Types of Data Handled
AgentFlow processes the following categories of data as leads move through the qualification pipeline:| Data Type | Description |
|---|---|
| Lead contact data | Name, email address, and message content submitted through the intake form |
| Qualification scores | AI-generated scores and reasoning produced during the qualification workflow |
| Operator decisions | Review outcomes, routing decisions, and actions taken in the operator dashboard |
| Audit logs | Records of pipeline activity, qualification events, and operator interactions |
Storage Foundation
AgentFlow uses Supabase as the foundation for authentication and data storage. Your deployment inherits Supabase’s storage architecture, access controls, and data residency characteristics. Review Supabase’s data handling documentation and your project configuration to understand exactly where your data is stored and who has access.
What Happens to Lead Data at Each Pipeline Stage
- Intake — The lead submits their contact information and message. This data enters the system and is stored in your Supabase project.
- AI Qualification — The intake data is passed to the AI qualification workflow, which runs server-side. A qualification score and reasoning summary are generated and stored alongside the original lead record.
- Operator Review — The operator accesses the protected dashboard to review the lead, qualification score, and supporting context. Any decisions or notes recorded at this stage are logged.
- CRM Handoff — If your deployment is configured for downstream integration, lead data and qualification context are passed to your CRM or next operational system. The scope and format of that handoff depends on your configuration.
Data You Control
Your deployment configuration determines what is collected, stored, retained, and shared. AgentFlow provides the pipeline structure — you control the specifics. This means:- You decide which fields are required on the intake form
- You control retention settings at the Supabase level
- You determine which team members have dashboard access
- You configure what data reaches downstream systems during CRM handoff
Pre-Deployment Data Handling Checklist
Review these questions before going live
Review these questions before going live
Work through each question before accepting live leads or operating with client data.What data is collected from each lead?
Map every field on your intake form to data that is actually stored in your deployment. Confirm you are not collecting data you do not need.Where is it stored and for how long?
Identify what data categories are persisted in your deployment — including lead contact data, qualification scores, and audit records. Define and implement a retention policy that matches your business and any applicable legal obligations.Who has access in your team?
Review which team members or roles have access to the operator dashboard and direct database access. Restrict access to the minimum required.How is it shared with downstream systems (CRM handoff)?
Document what data leaves AgentFlow during the handoff step. Confirm the receiving system handles that data appropriately, especially if it includes personal contact information.Have you reviewed applicable privacy obligations?
Depending on your jurisdiction and industry, you may be subject to GDPR, CCPA, or other data protection frameworks. AgentFlow does not enforce compliance with these regulations — that obligation is yours.
Responsible Data Use
AgentFlow does not claim compliance with regulated-industry data handling standards — including HIPAA, GDPR enforcement, SOC 2, or other frameworks. If your use case involves regulated data or industry-specific obligations, you must conduct your own compliance review and verify that your deployment configuration meets those requirements before accepting live data. The platform is designed to give you a solid foundation, not to make compliance decisions on your behalf.Related: Security Overview · Responsible Disclosure