Model boundary
No training on customer data
Customer conversations and records are not used to train models.
Security
Security practices for AI employees handling customer work.
General Employee is designed around isolated customer data, controlled access, monitored workflows, and clear boundaries for payments, messaging, and escalation.
Control areas
Data
Isolated by business
Customer content stays scoped to the team and workflow it belongs to.
Actions
Guardrailed execution
High-risk moments route through explicit rules and human escalation.
Monitoring
Workflow review
Calls, texts, summaries, and outcomes can be inspected after execution.
General EmployeeLive workflow
Customer intent captured
Next step confirmed
Team handoff written
Payment boundary
PCI-safe links
Card details flow through Stripe payment surfaces rather than voice workflows.
SMS boundary
Consent-aware
Outbound messaging should respect opt-outs, registration, and quiet-hour policies.
Controls
Security is part of the workflow design.
An AI employee is safest when it has a narrow job, well-defined permissions, clear escalation triggers, and reviewable output.
Data isolation
Customer conversations, contacts, notes, and workflow context are scoped to the business and the employee doing the work.
Access control
Team access should follow the same operational roles used in the business, with sensitive actions limited to authorized users.
Action guardrails
Transfers, refunds, payment requests, medical/legal ambiguity, and urgent escalations should follow explicit rules.
Messaging compliance
SMS workflows can respect opt-outs, approved numbers, registration requirements, and customer communication preferences.
Payment handling
The AI employee can send secure payment links and reminders without collecting card details in a conversation.
Auditability
Summaries, recordings, transcripts, outcomes, and handoffs give operators a way to inspect what happened.
Compliance Posture
Built for teams that need AI to fit inside real operating constraints.
General Employee supports a practical security posture for service teams that handle customers, payments, appointment data, and regulated communication channels.
SOC 2 Type II in progress
Controls are being organized around monitored operational security practices and customer data handling.
HIPAA-ready workflows
Healthcare and dental flows should be configured with limited data exposure, escalation rules, and appropriate business agreements.
Vanta-monitored controls
Security work should be continuously tracked instead of treated as a one-time launch checklist.
Buyer Checklist
Questions to ask before putting an AI employee in production.
What customer data does this employee need, and what can be omitted?
Which actions can it complete, and which require human approval?
How are opt-outs, payment links, medical/legal concerns, and urgent cases handled?
Where can managers review transcripts, summaries, outcomes, and escalations?
Who owns changes to scripts, tools, and routing rules after launch?
Design the first employee with the right boundaries.
Security starts with workflow scope. We can help map the job, the data, the tools, and the escalation path.