How I Built a Secure Enterprise AI Chat Platform Inside a Utility Company

I built an AI chat platform for a regulated utility company. It started because employees needed a secure way to use AI tools internally. It turned into a full enterprise platform with multiple AI providers, department-specific knowledge bases, data analysis, image generation, and a persistent memory system.

It's called ALLETE GPT. I built it for ALLETE, the parent company of Minnesota Power. It's currently on version 1.8, runs on Azure, and grew 147% in its first six months. I'm the sole developer.

Here's how it came together.

The problem

Employees needed access to AI tools, but there was no internal option that met our security and compliance requirements. At a regulated utility, using consumer AI tools with company data isn't an option.

We needed something in-house that could:

• Keep all data within our Azure tenant
• Use existing Azure AD logins
• Let people ask questions about internal documents
• Support multiple AI providers so we're not locked in

That was the starting point. It grew from there.

Multi-model from the start

I didn't want to lock the organization into a single AI provider. The space moves too fast for that.

So I built a model selection layer that routes to different providers. The platform currently supports the latest models from Azure OpenAI, Anthropic Claude (including extended thinking), and has a smart auto-router that picks the best model based on query complexity.

This has been one of the best decisions in the whole project. Different models are better at different things. Claude is great for long document analysis. The OpenAI models handle conversational tasks and code really well. The auto-router means most users don't even have to think about it — the system picks for them.

When new models come out, we add them. The architecture makes that straightforward. There's also automatic failover — if one provider has issues, it switches to another without the user noticing.

Department-specific knowledge bases

This is where the platform stopped being "just a chat app" and became something actually useful for the organization.

We built multiple department-specific knowledge bases, each with its own document index, system prompt, temperature settings, and access control list. Examples of the types of use cases:

• IT support — Help desk guidance and troubleshooting
• HR — Employee policy and benefits reference
• Engineering — Technical specs, safety standards, and design references. Runs at very low temperature because precision matters.
• Regulatory compliance — Legal filings and statutory requirements
• Marketing — Brand messaging and outreach. Runs at higher temperature for more creative output.

Each one has its own access control. Engineering can't see HR documents. HR can't see engineering specs. The permissions mirror Active Directory groups, so there's nothing new to manage.

The temperature tuning per department is something I don't see talked about much, but it matters. A technical spec lookup needs to be precise and conservative. Marketing copy benefits from more creativity. Same platform, different behavior based on the use case.

The stack

• Backend: Node.js + Express with enterprise middleware
• Frontend: Vanilla JavaScript. No frameworks. Fast and simple.
• Database: Azure Cosmos DB with AES-256-GCM encryption
• Search: Azure Cognitive Search for document indexing
• Auth: Azure AD / Entra ID with MSAL
• AI: Azure OpenAI, Anthropic Claude, with auto-routing and failover
• Image generation: FLUX.1-Kontext Pro (primary), DALL-E 3 / GPT-Image-1 (fallback)
• OCR: Tesseract.js + Azure Vision
• Hosting: Azure App Service with private networking

Security

This is the part that separates an enterprise platform from a wrapper around an API.

AES-256-GCM encryption for everything. Conversations, memories, prompts, documents — all encrypted at rest. Not optional.

No data leaves our tenant. Azure OpenAI calls go through private endpoints. Claude calls happen server-side. Nothing hits a third-party system.

Everything is logged. Every message, response, and document lookup. Timestamped with user IDs. Regulated industry means you need to answer "who asked what, and when."

One login. Azure AD / Entra ID. Same credentials employees use for everything else. No separate accounts.

Per-department access control. Users only see what they're authorized for. Tied to AD groups.

24-hour session timeouts with secure HttpOnly cookies. Helmet.js security headers with strict Content Security Policy. CORS protection, rate limiting, input validation. Crash protection with memory monitoring that warns at 1GB heap usage.

Security isn't one feature. It's in every layer.

Document processing

The platform processes PDFs, Word docs, Excel files, CSVs, HTML, plaintext, and images (with OCR through Tesseract.js and Azure Vision). File uploads go up to 75MB for PDFs and Word docs.

The processing pipeline uses Azure Document Intelligence (Form Recognizer) for tables, key-value pairs, and handwriting recognition. Documents get split using semantic chunking — 2,500 token targets with 250 token overlap — then embedded as vectors for search indexing.

Getting this right took the most iteration. A few things I learned:

Semantic chunking beats naive splitting. Splitting documents by actual structure (headings, sections, tables) instead of character count makes a huge difference in search quality.

Metadata on every chunk. Document name, section, date, access level. "Section 4.2 of the Safety Manual (March 2024) says X" is way more useful than "the policy says X."

The AI has to say "I don't know." If there's no good source, it shouldn't guess. Tuning that took real effort but it's critical for trust.

Advanced data analysis

This one surprised me with how much people use it. Users can upload spreadsheets — CSV, Excel, JSON — directly into chat and get statistical analysis, correlation detection, data profiling, quality checks, and downloadable artifacts like charts and processed files.

There are multiple analysis backends. The system picks the right one based on the task.

Features that drove adoption

We launched to a pilot group. Six months later, usage was up 147%. Nobody marketed it. People just told each other.

A few things that mattered:

The first use case was obvious. HR policy questions. "What's the PTO policy for new hires?" Answer in seconds with a source citation. That one use case got people talking.

Export options. People could export conversations and document summaries as PDF, Word, HTML, Markdown, or plain text. Sounds small, but it meant AI-generated content could actually flow into people's existing work. Reports, emails, documentation — whatever they needed.

Personal prompt library. Users can save prompts they use often. If someone writes a good prompt for summarizing meeting notes or drafting customer responses, they can save it and reuse it. This turned casual users into power users fast.

We were honest about what it could do. We told new users: "It answers questions based on documents we've loaded. It can be wrong. Check anything important." People respected that. It built trust.

What I'd do differently

Memory system sooner. We added persistent user memory in v1.5 — the AI remembers preferences and context across conversations. Users love it. Wish we'd built it earlier.

Where it is now

The platform is on version 1.8. Since launch we've added image generation (FLUX.1-Kontext Pro and DALL-E), voice dictation, presentation generation, a news digest service, web search with source citations, a real-time alert system for admins, conversation search across all history, and an API endpoint for programmatic access.

It's a full platform now, not just a chat interface. And it's still one developer.

If you're thinking about doing this

If your company doesn't have a secure internal AI option yet, you're behind.

This doesn't take a huge team. The tools are mature — Azure OpenAI, Claude, Cosmos DB, Cognitive Search. What it takes is someone who understands both the security requirements and the AI landscape well enough to make good architecture decisions early. Bad decisions at the start get expensive fast.