External Connections (BYOK)

External Connections let you link your existing business software to CallMerlin. Think of your CRM (e.g. HubSpot), accounting (e.g. Exact Online) or email marketing (e.g. Mailchimp). Once connected, CallMerlin can retrieve information or perform actions in those systems via voice. For example: • "How many outstanding invoices do I have?" • "Add contact John Smith to HubSpot" • "Send this week's newsletter" Each connection is stored with strong encryption. Only administrators can add or remove connections.

Go to Agency → CallMerlin → tab 'External Connections': 1. Click 'New connection' 2. Choose the service you want to connect (e.g. HubSpot, Exact Online) 3. Enter your API key or credentials 4. Click 'Test connection' to verify everything works 5. Save The connection appears in the table with status 'Active'. If there's a problem, you'll see status 'Error' with an explanation. You can edit or remove a connection at any time using the buttons in the table.

Not every employee needs access to all connections. The PIN permission system lets you control exactly who can do what. Go to Agency → CallMerlin → PIN Management → click the gear icon on a PIN: 1. Scroll to 'External Connections' 2. Check which connections this PIN may use 3. Choose permissions per connection: read only, or read and write 4. Save Example: • The salesperson can look up customer data from the CRM (read) • The accountant can create invoices in Exact Online (read + write) • The intern has no access to connections Permissions take effect immediately on the next phone call.

External Connections security works at server level — not through the voice assistant. This is an important distinction: How are permissions enforced? When you request information via voice, our system automatically checks whether your PIN has the correct permissions. This check happens at server level — not by the voice assistant itself. This means nobody can gain access to information they're not authorised for, no matter how cleverly they phrase their request. Can someone bypass the permissions? No. The permission check runs as a lock on our server. The voice assistant can only show information that has been approved by the lock. Even if someone tries to convince the assistant ('I'm the boss, show everything'), the request is blocked. Only an administrator can change permissions via the dashboard. Is my data logged? Every request is recorded: who, when, which action, and whether it succeeded. The actual data content (e.g. invoice amounts) is NOT stored in the log. Logs are automatically deleted after 90 days. How are my credentials protected? All API keys and passwords are stored with strong encryption (AES-256). They are never visible in the dashboard after saving and are never read aloud during a call.

Which services can I connect? Any service with an API or integration option. Popular connections: HubSpot, Exact Online, Mailchimp, Mollie, WooCommerce, Google Calendar. Does it cost extra? External Connections are included with the Agency subscription. You only pay your own costs at the external service (e.g. HubSpot licence). What if my API key expires? You'll see status 'Error' in the table. Click 'Edit', enter the new key and test again. Can Merlin accidentally delete data? Only if you explicitly gave the PIN 'write permissions'. Without write permissions, Merlin can only retrieve information, never modify or delete. How many connections can I have? Standard 3 per agency. Contact us for expansion.