AivahHelp CenterGo to Aivah

Privacy, consent, and safe data handling

Apply practical data-minimization, consent, connected-action, and human-review checks before using Aivah with real people.

Who this is forWorkspace owners, administrators, publishers, and reviewers responsible for personal information or public experiences

You will achieveIdentify where information can enter or leave Aivah, reduce unnecessary collection and access, and require human review for sensitive or irreversible work.

Before you beginReview the requirements before changing anything.

Last reviewed 10 July 2026Owner: Product EducationCurrent guide
On this page
  1. Before you begin
  2. Steps
  3. 1. Minimize business knowledge in Agents
  4. 2. Limit connected actions in Integrations → MCP
  5. 3. Review visitor access in Shared
  6. 4. Minimize lead collection and review consent
  7. 5. Confirm voice, call, and recording permission
  8. 6. Review memory and Insights access
  9. 7. Keep a person responsible for high-stakes work
  10. 8. Check deletion and retention before removing an account
  11. Expected result
  12. Status meanings
  13. Usage credit impact
  14. Information stored or shared
  15. Limits and permanent actions
  16. Common problems and recovery
  17. Next step

This guide gives practical checks for teams using Aivah with real people or company systems. You will identify where information can be collected or shared, use the minimum necessary data and access, and keep people responsible for sensitive or irreversible decisions.

Before you begin

  • Identify the purpose, audience, information needed, and accountable owner.
  • Review your organization's current privacy, consent, security, retention, and connected-service rules.
  • Separate public business knowledge from internal or customer-specific information.
  • Define the human handoff and actions that require confirmation.
  • Obtain product, security, or legal guidance when the use involves regulated, sensitive, or high-stakes information.

Steps

1. Minimize business knowledge in Agents

Use current, approved sources with a clear owner and date. Remove contradictory versions and separate internal-only information from public information.

Do not upload private customer records as general business knowledge. Tell the employee not to guess and define when it must involve a person.

2. Limit connected actions in Integrations → MCP

Choose only the actions the employee genuinely needs. Require confirmation before an action sends a message, creates or changes a record, books something, deletes information, changes financial information, or makes another irreversible decision.

Use an organization-approved sign-in method and never paste private connection values into a conversation.

3. Review visitor access in Shared

Visitors to a public shared experience do not need an Aivah account. Use the smallest possible set of public actions, test every sharing method, and remove the experience when access is no longer needed.

The current sharing form does not provide a visitor password, expiry date, or website-domain restriction. Share a direct link only with the intended audience.

Collect only information necessary for the stated purpose. Use a clear field label and appropriate consent wording.

Avoid requesting passwords, payment details, identification documents, health information, or other sensitive data unless your organization has approved controls and a clear legal basis.

Lead-form settings are connected to the selected AI employee and can affect its shared experiences. Review existing shares after a change.

5. Confirm voice, call, and recording permission

Only create a voice when you own the recording or have clear permission from the speaker. Before phone use, confirm recording and consent requirements with your organization.

Close active microphone, camera, screen, podcast, or recording experiences when finished.

6. Review memory and Insights access

Before editing or deleting memory, confirm the correct customer, source, and context when available. Remember that a memory download covers the displayed page, not necessarily every memory in the account.

Restrict access to conversations, leads, quizzes, calls, transcripts, and downloaded files. Store downloads only where your organization permits and delete copies when they are no longer needed under its approved process.

7. Keep a person responsible for high-stakes work

Do not rely on an AI employee or undefined Insights score alone for health, legal, financial, employment, eligibility, safety, or other high-stakes decisions. Require an authorized person to review the source, context, and proposed action.

8. Check deletion and retention before removing an account

Account deletion is permanent. Before confirming it, download information you are entitled to keep, hand over important shared experiences, review active connections and billing, and confirm your organization's record-retention obligations.

Do not assume legally required financial records or information held by connected outside services are deleted because the Aivah account is removed.

Expected result

The AI employee has a defined purpose and accountable owner, uses approved knowledge and minimum necessary access, presents suitable consent where required, and sends sensitive or irreversible decisions to an authorized person.

Status meanings

A saved setting, connected state, or completed task is not a privacy, security, or compliance approval. Use your organization's approved review process for those decisions. If consent, access, retention, or an outside action is unclear, stop the launch or action and obtain an authorized review.

Usage credit impact

This article does not define usage-credit rates. Private tests, voice, content, calls, channels, connected actions, and other supported activity may affect the balance shown in your workspace. Set a budget using current account information and avoid duplicate tests.

Information stored or shared

Depending on the feature used, relevant information can include:

  • Account profile and billing information.
  • Business knowledge and instructions.
  • Conversation content, supported attachments, and memory.
  • Lead-form submissions.
  • Quiz attempts and results.
  • Call details and transcripts when available.
  • Generated work and downloaded copies.
  • Information exchanged with a connected tool, phone provider, Slack workspace, or WhatsApp connection.

This list describes feature areas, not exact retention, storage location, deletion behavior, or a guarantee that every item is collected.

Limits and permanent actions

  • Conversation deletion and account deletion are described as permanent in the current guidance.
  • Some generated-work deletion may not be recoverable.
  • Memory deletion recovery is not documented here.
  • A download creates a copy outside Aivah and may cover only the displayed or loaded records.
  • A public action, message, call, or scheduled job can affect an outside system immediately.
  • This article makes no compliance, security, access-control, audit-history, retention, deletion-timing, or regional data-location claim.

Common problems and recovery

ProblemWhat to try
Sensitive information was added as general knowledgeStop public use, remove or replace the affected source when authorized, retest, and follow your organization's incident process.
A connected action has too much accessStop testing, reduce the allowed actions, update confirmation instructions, and retest privately.
A public experience collects unnecessary fieldsRemove the unnecessary fields, review consent wording, and retest every shared method.
A voice was created without confirmed permissionStop assigning or using it and follow your organization's approved consent and incident process.
A download or screenshot contains personal informationMove it to an approved location, limit access, and remove unnecessary copies under your organization's process.
You need an exact retention, deletion, security, or compliance answerDo not infer it from the product screen. Request the current approved policy or legal statement through Aivah support.

Next step

Apply the public lead, consent, and action checks, or contact Aivah support for the current approved policy relevant to your use.