Governance

Configure AI consent, region, and audit controls.

Set tenant and inbox controls before AI features process customer content, then keep export and deletion paths ready.

Token first

Make sure the agent has these scopes.

Create a new token or update the agent's current token before trying the calls below.

Required token scopes

llm:write

Outcome

What this gives you.

Delegated email work has the region, consent, retention, and audit posture a business can approve.

Use when

The operational shape.

A tenant needs to enable AI features only after consent and region choices are explicit.
Legal, security, or operations teams need export, deletion, and audit bundle paths.
You want to prove what was enabled before agents start processing mail.

API sequence

The calls to make.

Review available AI options

GET/v1/enrichment/reference/

List public model and feature options available for the tenant's region.

Set inbox AI configuration

PUT/v1/enrichment/

Enable only the features the tenant has approved, with a budget limit.

Default example

Use this as the default shape for this step.

{
  "inbox_id": "inb_123",
  "model": "claude-haiku-4-5",
  "enabled_features": ["phishing_detection", "next_step", "contact_digest"],
  "budget_limit": 25.00
}

Export subject data on request

GET/v1/compliance/export/

Use a signed-in user session to request a subject-access export.

Delete subject data on request

POST/v1/compliance/deletion/

Use a signed-in user session to begin deletion for the authenticated subject.

Produce an audit bundle

GET/v1/compliance/audit-bundle/

Use an owner or admin session to export the period record for review, SOC2 evidence, or customer requests.

Controls

Review points.

Consent and configuration should be visible before an agent is allowed to depend on enrichment.
Use admin-owned tokens or sessions for tenant-level compliance operations.

Where to go next.

Enrichment Inbox settings Compliance Audit log Invites