Question 1

What does multi-location CRM record creation actually deliver, and where does it sit in the lead-to-CRM workflow?

Accepted Answer

An orchestration layer that sits above the operator CRM + marketing-automation + form-and-landing-page + chat + phone + call-tracking + firmographic + CDP + event-streaming + consent-management + policy-as-code + WORM-storage stack and turns every inbound lead — from any source, across every operator location — into a compliant, scored, routed, enriched CRM record with chain-of-custody attestation. The skill is a five-skill bundle on the lead-scoring-routing agent. Skill 1 — Capture: ingest per-location per-lead-source signals across 20+ source types (web form, call tracking, SMS, email, chat, social DM, review platform, map listing, booking form, quote form, survey, download gate, webinar registration, event registration, partner referral, customer referral, employee referral, affiliate referral, paid ad, organic search). Capture records the per-lead identity claim (the name, email, phone, address the lead submitted), the per-lead consent claim (which consent classes did the lead agree to, captured at what timestamp, from what IP, with what user-agent, against which version of the operator privacy policy and terms of service), the per-lead intent claim (what was the lead asking for), the per-lead attribution claim (UTM parameters, referrer, landing page, source platform), and the per-lead session context (device fingerprint, IP, session duration, prior pageviews). Skill 2 — Score: run the per-lead context through the operator-data-science-team-chosen scoring model ensemble (XGBoost, LightGBM, CatBoost, logistic regression, random forest, Bayesian network, hybrid stack) and emit operator-defined scoring outputs (MQL score, SQL score, conversion probability, predicted LTV, predicted churn, fit score, intent score, recency score, engagement score, account-tier score). Skill 3 — Route: apply operator-counsel-and-sales-team-approved routing policy (round-robin, weighted, territory-based, skill-based, load-balanced, SLA-driven, account-tier-based, language-aware, timezone-aware) to assign the lead to the right per-location sales-team queue with per-routing-decision validation. Skill 4 — Enrich: call out to operator-chosen firmographic enrichment vendors (ZoomInfo, Apollo, Clearbit, Lusha, Cognism, 6sense, Bombora, Demandbase, LeadIQ, RocketReach, Dun & Bradstreet, Crunchbase, PitchBook) with per-vendor consent-provenance verification (the per-vendor DPA + SCC + provenance attestation library from the buyer-state-aware BANT scoring sibling skill is the same library this skill reads from). Skill 5 — Persist: write the enriched, scored, routed lead to the operator-chosen CRM (Salesforce, HubSpot, Pipedrive, Microsoft Dynamics, Zoho, Close, Insightly, Copper, Keap, ActiveCampaign) with CRM-record-ID + CRM-system attribution + write timestamp + write actor + write input-hash + write output-hash + chain-of-custody. Every Capture, Score, Route, Enrich, and Persist decision routes through the 5-anchor compliance gate before commit and writes to the WORM audit trail. The CRM, marketing automation, form, chat, call-tracking, firmographic, CDP, event-streaming, and consent vendors below ship strong primitives. The orchestration above them — per-source capture normalization, per-lead scoring + routing logic, enrichment with consent-provenance verification, persistence with chain-of-custody, compliance gate, audit trail — is operator-side architecture.

Question 2

Where does single-vendor lead capture stop compounding for multi-location operators?

