Question from Reddit user:
I have a client that wants to integrate their CRM (Hubspot) into GoHighLevel.
My issue that I face is that I dont want them to be able to view any of my backend work as I don’t want them to be able to copy it etc.
I have set up an AI Bot that sends Text Messages to their old leads and acts as an appointment setter.
If I were to integrate their CRM, is there a way for me to block them from seeing how the bot works, and only give them access to the SMS conversations?
Would really appreciate any help here as this will be my biggest client!
Answer from Nabil:
The short answer is:
Yes, you absolutely can integrate your client’s HubSpot CRM contacts into GoHighLevel and limit their visibility to protect your proprietary AI bot workflow, specifically by using GoHighLevel’s granular user permissions.
You would set up a limited user account for your client with the role of “User” instead of “Admin.” Then, you would disable access to the “Automation” and “Workflows” menus entirely.
You should also check the permissions for “AI Agents,” ensuring the client can only view conversation history but cannot “View & Manage Conversation AI agents,” which is the setting that contains the bot’s core logic, training, and goals.
The long answer is:
Your concern about protecting your intellectual property is highly valid, and GoHighLevel is designed with agency owners like you in mind.
To achieve this, you need to leverage two core features: a limited User Role and specific granular permissions.
First, create a new user profile for your client under the “My Staff” section in the sub-account and ensure the user role is set to “User,” not “Admin.” Admin users have full access, which you want to prevent.
Second, within the “Roles and Permissions” tab for that user, you can toggle off access to various modules.
Critically, you must disable the main “Automation” module to hide the Workflows section.
You should also scroll down to the “AI Agents” or “Conversational AI” settings and ensure that the permissions for viewing and managing the bot’s configuration, goals, and training are disabled, while keeping access to the main “Conversations” module enabled.
This setup lets the client see the active SMS conversations in the unified inbox, proving the bot is working and setting appointments, but it hides the underlying logic of the workflow that triggers the bot and the configuration of the AI bot itself.
The contact data from HubSpot can be securely synced into GoHighLevel via a native integration or third-party tools like Zapier, Make, or Integrately, ensuring the leads are available for your bot without granting the client access to the sync configuration itself, which is typically managed at the sub-account’s Integrations page, which you can also disable visibility for.
If you wanted to build an even more segregated and robust long-term solution, you could use a custom integration built with the HighLevel API and the HubSpot API, managed by an external tool like Google Tag Manager and a serverless environment like Stape or Google Cloud Platform.
This setup would use the HubSpot API to monitor for new or updated contacts, and then use the HighLevel API to create or update those contacts in the GoHighLevel sub-account, initiating your bot workflow via an API-triggered event.
The advantage here is that the integration logic lives entirely outside of the GoHighLevel platform, ensuring a complete separation of your client’s CRM data and your proprietary bot logic, offering the highest level of IP protection.
About The Author
