TL;DR
- The offboarding kit is the clean exit package every automation client deserves, covering prompts, data, recordings, and credentials.
- Clients leave with everything they need to run or rebuild without you.
- If you're building for Australian SMBs, a solid offboarding kit is also basic professional conduct.
A good offboarding kit hands the client back everything that belongs to them. Prompts in plain text. Knowledge base exported. Recordings in their storage. Credentials rotated.
Why does the offboarding kit matter at all?
Because a builder who keeps your IP in their account isn't a builder. They're a gatekeeper.
Most automation engagements end quietly. The client moves on, the builder moves on, and nobody thinks hard about what actually got handed over. That's fine until the client needs to change something, and realises they can't. The offboarding kit exists to close that gap before it opens. It's the document that says: here's everything, it's yours, you don't need us to run it.
This also matters for how you're perceived. An Australian SMB owner in finance or real estate talks to other Australian SMB owners. Word gets around. Clients who leave with a clean offboarding kit tend to refer more than clients who leave feeling like something was left behind.
What goes into the prompts section of the offboarding kit?
Every system prompt, every branch, every persona instruction delivered as plain text files the client can open, read, and edit without logging into anything.
Not a screenshot. Not a PDF. Plain text. The reason is simple: if the client ever needs to hand this to another builder, that builder should be able to pick it up cold. Proprietary formats create unnecessary friction.
We document the prompt structure in a short README alongside the files. What each prompt does, what inputs it expects, what it's been tuned to avoid. Not a novel. Just enough that someone competent can orient themselves in under an hour.
We charge for the handover call that walks clients through this material. If you're curious why that's a line item and not a courtesy, the reasoning is here.
How do you export the knowledge base cleanly?
Export everything the agent used to answer questions. Raw documents, structured FAQs, any product or compliance content that was loaded into context.
The knowledge base is often the thing clients built over months of iteration. Answering edge cases, adding product nuances, correcting the agent when it said something wrong. That history lives in the files you loaded. It shouldn't disappear when the engagement ends.
We export in formats the client can actually use. Not just what the platform spits out by default. If the source documents were Word files, they leave as Word files. If it was a structured FAQ, they get a clean spreadsheet. The client should be able to hand this to a new provider and say "this is what the agent knows".
For businesses in regulated sectors, retaining this material is more than good practice. The Australian Privacy Act has specific obligations around data handling that clients in finance and insurance should be across before anything gets deleted.
Where do call recordings go in the offboarding kit?
Recordings go into storage the client controls. Not the builder's Retell AI account. Not an N8N cloud bucket with shared credentials.
This one catches people out. Recording infrastructure set up quickly tends to default to builder-owned storage. It's convenient during the build. It becomes a problem at the end of it.
A proper offboarding kit migrates recordings to client-owned cloud storage before the engagement closes. Or, better, sets that up from day one. The client should be able to pull a specific call, review it, share it with a compliance team, without asking anyone for access.
This is especially relevant for finance brokers and insurance operators where call recordings have a practical compliance function. Not hypothetically. Actually.
What does credential rotation look like at offboarding?
Every API key, every webhook secret, every platform login the builder had access to gets rotated the day the engagement ends.
Not the day after. Not when someone gets around to it. The day it ends.
A clean offboarding kit includes a credential rotation checklist. The items on it:
- Retell AI API keys (generate new, revoke old)
- N8N webhook secrets and any external service credentials stored in workflow variables
- GHL sub-account access removed for builder user
- Any third-party integrations where the builder's personal API key was used instead of a dedicated service account
- SMS and email sending credentials if those were provisioned through the builder's account
Rotation isn't about distrust. It's hygiene. The client's stack shouldn't be exposed because a builder's account gets compromised six months after the engagement ended. For more on how self-hosted N8N affects this compared to managed options, this cost and control breakdown is worth reading.
Key Takeaways
- The offboarding kit is what separates a professional engagement from a dependency trap.
- Prompts in plain text, knowledge base exported, recordings in client storage, credentials rotated. Four things. Do all four.
- Set up clean ownership from day one and the offboarding kit writes itself.
If you're an Australian SMB thinking about automation and want to know whether your current setup would survive a clean exit, DM AUDIT and I'll send you the five questions we use to check.
Originally published at theautomate.io.
Top comments (0)