Accepted Answer

Single-vendor lead capture is solved. HubSpot ships strong form-to-CRM lead capture inside the HubSpot Marketing Hub + CRM. Salesforce ships strong Web-to-Lead. Marketo + Pardot + Eloqua ship strong enterprise lead-capture. The compound case the lead-scoring-routing agent has to handle is the one where a multi-location operator runs 50-1,500 locations and ingests leads from 20+ source types — web forms on the corporate site, web forms on the per-location pages, web forms on third-party comparison sites, call-tracking via CallRail or Invoca, SMS via Twilio, email via Klaviyo/Iterable/Mailchimp, chat via Drift/Intercom/Tidio/HubSpot, social DMs via Meta/LinkedIn/X, review-platform inquiries via Birdeye/Podium/Yelp, map-listing clicks via Google Business Profile, booking forms via Cal.com/Calendly/Chili Piper, quote forms via Jotform/Typeform, surveys via Typeform/SurveyMonkey, gated downloads via Unbounce/Instapage/Leadpages, webinar registrations via Zoom/On24/GoTo, event registrations via Eventbrite/Cvent, partner/customer/employee/affiliate referrals, paid ads via Google/Meta/TikTok/LinkedIn, organic search inbound — and each lead needs to land in the right per-location queue in the right CRM (some operators run Salesforce at corporate and HubSpot at the per-location level; some operators run a single CRM across the portfolio with per-location partitioning), with the right scoring against the operator-data-science-team-maintained model, the right firmographic enrichment with consent-provenance verification, and the right consent capture under TCPA + GDPR + CCPA + per-state-comprehensive-privacy. Without an orchestration layer above the CRM + marketing-automation + form-and-landing-page + chat + call-tracking + firmographic + consent vendors, leads fragment across queues, scoring drifts between platforms, enrichment touches data with unverified provenance, consent capture happens inconsistently across sources, and the audit trail of "where this lead came from, what consent we have, what scoring rule applied, who got routed" splinters across vendor consoles. The orchestration above the vendors is what holds the cross-source + cross-CRM + cross-jurisdiction invariants.

Question 3

How does Skill 1 Capture record consent claims so the audit trail supports TCPA + GDPR + CCPA discovery?

Accepted Answer

Capture records every consent-relevant signal at the moment of form submission (or chat opt-in, or call recording, or any source-specific consent action). The recorded payload includes: the consent class the lead opted into (transactional only, marketing email, marketing SMS, marketing voice call, marketing direct mail, third-party data sharing, sensitive PI processing — each consent class is a separate operator-counsel-approved category); the consent timestamp (ISO 8601 UTC with subsecond precision); the consent IP address (the public IP the submission came from, captured at the operator load balancer or web application firewall); the consent user-agent (the browser User-Agent header, including device/OS for device fingerprinting); the operator privacy policy version (the operator counsel maintains a versioned privacy policy register; the version active at the moment of submission is recorded); the operator terms-of-service version (same pattern); the operator consent-disclosure language version (the exact text shown to the lead at submission time, versioned); the per-jurisdiction notice-at-collection language version (CCPA notice + per-state-comprehensive-privacy notice each have specific requirements; the version active at submission is recorded); the screenshot or DOM-snapshot pointer (for high-evidence operators, a hashed snapshot of the form-state at submission lives in WORM storage). All of this writes to the WORM audit trail through the per-event compliance gate. When a TCPA, GDPR, CCPA, or state-AG investigation asks "what consent did this lead grant, on what date, from what IP, against what privacy policy version", the audit trail returns the exact answer with cryptographic chain-of-custody. The orchestration also pushes the consent claim into the operator consent-management vendor (OneTrust, TrustArc, Ketch, Securiti, BigID — operator chooses) which becomes the canonical consent register the rest of the swarm reads from for downstream operations.

Question 4

How does Skill 3 Route handle per-location load balancing + SLA-driven routing + account-tier overrides?

Accepted Answer

Routing is operator-counsel-and-sales-team-policy-driven. The routing decision is computed from the lead’s (a) attributed location (resolved from UTM, IP-geolocation, landing page, form-field, or explicit lead-selected location), (b) lead score (from Skill 2), (c) lead firmographic enrichment (from Skill 4), (d) lead consent context (which channels can the operator reach the lead through), and (e) operator-defined routing policy for the lead’s segment. Round-robin distributes leads evenly across per-location queue members. Weighted routes more leads to higher-capacity queue members. Territory-based routes to the queue member whose territory matches the lead’s location attribution. Skill-based routes to the queue member whose skills match the lead’s product or service interest. Load-balanced routes to the queue member with the lowest current workload. SLA-driven routes to the queue member who can meet the lead’s operator-defined response-time SLA. Account-tier-based overrides everything else for high-value accounts (a Fortune-500 enterprise lead routes to the operator-defined named-account queue regardless of attributed location). Language-aware routes to a queue member who speaks the lead’s preferred language (resolved from browser Accept-Language header, explicit form selection, or domain TLD). Timezone-aware routes to a queue member in the lead’s working hours so the lead gets a same-business-day response rather than a next-business-day response. Every routing decision writes to the WORM audit trail with the routing_rule_id + decision_inputs + chosen_queue_member + alternative_queue_members + override_reason (when account-tier or other override fired). The audit trail can replay the routing decision for any lead so the operator sales-ops team can audit per-rep performance against the routing policy.

