Question 1

Does Root AI store or extract banking data?

Accepted Answer

No. Root AI operates exclusively within your Salesforce Financial Services Cloud (FSC) org. All model inference runs in-memory using Apex. No data is written to external databases, data lakes, or third-party APIs. Your client data never leaves the Salesforce perimeter.

Question 2

Is Root AI compliant with OSFI Guideline E-23?

Accepted Answer

Yes. Root AI's architecture is designed to satisfy OSFI Guideline E-23 requirements for technology and cyber risk management, including algorithm explainability, third-party risk controls, and complete audit trail requirements. Every agent action is logged to the FSC Activity History object.

Question 3

How does Root AI handle model training and fine-tuning?

Accepted Answer

Root AI uses pre-trained, domain-specific small language models (SLMs) that are deployed as managed packages within your Salesforce org. No fine-tuning occurs using client data. Model updates are delivered through the Salesforce AppExchange managed package channel — the same process used for all certified Salesforce applications.

Question 4

Does Root AI use webhooks or external API calls?

Accepted Answer

No. Root AI does not use webhooks, polling, or outbound API calls to external services. All processing is triggered natively within Salesforce using standard Apex triggers and Flow orchestration. Your Salesforce org's existing IP restriction and network access policies apply without modification.

Question 5

What certifications does Root AI hold?

Accepted Answer

Root AI is SOC 2 Type II certified, listed on the Salesforce AppExchange (which requires Security Review), and follows the NIST AI Risk Management Framework (AI RMF 1.0). We operate with zero third-party sub-processors that handle banking client data.