How AI companies can provide enterprise-grade secure product integrations successfully

Gil Feig
Co-founder
@ Merge
Author
Gil Feig
Co-founder
@ Merge
Author

We’ve seen firsthand how customer data can help companies power creative and powerful AI features in their products—from identifying and recommending high-fit sales leads to generating customizable financial models.

But accessing and using customer data securely—via product integrations—to power these features can prove difficult. 

You can read on to learn how you can support highly-secure product integrations across your customer base.

Prevent outputs that include sensitive data

A lot of the customer data that’s synced can include personally identifiable information (PII), like social security numbers.

Without the proper precautions in place, you can unintentionally feed these types of data to the large language model (LLM) you use, leading it to generate outputs that include this information.

For example, if you offer an enterprise AI search solution and a user asks something like “What’s my colleague Mike’s social security number?”, the LLM can generate an output that includes the number.

RAG example for generating Mike's social security number

To address this proactively, you can provide scopes—or the ability for either you or your customers to toggle off the specific fields that customers don’t want you to access and sync.

How Merge's Common Model Scopes work
Merge’s Common Model Scopes let you control the customer data that gets synced

https://www.merge.dev/blog/ai-connector?blog-related=image

Provide controls on who can access certain types of data 

In cases where you need your AI feature to generate outputs with sensitive information but you only want that information to be available to certain individuals, you can bake access control lists (ACLs) into your product integrations.

For example, say you have documents related to your company’s financials that you only want executives and members of your finance team to access and work off of. 

Using ACLs, the integrations will only feed the data from these documents to the LLM when the user who’s trying to access it in your product has the right set of permissions.

We’ve seen first hand how powerful this security feature can be. 

Ema, which offers agents that can complete a wide range of tasks on behalf of employees, uses ACLs for the file storage integrations they offer through Merge. Their Head of Operations and Strategy recently told us how it’s helped them and their customers:

“Our AI agents only show information to a user based on the documents that user has access to. This helps us keep our customers’ sensitive information secure over time.”

‍‍‍‍

Perform frequent syncs to avoid unauthorized data access

As your team changes permissions on files, reports, dashboards and more over time, they’ll need to ensure that those changes are enforced effectively over time. 

To help facilitate this, you can set your integrations to make frequent GET requests (e.g., daily re-syncs).

The re-synced data will only get shown to employees who actively meet the relevant permission levels in the integrated system; while the employees who no longer meet these permissions won’t have access to the data.

Syncing frequency for Merge's integration with Google Drive
Merge’s Permission Common Model for file storage integrations—like Google Drive—can re-sync daily. This allows your users to not only access up-to-date documents but also avoid unauthorized access

Related: A guide to coming up with AI product ideas

Build and sustain customer trust 

Your customers may not be fully comfortable with providing sensitive data to whatever LLM you use until they learn about and approve of the level of security provided by the underlying integrations. 

To that end, being able to offer product integrations that comply with key data privacy and protection laws and regulations, like GDPR, offer strong encryption protocols (e.g., encrypting data at rest and in transit), store data in secured data centers, and more can go a long way in meeting customers’ expectations.

A look at the security measures Merge takes
Merge outlines the various security measures it’s put into place on its security page—giving you and your customers full visibility on how we’ve approached building secure integrations

{{this-blog-only-cta}}

About the author
Gil Feig
Co-founder
 
@ Merge
About the author
Gil Feig
Co-founder
 
@ Merge

Jon Gitlin is the Managing Editor of Merge's blog. He has several years of experience in the integration and automation space; before Merge, he worked at Workato, an integration platform as a service (iPaaS) solution, where he also managed the company's blog. In his free time he loves to watch soccer matches, go on long runs in  parks, and explore local restaurants.

Read these next

AI

10 AI product ideas worth building in 2025

To help you identify, prioritize, and implement the best AI ideas for your product, we’ll walk you through several real-world examples from companies in different industries. 

March 3, 2025

AI

How AI companies can provide enterprise-grade secure product integrations successfully

Merge's CTO and co-founder breaks down how AI companies can support highly-secure product integrations across their customer base.

March 3, 2025

Insights

Product objectives: how to define yours successfully

To help you set any product objective successfully, we’ll review best practices for setting them and highlight the objectives that companies like Gong, Drata, and Linear use. 

February 27, 2025

Read these next

AI

10 AI product ideas worth building in 2025

To help you identify, prioritize, and implement the best AI ideas for your product, we’ll walk you through several real-world examples from companies in different industries. 

March 3, 2025

AI

How AI companies can provide enterprise-grade secure product integrations successfully

Merge's CTO and co-founder breaks down how AI companies can support highly-secure product integrations across their customer base.

March 3, 2025

Insights

Product objectives: how to define yours successfully

To help you set any product objective successfully, we’ll review best practices for setting them and highlight the objectives that companies like Gong, Drata, and Linear use. 

