Safe by design, not by afterthought

You choose how much to delegate. Every decision is logged with full reasoning. Built for EU AI Act compliance from day one.

Core principles

Human sets the rules

Community managers configure autonomy per action type: auto-send, propose-and-wait, or require approval. Autonomy level (full, guided, supervised) is set per workflow, not just globally. Every action is logged with its gate level regardless of mode.

Full audit trail

Every agent action is logged with: who was targeted, what was sent, why it was recommended, and what happened. Reasoning is stored verbatim for regulatory review. Temporal workflow event history provides a second audit layer -- every workflow step (send, wait, check, follow-up, mark dormant) is durably recorded.

Tenant isolation

Each community's data is isolated by tenant. One community's member data, outreach history, and analytics are never visible to another. Enforced at the database layer. CSMs managing multiple accounts see aggregate health metrics, but individual member data stays within each community's boundary -- no cross-tenant leakage, even in portfolio views.

Agent memory is transparent

Agent observations and CM corrections are stored with source attribution. You can see exactly what the agent "knows" about any member or the community. No hidden state.

Pre-send validation

Before any campaign is sent, the recipient list passes through automated validation. These rules run in addition to human review -- they catch what humans might miss.

✓ Batch size limit. Maximum 20 recipients per campaign. Prevents accidental mass sends.
✓ Recently ignored exclusion. Members who haven't responded to 3+ outreach attempts in 30 days are automatically excluded. Respects their silence.
✓ Stale pending detection. Outreach marked "pending" for over 14 days with no response is counted as ignored. No optimistic assumptions.
✓ Idempotent logging. Sending the same campaign twice doesn't create duplicate records. Safe to retry.
✓ Outcome tracking. Every sent email is tracked for opens, clicks, and replies. The agent learns; the audit trail records.
✓ Follow-up limits. Maximum 3 outreach attempts per member. After 3 ignored contacts, the member is marked dormant. No harassment.

EU AI Act readiness

The EU AI Act requires transparency and accountability for AI systems that interact with people. This system is built with those requirements in mind.

Transparency

Every recommendation includes the agent's reasoning: which signals it observed, why it chose a particular approach, and what it expects to happen. No black boxes.

Human oversight

Community managers configure the autonomy spectrum per action type: auto-send, propose, or require approval. Rules, exclusions, and automation can be changed at any time. Every action records its gate level in the audit trail.

Record-keeping

Full outreach logs with timestamps, member IDs, workflow context, action taken, reasoning, and outcome. Temporal event history provides a durable, replayable audit trail alongside the OutreachLog. Stored with tenant isolation.

What an audit record looks like

Every outreach action creates a record like this. The reasoning field captures the agent's full analysis, not just the decision.

{
  "member_id": 2001,
  "workflow": "re-engagement",
  "action": "email_sent",
  "approval": "auto",
  "attempt": 2,
  "angle": "Upcoming Leadership Breakfast in Paris",
  "reasoning": "Sophie was one of the most engaged members through mid-2025. Attended 3 events including the Tech Leaders Breakfast. Since September, login count dropped to zero and no emails opened. Her profile shows VP Product at BlaBlaCar -- the upcoming Leadership Breakfast aligns with her interests.",
  "outcome": "opened",
  "created_at": "2026-03-18T10:30:00Z"
}

Data handling

The system reads member data from your existing community platform via its API. It does not store raw member profiles -- it stores analysis results and outreach logs. Member data stays in your platform.

Platform credentials are stored per-tenant with plans for encryption at rest. The system operates on your data through your platform's existing access controls and rate limits.

See the demo Product overview