Trust & Compliance
Your customers' data. Never ours.
Built for the business owner who wants reassurance — and the legal team that needs specifics. Here's exactly how data moves, and the rules we hold ourselves to.
How the data flows.
An internal-only pipeline: call → AI processing → your CRM. Your data never touches third-party ad platforms. Everything runs through encrypted n8n pipelines on isolated infrastructure — and nothing is sold, shared, or used to train models without your explicit consent.
Standards, built in.
TCPA
Consent-first outbound. DNC list management. Opt-out honored within one interaction.
HIPAA
BAA available for healthcare clients. PHI routes to a human only. No diagnostic data in AI scope. Healthcare-tier clients are provisioned on a zero-data-retention Vapi configuration with a signed BAA. This tier is activated during onboarding — contact us before your first call if you handle PHI.
GDPR
Right to erasure supported. EU residency options available. Article 50 disclosure on every AI call.
CCPA
California residents: data deletion on request. No data sale, ever.
EU AI Act · Art. 50
Every AI call opens with a clear disclosure in the first three seconds: “This is an AI assistant for [Business].”
TCPA Safe Harbor
Existing-customer relationship documentation maintained per campaign.
What runs under the hood.
Compliance isn't just policy — it's infrastructure. Here are the vendors whose systems touch your data, and what each one is certified for.
| Vendor | Role | Certifications |
|---|---|---|
| Vapi | Voice AI processing | SOC 2 Type II (in progress) |
| Twilio | Telephony & SMS/RCS | SOC 2 Type II, ISO 27001, HIPAA BAA |
| Cloudflare | CDN, DDoS, DNS | SOC 2 Type II, ISO 27001, GDPR |
| n8n | Workflow automation | GDPR compliant, self-hosted option |
| Airtable | Data storage | SOC 2 Type II, HIPAA BAA available |
For your customers.
Compliance isn't just paperwork — it's how your customers are treated on every call.
- Every call begins with a clear AI disclosure.
- Customers can request a human transfer at any point.
- Opt-out from future AI contact is instant and permanent.
- Call recordings are available to you on request, handled per your own compliance policies.