Every tool the AI Assistant uses filters results by your organization's ID — companies, contacts, deals, tasks, activities, emails, documents. You cannotaccess another tenant's records through the AI, even if you know their internal IDs.

Your conversation history (every question you ask, every response you receive) is stored under your user account only. Other users in your organization cannot see your conversations.

When the AI looks up a company or contact, it sees an internal identifier so it can make follow-up queries. But that ID never appears in your chat output:

• UUIDs in text responses are automatically redacted before delivery.
• Tool cards show a clickable entity name + badge (e.g., "Acme Corp · Company"), not raw database rows.
• Field names like person_id or company_id are replaced with "record" or removed.

When the AI reads data from your CRM (e.g., a company's notes field), it treats that data as display content only— never as instructions. A malicious entry like "ignore previous instructions and…" inside a notes field will not change the AI's behavior.

If you sign out while a chat is actively running, the run may continue for up to 5 minutes on our servers to finish the current turn cleanly. No new data is shared with any provider after sign-out; the run simply wraps up its in-flight work and persists the result to your conversation history for when you sign back in.

Preferences you save are stored in your user account and your organization's tenant. They are scoped per-user — other users in your organization do not see your preferences, and you do not see theirs.

• Up to 50 active preferences per user, each up to 280 characters.
• Database row-level security blocks any cross-user read.
• Preferences are injected into your chat's system prompt at request time — never sent to other users' conversations.
• Deleting a preference removes it from future prompts immediately; it does not retroactively edit past conversation history.

See AI Preferences for how to add and remove them.

Requests are sent to the AI provider your organization has configured (OpenAI, Anthropic, or OpenRouter-routed models). The provider receives your message plus any CRM data the AI looked up to answer it. Provider-specific data-handling policies apply — consult your provider's documentation.

Every AI call Laureo makes on your behalf — chat, email drafting, smart reply, meeting summaries, chip generation, next-action suggestions — is sent with a Zero Data Retention flag that the provider enforces at the request level. We set both zdr: true in the request body and an X-OpenRouter-ZDR: true header so the setting is explicit end-to-end.

Under ZDR:

• Prompts and completions are not logged to provider storage.
• Content is not retained beyond the window needed to produce the single inference result.
• Content is not used to train or fine-tune any model.
• Routing is restricted to downstream model providers that operate under matching no-retention, no-training agreements.

This applies to Google Workspace data equally — emails, calendar events, and Drive file metadata that flow into an AI prompt are held only for the inference request itself and discarded afterward. No Google Workspace data is retained by any AI subprocessor or used to train any model.

If your organization uses its own API key, ZDR only applies to the extent your chosen provider supports it. Check the provider's data-handling terms on the account you configured.