Compliant Multi-Tenant AI Integration Gateway — Channel Partner Guide

VAR Channel
Guide.

Everything you need to position, sell, and deploy the zero-leakage AI gateway to enterprise and mid-market buyers — compliance pitch scripts, objection handling, margin calculator, and technical onboarding checklist.

What to Say in the First Meeting.

Select the prospect's industry. Use the opener, the problem framing, and the close as written — or adapt the language to your style. The structure is what matters.

Open With

How much time does your front desk spend drafting replies to patient messages, appointment requests, and intake questions every day?

The Problem

They'll say 2–3 hours. That's not the real problem. The real problem is every AI tool they've looked at has a HIPAA issue — it's storing patient names, DOBs, insurance IDs somewhere they can't audit. So they've been sitting on this for a year while the workload gets worse.

The Solution

This platform was built for exactly that. PHI is scrubbed from every message before it touches the AI. SSNs, DOBs, insurance IDs, medical record numbers — removed in memory, never stored, never sent to the model. You get a HIPAA-compliant AI layer that drafts patient replies without ever seeing protected data. We sign a BAA with you. Our infrastructure provider holds SOC 2 Type II and a HIPAA BAA.

Then Show This

At rgxsystems.com/demo → get your sandbox key → POST /api/v1/process with industry: "healthcare" → paste a real patient message as the payload → point to forwarded_payload: "see what was replaced before the model ran?" → show the compliance_event_id in the response.

The Close

I can provision a tenant workspace and have your compliance team reviewing real redaction output within 48 hours. You'll want to see the data flow diagram before your CISO signs off — I'll send that along with the BAA. Want to schedule a technical walkthrough this week?

Open With

How many client emails a week does your team respond to that need a human reply, but don't actually need a CPA or advisor to write them?

The Problem

The answer is usually a lot. Account status questions, document requests, scheduling, general guidance — your highest-paid people are writing emails an AI could draft. But financial client data is a minefield: account numbers, routing numbers, SSNs. Routing that through a third-party AI without strict controls creates regulatory exposure.

The Solution

Account numbers, routing numbers, SSNs and EINs are stripped before the AI sees any message. Zero financial data reaches the model. The AI drafts based on the question. Your team reviews, adjusts, sends. You stay compliant and your people get time back.

Then Show This

At rgxsystems.com/demo → sandbox key → POST /api/v1/process with industry: "finance" → paste a real client message with an account number or SSN → show forwarded_payload. The financial identifiers are gone. That's the whole story.

The Close

If this saves your team two hours a week each, what does that cost you versus what it frees up in billable time? We can set this up and you'll know in 30 days if it's worth keeping.

Open With

When a new buyer lead comes in on a Saturday night, how long before one of your agents actually responds?

The Problem

Probably hours. Maybe Monday. In real estate, whoever responds first wins. A lead that waits 4 hours has already called two other agents. The agents aren't ignoring leads on purpose — they're showing homes. Speed is a structural problem, not a motivation problem.

The Solution

The AI drafts the first response in seconds — with the agent's name on it. The agent gets a notification, reviews the draft on their phone, and sends with one tap. Response time goes from hours to minutes. The lead feels attended to. No sensitive data risk — addresses are scrubbed before the AI sees them.

Then Show This

At rgxsystems.com/demo → sandbox key → POST /api/v1/process with industry: "real_estate" → paste a real buyer inquiry → show the scrubbed forwarded_payload and the AI response. Ask: "Is that the level of output your agents would work from?"

The Close

The gateway provisions a tenant workspace for your team in minutes. Every AI query runs through the compliance layer before the model sees it. We can have a pilot running on real inquiries within a week — no infrastructure changes on your side. Ready to start?

Open With

If every client email your firm received had a thoughtful first draft waiting in 30 seconds, what would that change about your team's day?

The Problem

Most consulting and advisory firms are still managing client communications manually. Intake, scoping questions, follow-ups, status requests — it all lands in someone's inbox and waits for capacity. That's slow for the client, expensive for the firm, and it scales badly.

The Solution

An AI layer that drafts replies within seconds of a message arriving. EINs, bank account numbers, and routing numbers are stripped before the AI sees anything — client financial data stays protected. Your team reviews the draft and sends. Response times drop. Capacity expands without headcount.

