Contacts

Restoring deleted contacts creates duplicates and exposes them to all users (GDPR risk)
When you delete a contact and then restore it, HighLevel silently creates a new record instead of re-using the original. That creates duplicate contacts in the account with same email address. All users whether or not they had access to the contact, can see the contact's information in the 'Restore' tab which creates GDPR issues. Any user, regardless of whether they had access to the contact or not, can view and restore deleted contacts. This behavior: Bypasses the built-in email uniqueness check Lets restricted users see contacts they don’t “own” Exposes personal data across users, which conflicts with GDPR principles Steps to Reproduce: Create a contact with a given email (e.g. test@test.com ). Delete that contact. Go to “Deleted Contacts” and click “Restore.” Observe that a second contact record appears with the same email. Log in as a user with limited visibility and verify they can see contacts in the 'Restore' tab. Expected Behavior: Restoring a contact should re-activate the original record (no duplicate). Users should only see contacts for which they have permission to view, whether the contacts are deleted or not. Actual Behavior: Each restore action creates a brand-new contact record with the same email. All users, even those with restricted access, can view contacts in the 'Restore' tab Impact: Data Integrity: Duplicate records for the same email cause confusion and campaign errors. Privacy Compliance: Exposes personal data to unauthorized users, risking GDPR violations. Please address this as a high priority bug. Restoring contacts should not create duplicates, and visibility rules must apply consistently to deleted/restored records.
0
User becomes a contact in the system when sending internal email notification to user in automation!!!
This is really problematic. Users who are generally the managers/employees in the ghl sub-account SHOULD NOT become contacts in the system. Having to make the user(manager/employee) a contact(lead/customer) in the system to track activity is really concerning, and I can't understand why this is not a huge issue for everybody. Because this scenario unfolds with sample of following users user(manager 1) user(manager 2) user(employee 1) user(employee 2) user(employee 3) A contact passes through an automation and say the automation notifies user(manager 1) about a contacts behaviour/action using the internal email notification action. user(manager 1) now becomes a contact(lead/customer) in the system and gets the notification email. Now later on when user(manager 2) sends an email to user(manager 1) all the users(employees) can now read this email !! (manager 2) could be emailing (manager 1) about discussing the possibility of raising a disciplinary issue with one of the employees and now everyone sees this email!!! Or (manager 1) sends a financial report to (manager 2) everybody gets to read it! (I appreciate you can make users at the employee level data visibility scope only assigned data but that silos everybody) Is there anyway you can put in the necessary tracking of user actions without having to make the user a contact(customer/lead)? This is causing a real headache - if it cant be resolved we might just have to go the 'view only assigned data' option for all users.
2
Load More