Financial institutions require assurance that conversational data, sender information, and transaction details remain within controlled infrastructure boundaries. Lola Send’s deployment architecture ensures all components operate within the bank’s or Leap Financial’s VPC with explicit controls over any external data flows.
VPC-contained deployment
All Lola Send services deploy within a single VPC:
- MessageGateway — the application server receiving and processing all messages
- Redis — state and history stores for conversation data
- Backend APIs — PayHub, CIP services, and identity services
Internal service-to-service communication stays within the VPC boundary. No data leaves the VPC except through two explicitly controlled channels:
| External flow | Destination | Purpose |
|---|
| AI model API calls | OpenAI, Google Gemini | Conversation reasoning and message enhancement |
| Channel messages | WhatsApp Business API, Telegram | Outbound message delivery to senders |
AI model data policies
Lola Send uses a multi-model architecture. Each model provider is governed by enterprise data processing agreements with strict data controls.
Gemini on Vertex AI (GCP)
The message enhancement pipeline runs on Gemini 2.5 Flash Lite via Google Cloud Vertex AI. This is the strategic model choice for data-sensitive operations because Vertex AI provides:
- VPC Service Controls — all inference traffic stays within the bank’s GCP project perimeter. Conversation data sent to Gemini for language detection and structured formatting never leaves the GCP VPC boundary.
- Zero data retention — Vertex AI does not store, log, or retain any request or response data beyond the API call lifecycle. No conversation content is persisted by Google.
- No model training on customer data — data processed through Vertex AI is never used to train or improve Google’s models. This is guaranteed by Google Cloud’s enterprise data processing terms.
- Regional deployment — Vertex AI endpoints can be deployed in the bank’s preferred GCP region, ensuring data residency requirements are met at the infrastructure level.
- Customer-managed encryption keys (CMEK) — the bank can use its own encryption keys for data at rest within the GCP project.
OpenAI
Agent reasoning (gpt-4o) and response refinement (gpt-4.1) use OpenAI’s API under enterprise agreements:
- Zero-retention API — OpenAI’s enterprise API does not retain input or output data beyond the request lifecycle
- No training on customer data — data sent via the API is not used for model training or improvement
- Enterprise DPA — OpenAI’s Data Processing Addendum governs data handling, reviewed and approved by the bank before deployment
Model configuration and control
| Model | Provider | Role | Data boundary |
|---|
| Gemini 2.5 Flash Lite | Google Cloud (Vertex AI) | Message enhancement | GCP VPC with VPC Service Controls |
| GPT-4o | OpenAI | Agent reasoning | Enterprise zero-retention API |
| GPT-4.1 | OpenAI | Response refinement | Enterprise zero-retention API |
MacawSettings and can require specific providers or models based on data governance requirements. The enhancement model is configured independently on the MessageGateway.
The bank can review the specific enterprise data processing agreements with each model provider before deployment. Vertex AI’s VPC Service Controls provide the strongest data residency guarantee — inference traffic never leaves the GCP perimeter.
Redis isolation
State and history Redis instances run within the VPC with strict isolation:
- No external replication or backup to external storage
- No cross-region data movement
- Separate logical stores for conversation state (
STATE_STORE_REDIS) and message history (HISTORY_STORE_REDIS), deployable on separate instances for additional isolation
- Redis access is restricted to VPC-internal services only
No third-party data sharing
Lola Send does not share conversation data, sender information, or transaction details with any party beyond:
| Recipient | Data shared | Purpose |
|---|
| AI model providers | Conversation context for inference | Reasoning and response generation (zero-retention) |
| Bank’s backend services | Transaction data, identity queries | PayHub operations, CIP verification |
| Channel provider | Outbound messages | Message delivery to sender (WhatsApp/Telegram) |
Observability controls
LangSmith tracing for debugging and monitoring is fully configurable:
- Enable with bank-approved endpoints — point tracing to the bank’s own LangSmith instance or approved endpoint
- Run within bank infrastructure — tracing can be configured to stay within the bank’s observability stack
- Disable entirely — set
LANGCHAIN_TRACING_V2 to false in the environment configuration to turn off all external tracing
The bank controls what telemetry data is collected, where it is sent, and whether it is enabled at all.
Secret management
Doppler manages all production secrets with strict controls:
- Runtime injection — secrets are injected into containers at startup, not baked into images
- Zero hardcoded credentials — no secrets in source code, container images, or environment files
- CI/CD isolation — GitHub Actions deploys via Doppler tokens; secrets never appear in CI/CD logs or build artifacts
- Audit trail — Doppler provides access logs for secret retrieval and rotation events
Container security
Docker images are built with a minimal, hardened configuration:
| Control | Implementation |
|---|
| Minimal base image | python:3.12-slim — multi-stage builds discard build tools |
| Non-root execution | Dedicated appuser group and user; USER appuser directive enforced |
| Single ingress | Port 5005 — sole entry point through MessageGateway |
| No persistent storage | Application layer is stateless; containers are disposable |
The bank can audit every external data flow from Lola Send’s deployment. The architecture is designed so that data residency requirements can be verified by examining the VPC configuration, model provider agreements, and channel provider contracts — no hidden data flows exist.
