| Question area | Primary route | Do not promise until | |
|---|---|---|---|
| Data access | Who can view conversations, leads, reseller access, vendor support, connected tools | Verified vendor documentation or vendor follow-up | Each access surface is documented |
| Retention | Storage, deletion, export, backups, model training or analytics use | Vendor documentation request | Written policy confirms the specific behavior |
| Permissions | Who can edit content, publish changes, connect tools, own the workspace | Permissions documentation | Role separation and ownership are verified |
| Liability | Named laws, sensitive data, proposal language, audit trail claims | Legal, security, or procurement review | Approved language and reviewer signoff exist |
Capture the exact wording, especially retention, deletion, access, compliance, and proposal claims.
Match it to vendor documents, approved client materials, or implementation notes.
If the answer is plausible but undocumented, ask the vendor for written confirmation.
If the answer creates legal, procurement, regulated-data, or contract risk, send it to review.
State what is verified, what is open, and who owns the next answer.