AI Agents Need Your Data to Work. Your SaaS Vendors Are Making Sure They Can't.

We need to talk about something uncomfortable.

Every SaaS contract you've ever signed says you own your data. It's right there in the terms of service, usually in bold. Fireflies says it. HubSpot says it. Slack says it. They're all telling the truth, technically. You do own it. You just can't always get to it, move it, or use it the way you need to. And in a world where AI agents need to flow freely across your systems to do anything meaningful, that distinction is no longer academic. It's the difference between a tool stack that works for you and one that holds you hostage.

This is State of Brand's position: if a vendor says you own your data but makes it painful to access, export, or connect to the tools of your choosing, you don't own anything. You're renting.

And the rent is going up.

Salesforce drew the blueprint. Everyone else is taking notes.

On May 29, 2025, Salesforce updated the Slack API terms of service. The changes prohibited bulk exporting of Slack data via the API and explicitly stated that data accessed through Slack APIs could no longer be used to train large language models. Apps distributed outside the Slack Marketplace had their rate limits on key methods throttled to one request per minute, returning just 15 messages per call.

To put that in context: a moderately active Slack workspace generates thousands of messages a day. At those rates, pulling a month of conversation history would take longer than the month itself.

Salesforce framed this as a security measure, and sure, there are real privacy considerations around enterprise communication data. But the industry wasn't buying it.

Wyatt Mayham, CEO of Northwest AI Consulting, called it out directly: "On the surface, this feels like Salesforce pulling up the ladder." Harmonic Security CEO Alastair Paterson warned that the strategy could backfire, accelerating customers toward new AI-native solutions. And cybersecurity consultant Ray Hutchins didn't mince words, calling it "platform enclosure."

Glean, one of the most prominent enterprise search platforms, emailed customers warning that the changes would hamper their ability to use their own data with their chosen enterprise AI platform. Legal analysis from Hunton Andrews Kurth noted that customers who hadn't negotiated limitations on unilateral amendments would need to either redesign their internal AI programs or switch to Salesforce-approved integrations.

Here is what we at State of Brand find most telling: many in the industry believe these changes indicate Salesforce's intent to leverage Slack's conversational data to develop its own proprietary AI solutions. By restricting third-party access and preventing use within LLMs, Salesforce retains control over valuable enterprise data and gains an advantage in the AI space.

Restricting others' access to the data while building your own AI on top of it is not a security policy. It's a business strategy. And every GTM leader using Slack should understand what it means for them.

This isn't just a Slack problem. Look at your whole stack.

Once you start looking for this pattern, you see it everywhere.

Fireflies, the meeting transcription tool that half of every sales floor seems to use, is a case study in graduated access. The free plan advertises "unlimited transcription" but comes with a major catch: you have to let Fireflies join every meeting on your calendar and you're limited to 800 minutes of storage. The API caps free and Pro users at 50 requests per day, while Business and Enterprise plans get 60 requests per minute. Video playback of your own recorded meetings? Only available on Business or Enterprise. Salesforce and HubSpot integrations require Business plans or higher. The full data export process requires submitting a form and waiting for a confirmation email before anything gets processed.

Your sales reps' conversations, the actual voice of your customer, are sitting behind a paywall that scales with how badly you need to use them.

HubSpot caps its search API at 10,000 objects. If your CRM has more contacts than that, extracting your full dataset requires pagination workarounds, date-range filtering tricks, and often third-party middleware to stitch exports back together. For a platform that positions itself as the system of record for your go-to-market motion, requiring workarounds to access your own complete customer list is a design choice worth questioning.

Notion limits API requests to three per second with no bulk export endpoint. The built-in export function has no scheduling, relation IDs instead of names, and large exports can crash the app. Your team's entire knowledge base, every wiki, every project database, comes back as paginated JSON that someone has to reassemble.

None of this is hidden. It's all documented. But the cumulative effect is a system where the effort required to move your data scales inversely with how much you're paying. The premium customer gets fewer barriers. Everyone else gets friction that's designed to feel like a feature gap rather than a wall.

AI just made this a strategic crisis

For the entire SaaS era, data portability was a migration problem. You dealt with it when you switched vendors, maybe every few years, and grumbled about it and moved on. In between, your team logged in, used the tool, and life was fine.

AI changes this completely.

The entire value proposition of AI agents, whether it's OpenClaw, Claude Cowork, Copilot, or any of the dozens of tools emerging in this space, depends on access to your organizational data. An AI that can search your Slack history, cross-reference your CRM, review your meeting transcripts, and pull context from your project tools is a genuine force multiplier. An AI that can only see what's in its own context window is just autocomplete with better branding.

