Screenshot of a secure chatbot co-pilot created with Credal.

Credal is developing a solution to securely share company data with LLMs

Credal, a Y Combinator-backed startup, is working on a platform that creates co-pilots that help companies connect private data with cloud- or on-premises-hosted LLMs. Credal features strong security and compliance controls that include participation in the EU-US Data Privacy Framework.

Credal is a startup developing a co-pilot that lets companies securely connect and share their data with large language models. Co-pilots can be deployed as chatbots or via secure API calls. Rather than creating fine-tuned models from scratch, Credal co-pilots are simply an intermediary between companies' internal data and the various LLM offerings in the market. Credal lets users connect the internal data with the LLMs securely by performing tasks like directing prompts to the most appropriate LLM available, avoiding sensitive data leaks, and making sure users are aware when private data is about to leave the network. To adapt to company workflows Credal's co-pilots can be deployed in the cloud or fully on-premises. It is compatible with various foundational models and data sources such as Google Drive, Office 365, Confluence, ZenDesk, and Salesforce.

With several other startups offering similar services, Credal's selling point is its focus on security and compliance, which is very well thought out. Credal co-pilots can be configured to always provide the documental source for their answers. But although Credal may be given unrestricted access to specific data sources to do this, its automatic access controls will always mirror the permissions of the users asking the questions. Thus, co-pilots will never respond to prompts by citing documents the users don't already have access to. The platform includes built-in configurable personally identifiable information (PII) controls and keyword and phrase filters that ensure LLM usage aligns with clients' privacy and acceptable use policies.

Credal claims that it retains data on all interactions in an audit log. Additionally, users with admin privileges can decide when to delete all stored data. Most notably, Credal's security certifications include the EU-US Data Privacy Framework, an agreement that regulates the transfer of data between the US and the European Union. Co-founder and CTO Jack Fischer recently claimed that Credal is one of the few companies certified under this agreement and that the certification has earned Credal contracts with regulated European companies such as Wise.

The Credal website already boasts a few use cases allegedly picked up from real-life customers of the platform, ranging from a secure internal chatbot assistant to the deployment of a secure API gateway for a company that needed to be legally compliant in the US, UK, and EU. There is also a slew of customer testimonials, including Sourceful founder Wing Chan and Latchel's COO Will Gordon. The company has recently secured $4.8M in a seed round led by Spark Capital. Credal is also backed by Y Combinator and Drive Capital. Fischer stated that the raised capital will be invested in growing the startup's five-person team and expanding the coverage of its platform to data sources that require more sophisticated data retrieval.