keys, bcrypt for passwords. No plaintext secrets anywhere.
Every infrastructure provider (Vercel, Neon, Anthropic) is SOC 2 Type II certified.
Sage is a read-only support tool connected to Plansight via a single <script> tag. The blast radius of any Sage compromise is limited to support conversation history. It cannot be used as a vector to access Plansight's core application, customer data, or infrastructure.
How Sage connects to Plansight and its supporting services. Note the clear isolation boundary.
A clear picture of what Sage can see, what it stores, and what it cannot access.
First name, email, and user ID — passed from the Plansight app via the embed snippet. Used only for greeting personalization and conversation attribution.
Questions typed by the user in the chat widget. Sent to the Sage backend, used to search the knowledge base, and passed to Claude for answer generation.
| Data | Storage | Purpose |
|---|---|---|
| Questions & AI responses | Neon PostgreSQL (encrypted at rest) | Analytics, quality improvement |
| User name, email, user ID | Neon PostgreSQL | Conversation attribution |
| Feedback (thumbs up/down) | Neon PostgreSQL | Response quality tracking |
| Resource requests | Neon PostgreSQL | Content gap identification |
| Session history | Neon PostgreSQL | Conversation continuity |
Every component of the Sage stack runs on SOC 2 Type II certified infrastructure.
| Component | Provider | Certification | Details |
|---|---|---|---|
| Backend | Vercel | SOC 2 Type II | Serverless Node.js functions. Auto-scales, no persistent servers. Global edge network with automatic TLS. |
| Database | Neon | SOC 2 Type II | Serverless PostgreSQL. Data encrypted at rest (AES-256). Hosted on AWS US-West-2. Automatic backups. |
| AI Model | Anthropic | SOC 2 Type II | Claude Haiku 4.5 via API. ~$0.005 per question. Anthropic does not train on API data. No customer data retained after response. |
| Knowledge Base | UserGuiding | SOC 2 Type II | Read-only API access to help articles. No write access. No customer data shared. |
| Videos | Wistia | SOC 2 Type II | Read-only access to training video catalog. Videos served via Wistia CDN. |
| Source Code | GitHub | SOC 2 Type II | Private repository. Only authorized personnel have access. No Plansight source code stored. |
Data protection at every layer of the stack.
All communication uses TLS 1.2+ enforced by Vercel. No unencrypted HTTP traffic is accepted. HSTS headers are set automatically.
Neon PostgreSQL encrypts all data at rest using AES-256. Backups are also encrypted. No plaintext data on disk.
All third-party API keys stored in the database are encrypted using AES-256-GCM with authenticated encryption and per-record initialization vectors. Decryption requires a server-side master key that never leaves the server environment.
Admin passwords are stored as bcrypt hashes with a cost factor of 10. Original passwords are never stored or logged.
All secrets are stored as Vercel environment variables, encrypted at rest by Vercel, and never committed to source code.
| Variable | Purpose | Exposure |
|---|---|---|
ANTHROPIC_API_KEY | Claude AI access | Server-side only |
ENCRYPTION_KEY | AES-256-GCM master key for DB encryption | Server-side only |
DATABASE_URL | PostgreSQL connection string | Server-side only |
USERGUIDING_API_KEY | Knowledge base search | Server-side only |
How the AI model is configured and what it can and cannot do.
Anthropic does not use API inputs or outputs to train models. This is guaranteed by their API Terms of Service and SOC 2 certification.
Sage uses a controlled system prompt that instructs the AI to only answer from provided knowledge base articles and their embedded video transcripts. It cannot make up information or access external systems.
The AI generates text responses only. It cannot execute code, access databases, call APIs, browse the internet, or perform any actions beyond generating a text answer.
The AI only has access to help articles from the UserGuiding knowledge base and spoken transcripts from embedded Wistia training videos. It has zero access to customer data, policy information, financial records, or any Plansight business data.
Anthropic does not retain API request data after generating a response. There is no conversation memory on Anthropic's side between requests.
The only integration point is a single <script> tag. Nothing else.
Clear separation of responsibilities and access levels.
| Role | Access | Scope |
|---|---|---|
| Steve Overton Product Owner |
Full admin access | GitHub repo, Vercel dashboard, Neon database, all API keys, Slack notifications |
| Plansight Developers Frontend Team |
Embed snippet only | They add a <script> tag to the Plansight frontend. No access to Sage backend, database, or API keys. |
| End Users Plansight Customers |
Chat widget only | Can ask questions and browse help content. Cannot access other users' conversations or any admin functions. |
| Anthropic (Claude) AI Provider |
API access only | Receives questions and knowledge base context. Cannot access Sage database, infrastructure, or any Plansight systems. |
How Sage aligns with common compliance frameworks.
| Requirement | Status | Details |
|---|---|---|
| SOC 2 | All Providers Certified | Vercel, Neon, Anthropic, GitHub — all SOC 2 Type II |
| Data Residency | US-Based | Database in AWS US-West-2. Vercel edge functions execute in nearest US region. |
| GDPR | Compliant | Minimal PII collected. Conversation data can be deleted on request. No EU data processed unless EU users interact. |
| HIPAA | Not Applicable | Sage does not process, store, or transmit protected health information (PHI). Only software support questions. |
| PCI DSS | Not Applicable | No payment data is processed or stored. |
| Encryption in Transit | TLS 1.2+ | Enforced by Vercel on all endpoints. HSTS headers set automatically. |
| Encryption at Rest | AES-256 | Neon PostgreSQL encrypts all data at rest. API keys double-encrypted with AES-256-GCM. |
How to monitor, respond to, and disable Sage if needed.