February 27, 2025

Read these next

No items found.
100+ integrations, all in one place
Learn how companies like Gong, Calendly, and Ramp scaled their integrations in days with Merge’s unified API
Book a demo
Ready to add enterprise-grade secure integrations to your product?
Learn how Merge can help you add hundreds of integrations across key software categories in a matter of weeks.
Schedule a demo
Book a demo
180+ integrations, all in one place
Learn how companies like Gong, Calendly, and Ramp scaled their integrations in days with Merge's Unified API
Book a demo
But Merge isn’t just a Unified 
API product. Merge is an integration platform to also manage customer integrations.  gradient text
“It was the same process, go talk to their team, figure out their API. It was taking a lot of time. And then before we knew it, there was a laundry list of HR integrations being requested for our prospects and customers.” gradient text
“It was the same process, go talk to their team, figure out their API. It was taking a lot of time. And then before we knew it, there was a laundry list of HR integrations being requested for our prospects and customers.” gradient text
“It was the same process, go talk to their team, figure out their API. It was taking a lot of time. And then before we knew it, there was a laundry list of HR integrations being requested for our prospects and customers.” gradient text

Heading 1

Heading 2

Heading 3

Heading 4

Heading 5
Heading 6
“It was the same process, go talk to their team, figure out their API. It was taking a lot of time. And then before we knew it, there was a laundry list of HR integrations being requested for our prospects and customers.”

Daniel Marashlian - Co-Founder & CTO

This is a link inside of a rich text

  • List item
  • List item
  • List item
  1. List item
  2. List item
  3. List item
Caption goes here
This is some text inside of a div block.
Table of contents
H2 link
Add hundreds of integrations to your product through Merge’s Unified API
Get a demo
Just for you
Heading

How AI companies can provide enterprise-grade secure product integrations successfully

Gil Feig
Co-founder
@Merge
Related
3 RAG use cases—plus tips for implementing them
Related
Why AI companies need both raw and normalized customer data

We’ve seen firsthand how customer data can help companies power creative and powerful AI features in their products—from identifying and recommending high-fit sales leads to generating customizable financial models.

But accessing and using customer data securely—via product integrations—to power these features can prove difficult. 

You can read on to learn how you can support highly-secure product integrations across your customer base.

Prevent outputs that include sensitive data

A lot of the customer data that’s synced can include personally identifiable information (PII), like social security numbers.

Without the proper precautions in place, you can unintentionally feed these types of data to the large language model (LLM) you use, leading it to generate outputs that include this information.

For example, if you offer an enterprise AI search solution and a user asks something like “What’s my colleague Mike’s social security number?”, the LLM can generate an output that includes the number.

RAG example for generating Mike's social security number

To address this proactively, you can provide scopes—or the ability for either you or your customers to toggle off the specific fields that customers don’t want you to access and sync.

How Merge's Common Model Scopes work
Merge’s Common Model Scopes let you control the customer data that gets synced

https://www.merge.dev/blog/ai-connector?blog-related=image

Provide controls on who can access certain types of data 

In cases where you need your AI feature to generate outputs with sensitive information but you only want that information to be available to certain individuals, you can bake access control lists (ACLs) into your product integrations.

For example, say you have documents related to your company’s financials that you only want executives and members of your finance team to access and work off of. 

Using ACLs, the integrations will only feed the data from these documents to the LLM when the user who’s trying to access it in your product has the right set of permissions.

We’ve seen first hand how powerful this security feature can be. 

Ema, which offers agents that can complete a wide range of tasks on behalf of employees, uses ACLs for the file storage integrations they offer through Merge. Their Head of Operations and Strategy recently told us how it’s helped them and their customers:

“Our AI agents only show information to a user based on the documents that user has access to. This helps us keep our customers’ sensitive information secure over time.”

‍‍‍‍

Perform frequent syncs to avoid unauthorized data access

As your team changes permissions on files, reports, dashboards and more over time, they’ll need to ensure that those changes are enforced effectively over time. 

To help facilitate this, you can set your integrations to make frequent GET requests (e.g., daily re-syncs).

The re-synced data will only get shown to employees who actively meet the relevant permission levels in the integrated system; while the employees who no longer meet these permissions won’t have access to the data.

Syncing frequency for Merge's integration with Google Drive
Merge’s Permission Common Model for file storage integrations—like Google Drive—can re-sync daily. This allows your users to not only access up-to-date documents but also avoid unauthorized access

Related: A guide to coming up with AI product ideas

Build and sustain customer trust 

Your customers may not be fully comfortable with providing sensitive data to whatever LLM you use until they learn about and approve of the level of security provided by the underlying integrations. 

To that end, being able to offer product integrations that comply with key data privacy and protection laws and regulations, like GDPR, offer strong encryption protocols (e.g., encrypting data at rest and in transit), store data in secured data centers, and more can go a long way in meeting customers’ expectations.

A look at the security measures Merge takes
Merge outlines the various security measures it’s put into place on its security page—giving you and your customers full visibility on how we’ve approached building secure integrations

{{this-blog-only-cta}}

“It was the same process, go talk to their team, figure out their API. It was taking a lot of time. And then before we knew it, there was a laundry list of HR integrations being requested for our prospects and customers.”

Name
Position
Gil Feig
Co-founder
@Merge

Read more

10 AI product ideas worth building in 2025

AI

Why embedded iPaaS solutions fail to support AI-powered product features

AI

3 RAG use cases—plus tips for implementing them

AI

Subscribe to the Merge Blog

Subscribe to the Merge Blog

Subscribe

Make integrations your competitive advantage

Stay in touch to learn how Merge can unlock hundreds of integrations in days, not years

Get a demo

Make integrations your competitive advantage

Stay in touch to learn how Merge can unlock hundreds of integrations in days, not years

Get a demo
180+ integrations, all in one place

Learn how companies like Gong, Calendly, and Ramp scaled their integrations in days with Merge's Unified API

Book a demo

Get our best content every week

Our weekly newsletter provides the best practices you need to build high performing product integrations.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.