Approvals & safety — Protocol CRM Help

Advanced The agent is built so it can be useful without being dangerous. The rule is simple and worth internalising: the agent moves freely where it can’t hurt you, and stops for your approval where it can.

The line: blast radius, not trust

What decides whether an action runs instantly or waits isn’t how much Protocol trusts the AI — it’s how much an action could cost if it were wrong. Reversible and private to you? It runs. Seen by a client, moves money, or can’t be undone? It waits for you.

Everything on the left happens as you chat. Everything on the right is prepared by the agent and held until you approve it.

How approving works

When the agent wants to do something on the right, it doesn’t do it — it prepares it and hands it back to you. You’ll see exactly what it intends, and a single action to confirm:

Approval needed · Send message to Sarah K.

"Let's swap to box squats to a comfortable depth this week — film me a set so I can check the descent. How's the knee feeling today?"

Discard Edit ✓ Send

A held action shows you exactly what will happen. Send to approve, Edit to adjust first, or Discard. Nothing leaves Protocol until you tap.

You can approve from Protocol, and the assistant will tell you in chat when something’s waiting. Approvals are one at a time and explicit — there’s no “approve everything” switch, on purpose.

Data, privacy & revoking {#data-privacy}

This is the part to understand clearly before you lean on the feature.

What the agent can see. Exactly what you can see — your clients, Vault, schedule, messages and billing — and nothing outside your account. It can’t reach another coach’s roster, and on a team it respects the same permissions your own login has.

What leaves Protocol. To answer a question, your assistant has to read the relevant data — and reading it means that data is sent to your AI provider (Anthropic for Claude, OpenAI for ChatGPT) to process the reply. That includes client information when your question is about a client. This is the unavoidable trade of using your own AI: the thinking happens on their side, so the data it thinks about goes there. Both providers, on their business and API plans, don’t use that data to train their models — but it is still processed by them, and once your assistant has it in a conversation, what happens to that conversation is governed by your account with that provider, not by Protocol.

Your responsibility, and ours. Protocol’s job is to keep this scoped, logged, and revocable, and to make the export something you opt into with eyes open. Your job — as the person who holds the relationship with your clients — is deciding it’s appropriate to run an AI assistant over their data, the same judgement you make about any tool you bring to your coaching. If your clients’ data is sensitive enough that this gives you pause, that pause is the feature working.

See activity & revoke. Under Account & settings → AI agent you can:

Review an activity log — what each assistant read and did, and when.
Revoke instantly — pull a key or disconnect an app and it stops mid-sentence. Do it the moment a laptop goes missing or you stop using an app.
Limit scope — grant an assistant read-only access if you want it to analyse and summarise but never prepare changes at all.

Start read-only if you’re cautious. A read-only connection can do every rundown, analysis and summary in these guides and literally cannot change a thing. It’s the safest way to live with the feature for a week before you let it draft and prepare actions.

Back to: AI agent overview · Connecting your assistant