AI Agent Privacy

What the AI agent can see, what it can't do, and how to turn it off.

Last updated 2026-06-02. The Coordinex AI Agent lets an owner or admin connect their own ChatGPT (OpenAI) or Claude (Anthropic) assistant to their Coordinex organization, so they can ask about their business in plain language and have the assistant draft routine actions for a person to review and approve. This page explains exactly what the agent can see, what it can and cannot do, where the AI runs, and how to turn it off. If anything here is unclear, email hello@coordinex.app.

The short version

  • The agent is available to owners and admins only. Employees and supervisors cannot connect it.
  • The agent can read a defined set of operational data (your schedule, hours, team, staffing, approvals) and can propose actions — but a human always reviews and confirms before anything happens. The agent never acts on its own.
  • The agent never moves money. It cannot run payroll, send a payout, process a payment, or transfer funds. There is no money action of any kind in what the agent can do.
  • The AI runs on your own ChatGPT or Claude subscription (bring-your-own). Coordinex does not send your data to any AI provider to train a model, and Coordinex does not operate or pay for the AI.
  • You can disconnect at any time, which revokes the agent's access.

1) What the agent can access (read-only data)

When an owner or admin connects the agent, it can read a curated, purpose-builtset of Coordinex data through Coordinex's own secure connector — never your raw database. The agent sees only what your own Coordinex permissions already allow, re-checked on every request. The readable data includes:

  • Schedule — upcoming shifts and the team schedule for a date range.
  • Hours — hours worked in a period, overtime proximity, and non-financial work summaries for named team members (hours, shifts, task counts, clock status).
  • Team — active team members with names, roles, and status; team availability for scheduling.
  • Staffing & coverage — unfilled or open shifts, coverage gaps, and staffing-risk summaries.
  • Approvals & operations — pending approval counts and the operational work queue, scoped to your approval permissions; operational alerts; and the owner/admin daily brief.
  • Documents & search — searching Coordinex content and document insights you already have access to.

What it does not do with that data:

  • Every result that leaves Coordinex for your assistant passes through an output-minimization boundary that strips sensitive identifier shapes — Social Security numbers, EINs, bank-account and routing numbers, and credential-like strings are removed before the assistant ever sees the text.
  • Earnings and revenue figures are withheld from the agent at launch. The agent surface does not expose pay, wages, or dollar amounts for other people; an employee's work summary returned to the agent never includes a dollar figure.
  • The agent is tenant-isolated: it can only ever see the one organization the connection was authorized for. Your identity, organization, and role are re-derived by Coordinex's servers from a verified sign-in on every request — the assistant cannot claim to be someone else or reach another organization's data.

2) What the agent can do (propose, never act alone)

The agent does not change anything by itself. When you ask it to do something, it drafts a proposal — for example, a draft announcement, a draft shift, a draft time-off request, or a suggested approval — and that draft lands in an in-app approval inbox inside Coordinex.

A person (you or another authorized owner/admin) then reviews the draft, can edit it, and explicitly confirms or rejects it. Only after a human confirms does Coordinex carry out the action. This human-in-the-loop step is required for every action and cannot be skipped. Drafts that move toward something irreversible (like a deletion or a broadcast message) require an extra confirmation step, and any deletion the agent helps with is a recoverable soft-delete, not a permanent erase.

The agent never moves money. This is a hard architectural boundary, not a setting:

  • The agent has no payment, payout, payroll, EWA (earned-wage-access), or fund-transfer capability of any kind.
  • When a proposed action happens to touch a pay-relevant figure (for example, logging worked time), the amount is recomputed by Coordinex's own servers at the moment of approval — the assistant's number is never trusted or used to move money.
  • The confirmation step that carries out an action accepts only an organization and an action identifier — never a dollar amount.

3) Where the AI runs — bring-your-own subscription (BYO)

The intelligence behind the agent is your own ChatGPT or Claude subscription, operated and billed by OpenAI or Anthropic. Coordinex does not run, host, or pay for the AI model.

