Every tool the AI Assistant uses filters results by your organization's ID — companies, contacts, deals, tasks, activities, emails, documents. You cannotaccess another tenant's records through the AI, even if you know their internal IDs.

Your conversation history (every question you ask, every response you receive) is stored under your user account only. Other users in your organization cannot see your conversations.

When the AI looks up a company or contact, it sees an internal identifier so it can make follow-up queries. But that ID never appears in your chat output:

• UUIDs in text responses are automatically redacted before delivery.
• Tool cards show a clickable entity name + badge (e.g., "Acme Corp · Company"), not raw database rows.
• Field names like person_id or company_id are replaced with "record" or removed.

When the AI reads data from your CRM (e.g., a company's notes field), it treats that data as display content only— never as instructions. A malicious entry like "ignore previous instructions and…" inside a notes field will not change the AI's behavior.

If you sign out while a chat is actively running, the run may continue for up to 5 minutes on our servers to finish the current turn cleanly. No new data is shared with any provider after sign-out; the run simply wraps up its in-flight work and persists the result to your conversation history for when you sign back in.

Requests are sent to the AI provider your organization has configured (OpenAI, Anthropic, or OpenRouter-routed models). The provider receives your message plus any CRM data the AI looked up to answer it. Provider-specific data-handling policies apply — consult your provider's documentation.