But the data access patterns that make agents useful are exactly the ones SaaS vendors are clamping down on. As Coalescence Cloud CEO Paul Wnek put it after the Slack changes: AI agents that rely on persistent organizational memory depend on accumulated data to work well. Without historical Slack data, AI agents risk becoming "glorified bots, responding only to direct prompts, rather than acting with accumulated insight."

State of Brand's take: your SaaS vendors' API policies are now a more important factor in your AI strategy than which model you choose. It doesn't matter if you're running GPT-5 or Claude Opus if the agent can't reach the data it needs.

The build vs. buy math has flipped

This is where the conversation gets really interesting.

The traditional build vs. buy calculation was simple: buying is faster and cheaper, building gives you more control, and for most teams buying wins because you don't have the engineering muscle to maintain custom tools. That logic held for twenty years.

It's breaking now.

As Lex Zhao, an investor at One Way Ventures, told TechCrunch: "The barriers to entry for creating software are so low now thanks to coding agents, that the build versus buy decision is shifting toward build in so many cases." The article opened with a founder texting his investor that he was replacing his entire customer service team with tools built by Claude Code.

The market is pricing this in with brutal clarity. In February 2026, roughly $285 billion vanished from SaaS company valuations in about 48 hours, the largest AI-triggered repricing event in software history. ServiceNow fell 7%. Intuit dropped 11%. LegalZoom lost nearly 20%. Wall Street has a name for it: the SaaSpocalypse.

Customers now have what TechCrunch called "the ultimate contract negotiation tool in their pockets": if they don't like a SaaS vendor's prices, they can build their own alternative more easily than ever before. Klarna ditched Salesforce's flagship CRM in late 2024 in favor of its own homegrown AI system.

Here's where State of Brand connects the dots: the data portability problem and the build vs. buy shift are the same problem. When your vendor makes it hard to extract your data, they're not just creating switching costs. They're preventing you from feeding that data into the AI tools that could replace them. The walled garden isn't protecting your data. It's protecting their revenue.

And for GTM teams specifically, this cuts deep. Your customer conversations in Slack, your pipeline data in HubSpot, your call recordings in Fireflies, your competitive intel in Notion. That's not just data. That's your institutional memory. The idea that you can't freely pipe it into whatever AI tool best serves your team because of API rate limits and export restrictions should make you angry.

What we think GTM leaders need to do

State of Brand isn't in the business of telling you to burn down your tool stack. But we are in the business of calling out when the market is shifting faster than most teams realize. Here's where we'd start:

Run a data portability audit this quarter. For every tool in your core GTM stack, answer three questions: Can we export our full dataset? In what format? How long would it actually take? If any answer is "we're not sure," that's a problem you want to discover now, not when you're trying to plug everything into an AI workflow under deadline.

Read the API terms, not just the API docs. Salesforce changed Slack's API terms unilaterally for customers who hadn't negotiated protections. Your other vendors can do the same. Know what they're allowed to change and what leverage you have.

Make data access a buying criterion, not an afterthought. The next time you evaluate a SaaS tool, ask about API rate limits, bulk export capabilities, and whether the terms of service restrict how you can use your own data with third-party AI. If the sales rep can't answer, that tells you something.

Reassess the build option for data-critical workflows. You don't need to build everything. But for the workflows where data control matters most (pipeline analytics, customer intelligence, competitive monitoring), the math on building a custom solution has changed. A single developer with coding agents can now stand up tools that would have taken a team of five a quarter to build two years ago.

Negotiate data portability protections before you sign. If you're an enterprise buyer, get explicit contractual guarantees around data access, export formats, and restrictions on unilateral API changes. If a vendor won't give them to you, that's the most honest signal you'll get about how they think about your data.

The bottom line

The SaaS model was built on a promise: we handle the infrastructure so you can focus on the work. For a lot of use cases that promise still holds. But the fine print on that deal is changing, and the companies tightening access to your data aren't doing it to protect you. They're doing it to protect their position in a market where data is suddenly the most valuable asset in the room.

State of Brand's view is simple. Data portability is not a feature request. It's not an enterprise add-on. It's a right that comes with paying for the product. And any vendor that treats it otherwise is telling you exactly what they think the relationship is.

They think they're the platform. They think you're the user. In the age of AI, you can't afford to accept those terms.