Use this guide if a public AI employee will collect contact details or let visitors request actions through connected services. You will make the purpose and consent visible, collect the minimum information needed, require confirmation for lasting actions, and test where the resulting information goes.
The exact lead fields and connected actions available can change by employee, account, and service. Product, privacy, and legal owners should verify the final configuration and wording before public launch.
Before you begin
- Write the single purpose for collecting visitor information and identify who will follow up.
- Ask your organization's privacy or legal owner to approve the consent wording, fields, and handling process.
- List only the information needed for that purpose. Avoid passwords, payment details, identification documents, health information, or other sensitive data unless your organization has approved controls and a clear legal basis.
- In Agents, confirm the employee instructions explain what it may collect, what it must not request, and when it must involve a person.
- In Integrations → MCP, review each connected service and action. Remove anything the public experience does not need.
- Decide which actions require visitor confirmation and which require a person to review or complete them.
- Prepare non-sensitive test data and a person who can confirm where leads and outside actions arrive.
Steps
1. Define the lead purpose and fields
Write a short statement that tells visitors why the information is requested and what will happen next. Turn that purpose into the smallest useful set of fields.
Give every field a visible, specific label. Mark a field required only when the visitor cannot receive the stated service without it.
2. Open Shared
Open Shared, then create a new experience or open the available settings for an existing one. Confirm that you are working with the intended AI employee before changing lead or action settings.
3. Configure the lead form
Add the form title, approved consent wording, and each field. Review the visible label and required or optional setting for every field.
Read the form as a visitor. It should explain the purpose before the visitor submits information. Do not use a vague label where a more specific one is possible.
4. Review connected actions
Enable the smallest set of actions needed for the public job. A service being connected to the account does not mean every action from that service should be available to visitors.
Avoid public access to actions that delete records, send unrestricted messages, change financial information, or make irreversible decisions. When an action creates, changes, sends, or books something, require the employee to summarize the intended result and ask for confirmation before running it.
5. Confirm instructions and human handoff in Agents
Open the employee in Agents and check that its instructions cover:
- What personal information it may request.
- What it must never request or expose.
- How it describes the purpose and consent.
- Which action details it must repeat before confirmation.
- When it must stop and involve a person.
- How the visitor reaches that person.
If you change the instructions or knowledge, wait for preparation to complete and retest before returning to the public experience.
6. Save and test as a visitor
Save the shared experience. Open each public entry point in a private browser window and use the prepared test data.
Confirm that the lead form shows the correct title, consent wording, field labels, and required settings. Submit once, then request each connected action separately. Verify that the employee asks for the intended confirmation and does not expose actions outside the approved set.
7. Verify the lead in Insights → Leads
Open Insights, select the correct employee and date range, then open Leads. Find the test submission and open the related conversation where available.
If the record is not on the first page, check other pages and confirm the employee and date filters. Do not submit repeated copies until you have completed those checks.
8. Verify every outside action
Ask the owner of each connected service to confirm that the safe test produced the intended result and no additional action. Check that the data sent was limited to what the action required.
If the action is broader than expected, stop promoting the public experience, remove or limit the action, update the employee instructions, and retest privately before relaunching.
9. Review connected shares after a change
Lead-form settings are connected to the selected AI employee and can affect its shared experiences. After changing fields, consent, instructions, or actions, identify every share for that employee and repeat the visitor test for each one.
Expected result
Visitors see the purpose and consent wording before submitting the necessary fields. The test lead appears under the correct employee and date in Insights → Leads. Public action requests are limited to the approved set, show the intended details before confirmation, and produce the verified result in the connected service.
Status meanings
This flow does not provide one universal delivery status. A saved form confirms configuration, a test record in Insights → Leads confirms supported lead capture, and the connected service is the source of truth for an outside action. Never assume a message, booking, record change, or deletion succeeded from the conversation text alone.
Usage credit impact
Public conversations and supported connected activity may consume usage credits. This guide does not provide a fixed rate or formula, and a lead submission alone should not be used to estimate the cost of a full visitor session. Review the current balance and on-screen information in your workspace, then monitor actual usage after launch.
Information stored or shared
- Lead submissions can be stored in Aivah and reviewed in Insights → Leads with a related conversation where available.
- Anyone who can open a public experience may be able to enter information. Aivah does not verify that submitted details are accurate.
- A connected outside service receives the information needed to run its approved action. The service may then store or process that information under your organization's arrangement with that provider.
- Exported lead information leaves the workspace copy. Store it only in approved locations and delete copies when they are no longer needed.
- Do not include passwords, payment details, private connection values, identity documents, full customer records, or other sensitive information in tests or support messages.
Limits and permanent actions
- The current sharing form does not provide a visitor password, expiry date, or website-domain restriction. Do not describe the experience as access-controlled unless separate controls outside Aivah have been implemented and verified.
- Public links can be forwarded. Remove a shared experience when its intended access is no longer needed.
- Connected actions can send messages, create or change records, make bookings, or delete information. These effects may be difficult or impossible to reverse.
- A confirmation instruction reduces risk but is not a substitute for limiting available actions or using human review for lasting and high-impact decisions.
- Lead-form settings associated with an employee can affect more than one shared experience. Test every affected share after a change.
- This article does not establish a legal basis, retention period, security guarantee, or compliance status. Your organization must approve its purpose, wording, access, storage, follow-up, and deletion process.
Common problems and recovery
A lead does not appear. In Insights, select the intended employee and date range, open Leads, and check additional pages. Confirm the form showed a successful submission before retrying.
The form asks for too much information. Pause promotion, remove fields that are not necessary for the stated purpose, obtain approval for the revised wording, and retest every affected share.
Consent wording is missing or unclear. Do not collect live visitor information. Update the form with approved wording that explains the purpose, then verify it through every public entry point.
An action runs without the expected confirmation. Stop public access to that action, remove or limit it where available, add explicit confirmation instructions, and perform a controlled private test before relaunching.
An outside action made the wrong change. Use the connected service's own recovery process and involve its administrator. Preserve only the non-sensitive details needed to investigate, then narrow the action before another test.
A change affects another public experience. Identify every share that uses the same employee, review the saved lead and action settings, and retest each one before reopening access.
Next step
Use Connected tools and safe actions to reduce service permissions, then follow Review and download results to check leads and conversations without treating a displayed page as a complete account export.
Help Center