Support agents, salespeople, account managers, and customer success teams get some of the clearest productivity gains from Claude: faster reply drafts, cleaner summaries of long threads, quicker proposal turnaround. They also carry a risk profile that internal users do not — their output reaches people who will act on it, quote it back, and sometimes hold your company to it. An addendum for customer-facing roles (part of your layered policy) should answer three questions plainly: what can be delegated, what must be disclosed, and when to escalate. Treat what follows as recommended practice to adapt with your legal and brand teams.
What can be delegated — and what cannot
A useful mental model: Claude can be delegated the writing; it cannot be delegated the commitment. In practice:
| Generally fine to delegate | Keep human-owned |
|---|---|
| Drafting replies, summaries, and follow-up notes for review before sending | Final review and the decision to send — every external message needs a human owner |
| Rephrasing approved content for tone, length, or language | Pricing, discounts, contractual terms, and delivery commitments |
| Summarizing account history before a call | Claims about product capabilities, availability, security, or compliance |
| Turning engineer notes into customer-readable status updates | Apologies or statements in incidents with potential legal exposure |
The right-hand column is not "never use AI here" — it is "a human with authority must originate or verify the substance, not just skim the wording." A generated sentence that promises a feature date the roadmap does not support is a commitment your company may be asked to keep.
Accuracy obligations
The addendum should state the ownership rule in one line: whoever sends it, owns it. "The AI wrote it" is not a defense externally and should not be one internally. Two supporting practices make the rule workable rather than punitive. First, verification proportional to stakes — a scheduling email needs a skim; a claim about what your product does needs checking against approved reference material. Second, approved-content grounding: where teams answer the same product questions repeatedly, have Claude work from vetted knowledge-base material rather than open-ended generation, which narrows the space for confident-sounding errors.
Also set data boundaries on the input side: customer conversations often contain personal or commercially sensitive information, so the addendum should point to your data classification rules for what may be pasted into which approved tool — and staff should not use feedback buttons on content containing customer data, since explicit feedback submissions carry their own longer documented retention.
Disclosure expectations
Whether and when to tell customers that AI assisted a message is partly a legal question (jurisdictions differ, and some contexts have specific requirements — confirm with counsel) and partly a trust question. Recommended defaults: fully automated interactions, such as a chatbot with no human in the loop, should be clearly identified as such; human-sent messages that used AI for drafting generally follow whatever your company decides as a uniform norm, so individual employees never have to improvise the answer; and if a customer directly asks whether AI was involved, employees answer honestly and follow the agreed escalation path.
Escalation triggers
Give employees a short, memorizable list of situations that end AI-assisted handling and start a human-and-manager conversation: a customer disputes the accuracy of something already sent; a generated reply is discovered to have contained an error after sending; the interaction involves a complaint with legal, safety, or regulatory dimensions; or a customer objects to AI involvement. Log these events — they feed your incident playbooks and tell you where the guardrails need tightening.
Where to go next
For deciding which customer-facing use cases can run with lighter review, see what to automate vs. require human review and high-stakes output review. The platform overview covers where the underlying deployments run.