Then Show This

At rgxsystems.com/demo → sandbox key → POST /api/v1/process with industry: "professional_services" → paste a real client message with an EIN or banking detail → show the scrubbed forwarded_payload. Ask: "Is that the data protection your compliance team requires?"

The Close

Setup is minimal — we provision a tenant workspace in your industry mode and your team is running compliance-scrubbed AI inferences the same day. EINs, banking identifiers, and SSNs stay protected on every call. Ready to start this week?

How to Run the Compliance Demo.

Walk through this live in the client meeting using your sandbox key at rgxsystems.com/demo. Nine steps, under 10 minutes.

1

Have your sandbox API key ready before the meeting starts

Get your free key at rgxsystems.com/demo and pre-provision a test tenant workspace. Have a terminal or Postman collection open with the /process call ready to run. Don't fumble with setup mid-meeting.

2

Select their industry

Click the industry pill that matches the prospect. The sample message and response are tailored per vertical. Say:

"I've loaded an example for a practice like yours. You can replace this with a real message you actually receive — let's try that."

3

Ask them to paste a real message — this is the most important step

The sample message works. But a real message from their actual inbox closes the demo. They see their own data being processed. Ask:

"Do you have a recent message you'd normally have to respond to? Paste it in here. We'll run it through right now."

4

Hit Process and narrate each step

Click "Process Message" and walk them through the 4-step animation as it runs:

Auth → "Your API key authenticates the request."
PHI Scan → "This is where it finds every piece of sensitive data."
AI Model → "Now the scrubbed message goes to the AI — labels instead of real values."
Response → "Here's the draft."

5

Walk through the redaction table row by row

This is where you win the compliance conversation. Point to each row:

"See this? Their date of birth was in the message. It's gone — replaced with a label. The AI never saw the actual value. That's why this is HIPAA-compliant. The model only ever sees [DATE_OF_BIRTH], not the real date."

6

Let the response finish, then ask one question

Wait for the full response to appear. Then:

"Is that the kind of first draft your team would work from? Would you change anything about the tone?"
This moves them from watching to evaluating. They start thinking about fit, not features.

7

Explain what the production architecture looks like

"In production, your enterprise clients route AI requests through your licensed node. Every payload hits the Compliance Engine before the model sees it — PII scrubbed, compliance event logged, seat metered. Your clients interact with your product; this gateway runs beneath it transparently."

8

Handle the data question before they ask it

Say this proactively — don't wait for them to ask:

"I know the first question is always 'where does this data go?' The answer is: it doesn't persist. What you just saw was never written to a database. PHI is scrubbed in memory and discarded. We have a data flow diagram and a Business Associate Agreement if your legal team needs to review it."

9

Close with a specific next step, not a vague follow-up

Don't say "I'll send you some information." Say:

"I can provision a tenant workspace in your industry mode today. Your compliance and security team can validate the scrubbing behavior against your own payloads before any procurement decision. Want me to set that up?"
A specific offer is harder to defer than a general follow-up.

What They'll Say and What to Say Back.

Know these before the meeting. Every one of these will come up.

Compliance

Where does our data go?

It doesn't persist anywhere. PHI is scrubbed in memory before the AI sees it and the raw text is discarded immediately — never written to a database. The only thing we log is metadata: byte counts and redaction counts, no message content. We can share the data flow diagram and our BAA for your legal or compliance team.

Competition

Why not just use ChatGPT?

ChatGPT is not HIPAA-compliant, has no per-client data isolation, and by default can use conversations to improve its models. Sending patient messages through ChatGPT is a HIPAA violation waiting to happen. This platform is purpose-built for regulated business use — PHI scrubbing, zero-retention policy, SOC 2 infrastructure, and a BAA available.

Compliance

Is this actually HIPAA compliant?

Yes, with a Business Associate Agreement in place. We sign a BAA with you; our infrastructure provider (Render) signs a BAA with us and holds SOC 2 Type II certification. PHI is scrubbed before it reaches any AI model and is never persisted to any database. We have a data flow diagram your compliance team can audit line by line.

Pricing

What does this cost?

The platform is $2,000/month base plus $20 per active seat. You set your own price to your clients — most VARs charge $150–$400/seat. Use the margin calculator on this page to run your own numbers. Most VARs run 80–93% gross margin after infrastructure cost.