Question 5

What compliance does the per-event gate enforce, and how does it map to TCPA + 10DLC consent, GDPR Articles 6/7/13/14/30, CCPA notice-at-collection, FCRA, and FTC + UDAP lead-gen?

Accepted Answer

Five anchors. Anchor 1: TCPA (47 USC 227 + 47 CFR Part 64) + 10DLC + The Campaign Registry + CTIA Messaging Principles + Federal DNC + per-state DNC + state-comprehensive-privacy consent claims at form-submission. Marketing SMS to a wireless number requires TCPA prior express written consent captured at the moment the lead provides the number. The gate refuses to commit a Persist record where TCPA consent claim is missing or invalid (no operator-counsel-approved disclosure language version shown at submission). 10DLC + TCR rules govern which campaigns downstream SMS can route through; the consent claim is the audit evidence for that routing. Anchor 2: GDPR (Regulation 2016/679) Articles 6 (lawful basis) + 7 (conditions for consent) + 13 (information to be provided where personal data is collected from data subject) + 14 (information where data not obtained from data subject) + 30 (records of processing) + ePrivacy Directive 2002/58/EC. For EU-resident leads, lawful basis must be established at submission, the Article 7 conditions for valid consent (freely given, specific, informed, unambiguous, revocable at any time, with the request distinguishable from other matters in clear and plain language) must be satisfied, the Article 13 information must have been provided to the lead before the consent moment, and the Article 30 records-of-processing must be updated. The gate refuses to commit a Persist record from an EU-resident lead without all four Article requirements satisfied + evidence pointers logged. Anchor 3: CCPA/CPRA Section 1798.100 notice-at-collection + CPRA Section 1798.121 sensitive PI opt-out + state-comprehensive-privacy patchwork notice obligations (Connecticut CTDPA + Texas DPSA + Virginia CDPA + Colorado CPA + Utah CPA + Oregon + Tennessee + Montana + Indiana + Iowa + Florida + Delaware + additional states in effect). At the moment of collection, the operator must provide the notice the relevant state requires. The gate verifies the per-state notice was displayed and refuses to commit a Persist record where notice display cannot be proven (the screenshot/DOM-snapshot evidence from Capture). CPRA sensitive PI opt-out applies when the form collects categories CPRA classifies as sensitive PI (precise geolocation, race, religion, sexual orientation, biometric data, health information, etc); the gate enforces the opt-out before any sensitive-PI categorized field is persisted. Anchor 4: FCRA (15 USC 1681) + state consumer-reporting laws (California ICRAA + New York FCRA + Washington Fair Credit Reporting Act + state-specific equivalents) + GLBA Safeguards Rule. When Skill 2 Score outputs feed into eligibility-adjacent decisions (insurance underwriting eligibility, BNPL eligibility, business-credit qualification, employment-eligibility screening), FCRA permissible-purpose verification + adverse-action notice + accuracy + correction + dispute procedures apply. The gate refuses to surface scoring outputs to FCRA-adjacent downstream skills until permissible-purpose attestation logged. GLBA Safeguards Rule applies when the operator is a financial institution and lead data touches nonpublic personal information. Anchor 5: FTC Section 5 + per-state UDAP on lead-generation practices + per-vertical lead-gen compliance. The FTC has brought enforcement actions against lead-gen operators that mishandled PI, sold leads to unauthorized parties, or violated the consent-class scope the lead agreed to. State-AGs have brought similar actions. Per-vertical lead-gen compliance overlays apply: FINRA Rule 2210 for financial-services leads (principal approval of any lead-gen communication that constitutes a "communication"); FDA OPDP for healthcare leads (lead-gen for prescription products); per--regulator for  leads (most states restrict who can lead-gen for ); DISCUS + state liquor-board for alcohol leads (age verification + consent restrictions); state medical/dental/optometry/pharmacy/PT licensing-board rules when lead-gen targets licensed-professional services. The gate composes with the per-vertical compliance overlay sibling skill on the compliance-overlay-manager agent. Broader gate also enforced: COPPA when under-13 leads + California AADC + Connecticut SB 3 + ADA Title III + WCAG 2.2 AA for form accessibility + NIST AI RMF + ISO 42001 + ISO 27001 + SOC 2 Type II via policy-as-code (OPA Rego + AWS Cedar + Casbin + Cerbos + Oso). WORM audit trail (AWS S3 Object Lock + GCS retention + Azure Blob immutable + Snowflake Time Travel) with per-statute retention (TCPA 4yr + CAN-SPAM 5yr + FTC 7yr + FCRA 5yr + GDPR 6yr + CCPA 3yr + GLBA 6yr + IRS 7yr + state variable) per operator counsel policy.

