An AI employee gets scoped like a human hire: the narrowest access that lets it do one job, accounts you own, logs you can read, and hard lines it never crosses. If a vendor can't tell you exactly what their AI reads, writes, and retains — and prove it in an audit log — that's your answer.

The permission model: least privilege, like any hire

You wouldn't give a new front-desk hire your banking password. Same rule here. A properly installed AI employee touches only what its loop requires:

  • CRM: read customer records and write call outcomes, bookings, and notes — scoped to the objects its loop owns, not admin access.
  • Calendar: write bookings into defined slots. It doesn't reorganize your schedule.
  • Phone + SMS: runs on numbers and accounts you own (your voice provider, your Twilio) — so you can revoke access or switch vendors without losing your number or history.
  • Hard lines: no card numbers, no bank credentials, no payroll, no signing anything. Payment collection means sending your existing payment link, never taking a card by voice.

Seven questions to ask any AI vendor

  1. 01Where does my customer data live, and in whose accounts?
  2. 02Is my data used to train models shared with other customers?
  3. 03What exactly can the AI write to my CRM, and can I see every write?
  4. 04What happens on an edge case — who does it escalate to, and how fast?
  5. 05Are call recordings and transcripts retained, for how long, and can I delete them?
  6. 06What's the blast radius if credentials leak — what could the AI actually do?
  7. 07Can I get a full export and a clean shutdown if I leave?
My rule is boring on purpose: if losing the vendor means losing your phone number, you don't have a vendor. You have a landlord.
Nathan, founder

Compliance notes for service businesses

Not legal advice — get counsel before going live. But three areas come up in nearly every install: outbound SMS and calls need documented consent under TCPA rules (reminder cadences are built FDCPA/TCPA-aware, with quiet hours and opt-outs); call-recording consent varies by state (two-party states need disclosure); and licensed trades have state-specific rules about who can quote regulated work — which is one reason quoting stays with humans.

Where humans stay in the loop

Escalation isn't a failure mode — it's a design requirement. Angry customers, quotes on complex jobs, anything involving a dispute or a judgment call: routed to a person, with a transcript, inside minutes. The AI's job is to make sure that handoff arrives with full context instead of a voicemail nobody checks.

The full security posture — data handling, honest scope, and what we deliberately don't do — is public:

Read the security, data & honest scope page

Book a Free Revenue Leak Audit

New to the category? Start with what an AI employee actually is before scoping what it can touch.

What is an AI employee? The straight answer