Guardrails overview
The safety rules that keep your AI on-topic, on-brand, and compliant — checking every message on the way in and on the way out.
Handing customer conversations to an AI is a big trust to place. Guardrails are how Vivollo earns it. A guardrail is a rule that checks messages and steps in when something crosses a line — keeping the agent on-topic, protecting sensitive data, and enforcing the boundaries your business needs.
With guardrails in place, you can let the AI run with confidence, knowing there's a safety layer watching every exchange.
Two directions: in and out
Guardrails work in both directions, because risk runs both ways:
- On the way in — they check what the customer sends, before the AI acts on it. This catches sensitive data a customer might paste in, attempts to manipulate the agent, and messages that are off-limits.
- On the way out — they check what the agent is about to say, before it reaches the customer. This keeps replies on-brand, on-topic, and free of anything they shouldn't contain.
You decide which guardrails run in each direction, and in what order.
What a guardrail can do
When a guardrail spots a problem, it responds in one of a few ways depending on its type:
- Block — stop the message and explain why (e.g. "Please don't share card details in chat.").
- Redact — keep the message but mask the sensitive bits, replacing them with a
safe token like
[EMAIL_REDACTED]. - Rewrite — on the way out, ask the agent to revise a reply that strayed, then re-check it before it's sent.
Safe even while streaming
Vivollo streams replies as they're written, which raises a subtle question: how do you catch a credit-card number that arrives split across two chunks? Guardrails are built for exactly this — they watch the stream carefully so a sensitive pattern can't slip through by landing on a boundary. Nothing it should catch flashes on screen, even mid-stream.
Built in, and yours to extend
Vivollo ships with sensible system guardrails already in place — things like PII protection and injection prevention — so you're covered from day one. You can adjust their settings, and add your own custom guardrails for the rules specific to your business.
At minimum, keep a PII guardrail on every assistant. It's the one that protects you and your customers from sensitive data ending up where it shouldn't — and it's the backbone of staying compliant with KVKK and GDPR. There's rarely a reason to turn it off.
Where to go next
- Guardrail types — the five kinds of guardrail and what each one is for.
- PII & compliance — how sensitive data is detected and protected, in depth.