Question 6

What does the engagement look like across Tier 1 → Tier 2 → Tier 3, and what does the Tier 3 reporting cycle commit to?

Accepted Answer

Tier 1 AI Readiness Assessment (2-3 weeks, diagnostic): audits the operator current lead-to-CRM posture against the 5-skill bundle + 5-anchor compliance gate; deliverable is a gap-pack report identifying which lead sources have inconsistent consent capture, which CRM-write paths lack chain-of-custody attestation, which jurisdictions have unenforced notice-at-collection, which FCRA-adjacent uses lack permissible-purpose attestation, which per-vertical lead-gen compliance gaps exist, and a recommended remediation sequence for Tier 2. Tier 2 AI Swarm Setup Sprint (4-8 weeks): builds the 5-skill bundle on the lead-scoring-routing agent, wires CRM (operator-chosen Salesforce + HubSpot + Pipedrive + Microsoft Dynamics + Zoho + Close + Insightly + Copper + Keap + ActiveCampaign), marketing automation (HubSpot Marketing Hub + Marketo + Pardot + Eloqua + ActiveCampaign + Customer.io), form/lead-capture vendors (Typeform + Tally + Jotform + HubSpot Forms + Marketo Forms + Pardot Forms + Unbounce + Instapage + Leadpages + Webflow Forms + Gravity Forms + Formstack + Wufoo + Cal.com + Calendly + Chili Piper), chat (Drift + Intercom + Tidio + LiveChat + Olark + Crisp + HubSpot Chatflow), phone/SMS lead capture (CallRail + Invoca + CallTrackingMetrics + Twilio), firmographic enrichment (ZoomInfo + Apollo + Clearbit + Lusha + Cognism + 6sense + Bombora + Demandbase + LeadIQ + RocketReach + Dun & Bradstreet + Crunchbase + PitchBook), CDP + event streaming, consent management (OneTrust + TrustArc + Ketch + Securiti + BigID), policy-as-code, WORM-storage, runs 30-day shadow + canary period before flipping to enforce-mode. Tier 3 Fractional CMO with AI Swarm (6-month minimum, 1-2 days/wk embedded): continues operating with weekly per-source consent-capture audits, monthly per-vendor DPA + SCC + consent-provenance freshness audits, quarterly scoring-model recalibration, quarterly per-state notice-at-collection language reviews with operator counsel, quarterly compliance evidence packages. Tier 3 reporting is a 6-workstream pre-engagement-baseline reporting cycle (per-source capture completeness trend + per-lead scoring calibration trend + per-routing-policy SLA adherence trend + per-vendor enrichment freshness + per-jurisdiction consent-claim completeness + WORM audit-trail completeness) measured against the operator’s pre-engagement baseline. Each workstream surfaces trend direction and the gap to operator-defined targets. Reporting carries explicit caveats: CRM + marketing-automation + form/lead-capture vendor SLA + firmographic vendor DPA renewal cycles + per-state-comprehensive-privacy statute amendments + EU AI Act implementing-regulation updates + FCRA + state consumer-reporting-law amendments + TCPA + 10DLC + The Campaign Registry use-case taxonomy + CAN-SPAM + CASL amendments + per-vertical lead-gen regulatory amendments sit outside Completions control. Attorney-client privilege preservation across operator privacy policy + terms-of-service + per-jurisdiction notice-at-collection + per-state-DNC subscription + per-vendor DPA library + FCRA permissible-purpose attestation records is maintained per operator counsel policy.