Commitment

Can we try it before committing?

Yes. You get 500 free requests on a sandbox key — no credit card, no approval required. Connect a real client, run real inferences, see how it performs on your actual data. You only move to a paid production node when you're ready. Sign up at rgxsystems.com/demo.

Technical

Can we customize the AI per client?

Fully. Every client gets their own AI configuration — model, system prompt, tone, max response length. A dental practice and a law firm on the same node have completely separate AI behavior. You control the config with one API call per client.

Technical

Does this replace our current software?

No — it sits between your application layer and the LLM. Your existing stack makes API calls; the gateway handles compliance scrubbing, tenant isolation, and seat metering transparently. No migration, no workflow disruption. Your clients never interact with RGX directly.

Reliability

What's the uptime guarantee?

The platform runs on Render's infrastructure (SOC 2 Type II, 99.9% uptime target). We have a Service Level Agreement and internal monitoring. Typical API response time is under 2 seconds. For critical workflows, your front-end can flag when the service is unreachable so users are never left without feedback.

Open the Conversation with Your Book.

Use these to reach clients or warm prospects who haven't heard your AI pitch yet. Edit the bracketed fields. Keep it short — the goal is one reply, not a closed deal.

Model Your Revenue.

Enter your expected book of business and see the numbers before you sign a single client.

Active client workspaces on your node

Active users per client (e.g. front desk staff, agents)

What you charge your clients per active user

Monthly Revenue

$16,000

10 clients × 8 seats × $200


Monthly Cost to You

$3,600

$2,000 node + $20 × 80 seats


Monthly Profit

$12,400

$148,800 annually


Gross Margin

77.5%

From API Key to First Closed Deal.

Work through this in order. Your progress saves automatically in this browser.

0 / 12 complete

Platform Setup

Get your free sandbox API key

Sign up at rgxsystems.com/demo — company name and email only, no credit card. Key arrives by email in seconds. 500 free requests included.

Create your first test client

POST /api/v1/clients with a name and email. Creates an isolated workspace. Use your own info as the test client. Confirm you get a client ref back.

Run a compliance-scrubbed inference

POST /api/v1/process with your tenant ref, user_id, and a message containing PII. Inspect forwarded_payload in the response — sensitive tokens replaced. Check the compliance_event_id. This is the core verification loop.

Log in to the VAR Portal

Go to rgxsystems.com/app/var/login. Verify your test client shows up, usage is tracked, and the dashboard looks the way you'd show it to someone.

Demo Readiness

Run the compliance demo yourself across all five industries

POST /api/v1/process with industry set to each of: healthcare, legal, finance, professional_services, real_estate. Study what redaction tokens appear for each. Know the output cold — be able to explain the redaction table without looking at notes.

Memorize the data question answer

PHI is scrubbed in memory before the AI sees it. Never written to a database. Only metadata logged — no message content. You have a BAA and data flow diagram available. Practice this out loud until it's natural.

Sign the BAA if selling to healthcare clients

Download and execute the Business Associate Agreement at rgxsystems.com/baa before your first healthcare conversation. You need it on file before a healthcare client can sign with you.

First Sale

Identify three target clients in your existing book

Look at your current clients or warm relationships. Pick three where the pitch is obvious — a dental practice with a busy front desk, a law firm slow to respond to clients, a CPA firm drowning in email.

Send the outreach email to your first target

Use the email templates in Section 04 above. Edit the bracketed fields. Send it. One email, one target, today. The goal is a reply, not a sale.

Run a live compliance demo in your first prospect meeting

Follow the demo script in Section 02 above. Ask them to provide a real payload with PII. Walk the redaction table row by row. Ask: "Is this the level of compliance control your security team requires before deploying AI?"

Provision a tenant workspace for their pilot after the meeting

Don't leave without a next step. The next step is: "I'll provision a sandbox tenant in your industry mode so your team can validate scrubbing behavior against real payloads before any commitment." Do it the same day. Send them the sandbox key and the data flow diagram.

Deploy production node and onboard your first paying client

When they're ready, provision a production node at rgxsystems.com/demo#signup. Production key arrives instantly. Onboard the client the same day — POST /api/v1/clients with their industry and tenant ref, configure their seat auth mode (RGX JWT, OIDC, or SAML). First invoice on the 1st of next month.