Platform · Compliance primitives
The compliance levers — not the certifications.
Vocily AI ships the building blocks your compliance team needs: recording consent, PII redaction, topic fencing, hallucination guardrails, and structured recording storage. We don't claim to be a regulator-certified system. We give your team the artefacts and controls to satisfy yours.
Problem · Solution
The problem today
Most voice AI vendors either (a) hand-wave compliance with vague 'enterprise-ready' claims, or (b) pretend they're a regulator-certified system when they're not. Neither helps your compliance officer when the regulator asks for a recording, a consent timestamp, or a PII-scrubbed transcript. The right answer is concrete primitives — consent capture, PII redaction, topic fencing, hallucination guardrails, structured storage — that your team operates against your own policy. Vocily AI ships those. Your compliance team owns the policy; Vocily AI owns the levers.
How Vocily AI handles it
Recording consent announcements
Spoken consent line plays before recording starts. Configurable script, placement (before or after greeting), and skip option. Recording only begins after the consent moment.
PII redaction
Phone numbers, OTPs, and names auto-redacted from transcripts and error logs. Regex-based for known patterns; LLM-assisted for context-dependent ones (caller surnames, account IDs).
Topic fencing
Allowed-topics list, blocked-topics list, blocked-statement list. When a caller asks something off-policy, the agent apologises, redirects, or escalates — per your rule.
Hallucination guardrails
When KB returns nothing for a factual question, the agent uses your configured 'I don't know' line instead of confabulating. Pre-LLM guard, applied before reasoning runs.
Recording + transcript storage
Every call recorded, every word transcribed, stored in the region you choose (S3 or in-app DB). Per-agent toggle. Retention configurable per workspace.
What's in it
The primitives in detail.
Each compliance lever is a discrete configuration surface — your team decides the policy, Vocily AI enforces it on every call.
Consent capture
- Placement
- Before greeting · After greeting · Skipped.
- Script
- Fully customisable text — your compliance team writes it.
- Language match
- Consent plays in the caller's language when known; otherwise in the agent's primary language.
- Audit artefact
- Consent moment stored as a discrete event with timestamp and audio reference.
PII redaction
What gets scrubbed before transcripts and logs are stored.
- Patterns
- Phone numbers, OTPs, email addresses, common account-ID shapes.
- LLM-assisted
- Context-dependent items — names, addresses — flagged using the conversation context.
- Storage
- Redacted transcripts persisted separately from raw audio; raw audio access is permissioned.
- Error logs
- Phone-shaped strings auto-scrubbed from error messages so debug output doesn't leak PII.
Topic fencing
Tell the agent what it can and cannot discuss.
- Allowed topics
- Whitelist — what the agent is permitted to engage on.
- Blocked topics
- Blacklist — domains the agent must refuse.
- Blocked statements
- Specific phrases or claims the agent must not make.
- Action
- Apologise · Redirect · Escalate — per rule.
Hallucination guardrails
Stop the agent from inventing facts when the KB is empty.
- Trigger
- Factual question + empty KB retrieval.
- Behaviour
- Agent uses your configured 'no source' line instead of generating an answer.
- Fallback
- Optional — book a callback, transfer to human, or capture the question for review.
- Scope
- Pre-LLM — the guardrail runs before the model reasons, so the model never sees the empty-KB question without a hand-off path.
Recording + transcript storage
What's stored, where, and for how long.
- Recording toggle
- Per-agent — turn on or off.
- Region
- Choose your storage region (S3 or in-app DB).
- Retention
- Configurable per workspace.
- Access
- Role-based — only authorised users can pull raw audio.
- Handoff behaviour
- Recording stops at human transfer. Post-handoff conversation is private.
Common questions
What teams ask before they switch.
No — and we don't claim to be. Vocily AI ships the compliance primitives (consent, redaction, fencing, guardrails, storage) that your compliance team operates against your regulator's requirements. Your team owns the policy and the certification path; Vocily AI gives you the levers to enforce it.