Vercel provides real-time function logs, error tracking, deployment history, and usage analytics. All API errors are logged with full context.
Any Vercel deployment can be rolled back to a previous version with one click. Previous deployments are preserved indefinitely.
Sage can be instantly disabled by removing the <script> tag from the Plansight frontend, or by deactivating the tenant in the Sage database. No redeployment needed.
Sage sends real-time Slack notifications for new conversations, negative feedback, resource requests, and support tickets. Configurable per channel.
Three independent kill switches, any one of which immediately stops all Sage functionality:
is_active = false in the tenants table. All API requests return 404.How Sage satisfies each applicable Plansight internal security policy, mapped to TSC controls.
| Policy Requirement | Sage Compliance |
|---|---|
| 4.a.iv — Approved AI services must be paid organizational services under contract | Anthropic Claude is accessed via paid API subscription with organizational account. Compliant |
| 4.a.v — Approved AI services must provide contractual assurances that data is not used to train models | Anthropic's API Terms of Service explicitly state that API inputs/outputs are not used for model training. SOC 2 Type II certified. Compliant |
| 4.b.ii — AI use must be limited to the minimum data necessary | Sage only sends the user's support question and relevant help articles to Claude. No customer data, policy data, PHI, or financial data is ever transmitted. Compliant |
| 4.c.i — Each job must be handled in an isolated model instance | Each Claude API call is stateless — Anthropic does not maintain context between requests. There is no persistent model instance. Each question is processed in complete isolation. Compliant |
| 4.c.ii — Upon completion, the model instance must be discarded | Claude API requests are fire-and-forget. Anthropic does not retain request data after generating a response. No data persists on Anthropic's side. Compliant |
| 4.c.viii — PHI and PII must not be submitted unless management has explicitly approved | Sage only submits user-typed support questions, knowledge base articles, and embedded video transcripts to Claude. No PHI is ever submitted. The only PII is the user's first name (for greeting personalization), which is minimal and non-sensitive. No employer data, policy data, SSNs, DOBs, or health information is accessible to Sage. Compliant |
| 4.c.v — Users must not enable vendor training, data sharing, or model improvement features | Anthropic API does not have opt-in training features. The API is contractually excluded from training by default. No configuration needed. Compliant |
| Policy Requirement | Sage Compliance |
|---|---|
| 4.e — IT vendors must undergo a risk assessment; a valid SOC 2 can be used instead of a full assessment | All Sage vendors hold current SOC 2 Type II certifications:
• Anthropic (Claude AI) — SOC 2 Type II • Vercel (hosting) — SOC 2 Type II • Neon (database) — SOC 2 Type II • GitHub (source code) — SOC 2 Type II Compliant |
| 4.a — Vendors must not access information security assets until a contract with security controls is signed | All vendor relationships are under paid subscription agreements with security terms. No vendor has direct access to Plansight's information security assets. Compliant |
| 4.f — Vendors must ensure organizational records are protected, safeguarded, and disposed of securely | Sage data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Neon provides automatic encrypted backups. Data can be deleted on request. Compliant |
| Policy Requirement | Sage Compliance |
|---|---|
| 3.a — Systems must use AES-256 with 256-bit keys |
• Database encryption at rest: AES-256 (Neon/AWS)
• API key encryption: AES-256-GCM with 256-bit key, authenticated encryption with per-record IVs • Transit encryption: TLS 1.2+ with AES-256 cipher suites Compliant |
| 3.f.iv — Key rotation at least once every 12 months | Encryption keys are stored as Vercel environment variables and can be rotated at any time. A rotation schedule should be established. Action Required |
| 3.f.i-iii — Key management with access control, secure storage, and backup | Keys are stored in Vercel's encrypted environment variable system with role-based access. Only the project owner (Steve Overton) has access. Compliant |
| Data in Sage | Classification | Rationale |
|---|---|---|
| Knowledge base articles | Public | Already published on help.plansight.com. Public by nature. |
| User name & email | Internal Use | Basic contact info for conversation attribution. Not sensitive. Available to all employees. |
| Support questions & answers | Internal Use | Questions about software usage. No customer data, PHI, or policy information. |
| API keys & credentials | Restricted | Third-party API keys encrypted with AES-256-GCM. Stored encrypted at rest. Access limited to system owner only. |
Plansight's core platform handles PII, PHI, employer data, and policy information. None of this data is accessible to Sage. Sage is architecturally isolated from the Plansight database and infrastructure. The only data Sage receives is:
There is no mechanism — technical or otherwise — for Sage to access Plansight customer data, employer records, plan details, census data, or any PHI. The systems are completely separate.
Items to address for full policy alignment before production deployment.
Per AI Policy 4.a.ii, add "Anthropic Claude API (Sage chatbot)" to the organization's approved AI services registry. Document the SOC 2 report as the risk assessment artifact per Vendor Management Policy 4.e.ii.
Per Encryption Policy 3.f.iv, set a 12-month rotation schedule for the Sage ENCRYPTION_KEY. Document the rotation procedure and assign an owner.
Register Vercel, Neon, and Anthropic as IT vendors per Vendor Management Policy. File SOC 2 reports for each. All three hold current SOC 2 Type II certifications.
Per AI Policy 4.c.viii, obtain written management approval confirming that Sage's limited use of PII (user name and email for personalization) meets contractual, privacy, and security requirements. Note: no PHI is involved.
Configure sage.plansight.com as the production domain. This provides a branded URL and allows domain-based CORS restrictions to replace the current open CORS policy.