  • Coordinex does not send your customer data to any AI provider to train a model. Coordinex's role is narrow: it verifies who you are (your identity and that you are an owner/admin), and it returns the specific, permission-scoped, minimized answers described above to your assistant.
  • Because the assistant is your own subscription, your prompts and the assistant's handling of them are governed by OpenAI's or Anthropic's terms and privacy practices, which Coordinex does not control. On some personal AI plans, the provider may use prompts to improve their models. That is a property of your AI provider account, not of Coordinex.
  • Coordinex never shares another employee's private data with your assistant beyond the permission-scoped, minimized summaries described in Section 1.

The in-app disclosure states this plainly before any connection is made:

“Your ChatGPT or Claude subscription is billed and operated by OpenAI or Anthropic. On personal plans, your prompts to them may be used to improve their models, which Coordinex cannot control. Coordinex only verifies who you are and never shares another employee's private data.”

4) How access is granted and secured

  • Owner/admin only.Connecting and using the agent is restricted to owners and admins. The restriction is enforced on Coordinex's servers by re-deriving your role from a verified sign-in on every request — not from anything the assistant or a token claims. A non-owner/non-admin is refused.
  • Secure sign-in (OAuth), no key pasting.You connect by signing in through a standard, secure OAuth flow in a system browser; you never paste an API key or password into Coordinex, and Coordinex never reads or stores your assistant's access token. Access tokens are short-lived and revocable.
  • Scoped permissions. The connection carries only the specific read/propose permissions appropriate to your role, and Coordinex re-checks your live organization permissions on every request as the authoritative inner gate.
  • Off by default. The agent integration is disabled until an owner explicitly enables it for their organization.

5) Data retention

  • Proposals (drafts the agent creates)are stored as pending items in your organization's records until they are approved, rejected, or expire, and remain available for your audit history. Approved actions create the corresponding Coordinex record (a shift, announcement, etc.) under your organization's normal data retention.
  • Audit trail. Agent activity (proposals, approvals, and the outcome of executed actions) is logged for accountability within your organization.
  • No separate AI data store at Coordinex. Coordinex does not retain a separate copy of your prompts or your assistant's conversation. Your prompts live with your AI provider (OpenAI/Anthropic) under their retention practices.
  • Operational logsfollow Coordinex's standard retention practices and time-to-live policies, in line with the main Coordinex Privacy Policy.

6) How to revoke access

  • Disconnect in the app.Open the AI Agent connector in Coordinex and choose Disconnect for ChatGPT or Claude. This calls Coordinex's revoke function, which invalidates the assistant's access token; access ends.
  • Disable for the whole organization.An owner can turn the agent integration off for the entire organization, which removes the connect option and the agent's reach for everyone.
  • Provider side.You may also remove Coordinex's authorization from within your ChatGPT or Claude account settings.

7) Optional Square connection (only if you enable it)

If your organization separately connects Square and explicitly grants the agent edit permission, the agent may propose non-money Square changes for your approval — catalog (menu) edits, inventory-count adjustments, and reversible catalog archiving. The agent never has access to Square payments, orders, refunds, or payouts, and even an edit grant cannot move money. This Square capability is off unless you deliberately turn it on.

8) Children's privacy / scope

The Coordinex AI Agent is a workforce-management tool for business owners and admins. It is not directed to children and processes business operational data, not consumer data.

9) Changes to this policy

We may update this page as the agent integration evolves. Material changes will be reflected by the “Last updated” date at the top, and the current version always lives at this URL. This page sits alongside the main Coordinex Privacy Policy and Terms of Use.

10) Contact

Questions about the AI agent and your data? Email hello@coordinex.app. We answer.

Coordinex

Coordinated work for the teams that keep things moving. From cafes and crews to clinics, subcontractors, studios, and small businesses.

Product

Legal

© 2026 Coordinex. All rights reserved.Made for teams that coordinate.