AI tools property management | Shadow IT | ChatGPT tenant data | AppFolio security | Salt Lake City
Across property management companies in Salt Lake City, leasing agents and property managers are using AI tools to draft tenant communications, summarize lease terms, write maintenance notices, and respond to owner inquiries. It's a genuine productivity improvement — and it's happening almost entirely without company oversight or policy. A 2024 study by CybSafe and the National Cybersecurity Alliance found that 38% of employees share confidential data with AI tools without employer approval. A separate BlackFog survey found that 49% use unapproved AI tools at work. For property management companies whose tenant files contain Social Security numbers, banking information, and lease details, that unsupervised data sharing is a significant liability.
What AI Hallucinations Could Cost You in a Lease or Transaction
Before getting to the data risk, there's a practical problem worth addressing: AI makes things up. Language models generate text based on probability, not fact — and they do so with complete confidence, regardless of accuracy. For property management, the consequences of AI hallucination can be immediate and costly.
Imagine a leasing agent asking an AI tool to draft a lease addendum explaining a new pet policy. The AI produces something that sounds professional and complete — but includes specific penalty amounts that don't match your actual lease template, or references a state statute that doesn't quite say what the AI says it does. Your leasing agent, trusting the output, sends it to the tenant for signature in Dotloop. The addendum is now part of an executed lease, and what it says may not be what you intended or what's legally defensible.
AI drafts are a starting point for human review — not a finished product to send directly to tenants or owners. Every AI-generated document that will be signed, filed, or relied upon needs a qualified person to verify accuracy before it goes out. That's true whether the AI is drafting an email, a notice, or a transaction document in Skyslope.
What Your Team Is Actually Feeding Into AI Tools
Here's where the data risk becomes concrete. When your property manager pastes a tenant's application into ChatGPT to get a summary, or drops a lease agreement into an AI tool to extract the key terms, they may be transmitting:
- Tenant names, addresses, and Social Security numbers from rental applications
- Banking account information used for ACH rent payments
- Employment details and income verification from application documents
- Prior landlord contact information and rental history
- Lease terms, rental amounts, and security deposit details
- Owner financial information from management agreements
Consumer-facing AI tools — the free or low-cost versions your team is most likely using without formal approval — typically don't offer the data privacy guarantees appropriate for this kind of information. Many use submitted content to improve their models. Your tenants' Social Security numbers don't belong in an AI training dataset, and if they end up there, you may have a data breach on your hands before you're even aware there was a risk.
Shadow IT in Property Management
The term for employees using technology without organizational knowledge or approval is shadow IT — and property management companies are particularly susceptible to it because the work environment is so distributed. Leasing agents at individual properties, property managers in the field, and accounting staff working remotely all make technology decisions independently, without waiting for IT approval that may never come anyway.
AI tools are the newest and fastest-growing category of shadow IT. They're free or cheap, immediately available, and genuinely useful. Your team is going to use them — the question is whether they're using them in ways that protect your company and your tenants or in ways that create exposure you don't know about.
The answer isn't a blanket prohibition that no one will follow. It's a clear policy that acknowledges the usefulness of AI, establishes what data can and can't be shared with external tools, and gives your team approved options that meet your security requirements.
Three Ways to Use AI Safely in Property Management
AI Drafts, Humans Approve
Establish a clear rule for your team: AI can draft, humans must approve. An AI-generated lease notice, maintenance letter, or owner report can be a useful starting point — but it needs to be reviewed and verified by a qualified team member before it's sent, signed, or filed. This is especially important for anything that will be executed in Dotloop, Skyslope, or your lease management system, and for any communication that references specific lease terms, legal obligations, or financial amounts.
Define What Not to Feed AI
Create an explicit short list of data categories that are never to be entered into external AI tools: tenant Social Security numbers, banking information, detailed lease financial terms, owner personal information, and any content extracted from AppFolio, Buildium, or your tenant files. Post it where your team will see it. Cover it in onboarding. Make it a standing item in your next team meeting.
The goal isn't to make AI harder to use — it's to create a clear line between what's appropriate to share with an external tool and what isn't. Most of your team will respect that line once it's drawn explicitly.
Evaluate and Approve Specific Tools
If AI tools are going to be a regular part of your team's workflow — and they probably should be — evaluate them before they spread by default. The key questions: Does the tool use submitted content for training? Where is data stored? Is there a business or enterprise tier with data privacy commitments appropriate for property management use?
Microsoft Copilot deployed through Microsoft 365, for example, operates within your organization's security boundaries and is governed by Microsoft's enterprise data agreements. That's a fundamentally different security profile than a free consumer AI tool. Your IT provider can help you identify options that offer the productivity benefits your team wants within a security framework you're comfortable with.
MLS Connectivity and AppFolio: The Data Risk Your Team May Not See
Property management companies that are also involved in real estate transactions face an additional layer of data risk from MLS connectivity. Systems like the WFRMLS are integrated with transaction management platforms, and the data that flows through those connections includes buyer and seller personal information, financial details, and transaction documents that deserve the same protection as tenant records.
When leasing agents or transaction coordinators use AI tools to process documents from Dotloop, Skyslope, or ZipForms, they're potentially exposing transaction data from buyers, sellers, and clients who never consented to having their information shared with an AI platform. The real estate transaction process is a high-value target for data theft, and the AI tools your team is using as productivity shortcuts can become unintended data conduits.
Your Tenants and Clients Deserve Better Than Accidental Exposure
The people who trust your company with their housing and their financial futures gave you their information because they had to — and they trusted you to protect it. An AI data exposure isn't typically the result of bad intentions. It's the result of a useful tool being used without adequate guidelines. Getting ahead of that with a clear, reasonable policy protects your tenants, protects your company from regulatory and legal liability, and protects the professional reputation you've built in the Salt Lake City rental market.
Ready to build an AI use policy that works for your team's reality?
We work with Salt Lake City property management companies to protect tenant data and secure real estate transactions. Schedule a free discovery call to talk about managing AI tools safely across your team.
Frequently Asked Questions
Are there AI tools that are actually safe to use with tenant data?
Yes — enterprise-tier tools with strong data privacy commitments are available, though they're not the default free tools most people reach for. Microsoft Copilot deployed through Microsoft 365 Business, for example, doesn't use your data to train its models and operates within your organization's security perimeter. The key questions to ask of any AI tool your team wants to use: Does it use my inputs for training? Where is data stored? Is there an enterprise tier with a data processing agreement? Tools that can't answer these questions clearly should not be used with tenant PII.
What are our legal obligations if AI tool use results in a tenant data breach?
Utah's data breach notification law requires businesses to notify affected individuals when personal information is compromised. If your team shared tenant SSNs, banking information, or other protected data with an AI tool that subsequently experienced a breach or used that data inappropriately, you could have notification obligations — and potentially civil liability — even though your company didn't directly cause the breach. The exposure risk is real and makes a proactive AI use policy worth the time it takes to put one in place.
How do we find out which AI tools our team is already using?
Ask directly. In a no-blame way, ask your team what tools they're using to make their work easier — frame it as wanting to support productivity, not catch people doing something wrong. You can also ask your IT provider to audit network traffic and browser extensions for known AI services. Most property management teams will be using three to five AI tools already, often the same ones. Understanding the landscape lets you make informed decisions about which to approve, which to replace with better alternatives, and which to prohibit.