Question 7

Who owns the lead data, the consent register, the scoring model, the firmographic vendor relationships, and the audit trail?

Accepted Answer

Operator owns every artifact. The lead data lives in operator data infrastructure (Snowflake, Databricks, BigQuery, Redshift, Postgres — operator chooses) plus the operator-chosen CRM. The consent register lives in the operator consent-management vendor (OneTrust, TrustArc, Ketch, Securiti, BigID — operator chooses) on operator account. The per-jurisdiction notice-at-collection language library lives in operator code repo, counsel-maintained. The privacy policy + terms-of-service version history lives in operator code repo with counsel attestation. The Capture code, Score model code, Route policy code, Enrich code, and Persist code all live in operator code repo. The scoring model is trained on operator data + operator-data-science-team-maintained features + operator-counsel-approved scoring outputs. The firmographic enrichment vendor relationships (ZoomInfo, Apollo, Clearbit, Lusha, Cognism, 6sense, Bombora, Demandbase, LeadIQ, RocketReach, Dun & Bradstreet, Crunchbase, PitchBook — operator chooses) run under operator billing with operator-counsel-maintained DPA + SCC + per-vendor consent-provenance attestation library (the same library the buyer-state-aware BANT scoring sibling skill reads from). The CRM subscription, marketing-automation subscription, form/lead-capture vendor subscriptions, chat subscription, phone/SMS-lead-capture subscription, and CDP + event-streaming subscription all run under operator billing on operator-controlled accounts. The WORM audit trail lives on operator-controlled cloud storage (AWS S3 Object Lock, GCS retention, Azure Blob immutable, Snowflake Time Travel). The policy-as-code policies (OPA Rego, AWS Cedar, Casbin, Cerbos, Oso) live in operator code repo, counsel-aligned. The FCRA permissible-purpose attestation records, the GDPR Article 30 records of processing, the per-state-comprehensive-privacy opt-out register, the per-vertical lead-gen compliance records, and the TCPA + 10DLC consent attestation records are all operator-counsel-maintained. Completions owns the orchestration knowledge — how to design the Capture payload to satisfy TCPA + GDPR + CCPA discovery, how to wire the Score model to the operator’s actual sales motion and FCRA tolerance, how to tune the Route policy against the operator sales-team capacity + per-state coverage + per-vertical specialization, how to compose Enrich with per-vendor consent-provenance verification, how to design Persist with chain-of-custody attestation that survives SOC 2 + audit, how to coordinate the per-vertical lead-gen compliance overlay — and that knowledge transfers under the Tier 3 transition path (30-60 days at engagement end with full hand-off of the Capture payload spec, the Score model, the Route policy, the Enrich wiring, the Persist attestation pipeline, and the compliance evidence-package generation playbook). Completions credentials revoke on engagement-end.

Multi-location CRM record creation for multi-unit franchise and multi-location service and multi-location retail operators — Capture + Score + Route + Enrich + Persist across 20+ lead-source types, under a 5-anchor compliance gate

The real ecosystem this sits above

CRM + marketing automation

Form + landing-page + scheduling

Chat + phone + SMS lead capture

Firmographic enrichment + consent management

CDP + event streaming + warehouse

Policy-as-code + WORM storage + GRC

Frequently asked