Is Follow Up Ace safe?

"Is Follow Up Ace safe?" is the right question to ask before connecting any AI to your CRM — and it deserves a concrete answer, not a trust-us paragraph. Below is exactly how Ace handles the four things agents worry about most: whether it will message clients on its own, what happens to your contact data, whether it can produce something that breaks Fair Housing law, and whether the company behind it is legitimate. Every claim here is backed by the code that runs the product.

Will Follow Up Ace message my clients without my approval?

No. Follow Up Ace never auto-sends anything to your contacts. This is the single most important safety property of the product, and it is by design. Ace's job is to surface the next move and write the draft — you are the one who clicks send.

The product's recommendation engine flips the usual AI contract. Instead of "the AI writes and sends a message," Ace surfaces a recommended action and pre-stages a draft text, task, or email that the agent reviews in the composer and sends manually (verified: chat-app/utils/whatsNextGenerator.js — the generator produces pre-staged action chips the agent clicks to send or draft, never an automatic send). There is no background job that fires messages to clients on your behalf.

Why this matters for safety: an AI that auto-sends can embarrass you, message the wrong person, or send something tone-deaf during a sensitive moment in a transaction — and you'd find out after it happened. An AI that drafts and hands off keeps a human in the loop on every outbound message. You get the speed of AI with the judgment of an agent.

What happens to my Follow Up Boss data when Ace uses AI?

When you connect Ace, it reads your Follow Up Boss data to do its work. The safety question is what form that data is in when it crosses into an AI model, and who can see it.

PII is tokenized before any AI model sees it

Follow Up Ace tokenizes personally identifiable information before it reaches a large language model (verified: chat-app/utils/piiAnonymizer.js — anonymizeString() replaces matched PII with placeholder tokens against a server-side replacement map). Email addresses and phone numbers are swapped for consistent placeholder tokens before the request leaves your server. The mapping between a token and the real value stays server-side and is never sent to the model; the response is de-tokenized after it comes back. If the model provider logged the input, it would see tokens — not your clients' real contact details.

Data is encrypted with AES-256-GCM

Sensitive stored values are encrypted using AES-256-GCM (verified: chat-app/utils/encryption.js — crypto.createCipheriv('aes-256-gcm', ...)), an authenticated encryption standard that protects both the confidentiality and the integrity of the data. This is the same class of encryption used to protect data in regulated industries.

Your data does not train any model

Your contacts, conversations, call notes, and pipeline data are not used to train any model — ours or a provider's. Ace uses your data at inference time to generate answers for you, not at training time to improve a model for someone else. The underlying API models (OpenAI's API) operate under API terms that do not use API inputs for training by default — a separate policy from the consumer ChatGPT product. We do not train any proprietary model on your account data.

Can Ace's AI write something that violates Fair Housing law?

This is a real estate–specific safety risk that generic AI tools ignore. An AI that drafts client messages and property descriptions can accidentally produce steering language or reference a protected class — exactly the kind of wording that creates Fair Housing liability.

Follow Up Ace scans AI-generated content for Fair Housing problems in code (verified: chat-app/utils/complianceGuard.js). The scanner checks for references to protected classes (race, color, religion, national origin, sex, familial status, disability) and for steering language — phrases like "great for families" or "close to the church/mosque/synagogue" that create steering risk regardless of intent. The patterns are covered by regression tests, so a future code change can't silently weaken the guardrail without a test failing.

For the full picture of how Ace handles Fair Housing — including HUD's 2024 guidance on AI in housing and NAR's Articles 2 and 12 — see the Follow Up Ace compliance page.

Is Follow Up Ace SOC 2 certified?

Not yet — and we won't claim otherwise. Follow Up Ace's SOC 2 Type II audit is in progress; it is not complete (verified: chat-app/public/compliance/index.html — "Audit underway. We'll publish the report when it's complete — not before."). We are not claiming SOC 2 compliance today. The technical controls described on this page are the controls being audited; the attestation is not finished.

If completed SOC 2 Type II is a hard requirement for your brokerage's vendor approval, the honest answer is that we're not there yet — the controls are in place, the audit attestation is not. We'd rather tell you that plainly than imply a certification we don't hold. (We shipped, then removed, a fabricated review rating once; honesty about what we have and don't have is now a hard rule for us.)

Is Follow Up Ace a legitimate Follow Up Boss integration?

Yes. Follow Up Ace is a certified integration in the official Follow Up Boss Marketplace (verified: chat-app/public/compliance/index.html — "Listed in Follow Up Boss's official integration directory"). FUB Marketplace certification means the integration meets Follow Up Boss's standards for API usage, security, and integration quality. It is an active listing that can be revoked — not a one-time badge — so it reflects ongoing standing, not a historical approval.

How do I cancel Follow Up Ace, and what happens to my data?

You can cancel Follow Up Ace yourself from your account — there is no retention call or cancellation gauntlet. Connecting and disconnecting are self-serve. Because Ace works inside Follow Up Boss through an authorized connection rather than copying your CRM into a separate product you have to migrate out of, removing Ace removes its access. For specifics on data handling and retention after cancellation, see how Ace protects your Follow Up Boss data and the privacy policy.

Follow Up Ace safety at a glance

Frequently asked questions

Does Follow Up Ace read all of my Follow Up Boss data?

Ace works inside Follow Up Boss through an authorized connection so it can read the contacts, conversations, and pipeline data it needs to make recommendations. It does not copy your CRM into a separate product. Personal data is tokenized before it reaches any AI model, as described above.

Can Follow Up Ace send a text or email on its own?

No. Ace produces drafts and pre-staged actions; a human reviews and sends every outbound message. There is no automatic send to your contacts.

Is Follow Up Ace SOC 2 or HIPAA certified?

Follow Up Ace's SOC 2 Type II audit is in progress and not yet complete; we do not claim it as finished. Ace is not a HIPAA product — real estate CRM data is not protected health information.

What makes Follow Up Ace safer than connecting ChatGPT to my CRM directly?

Pasting client data into consumer ChatGPT means real names and contact details leave your control with no tokenization, no Fair Housing scanning, and consumer-grade data terms. Ace tokenizes PII first, scans output for Fair Housing risk, keeps a human on every send, and runs under API terms that don't train on your inputs. See Ace AI vs. ChatGPT for Follow Up Boss for the full comparison.

Go deeper on security and compliance

• How Ace AI protects your Follow Up Boss data — encryption, tokenization, and SOC 2 status in detail.
• AI and data privacy in real estate CRMs — the privacy landscape for agents.
• Follow Up Boss security features explained — what FUB itself provides.
• Follow Up Ace compliance — Fair Housing, HUD 2024 guidance, and NAR Articles 2 & 12.