1. Roles and Infrastructure (CCPA Compliance)
Under the California Consumer Privacy Act (CCPA) and subsequent US state privacy laws, Praveg AI operates strictly as a Service Provider / Data Processor. The Client utilizing our AI infrastructure acts as the Data Controller.
- No Data Brokering: Praveg AI explicitly guarantees that customer lead data, phone numbers, and conversational contexts routed through our nodes are never sold, shared, or monetized.
- Isolated Processing: Data is used exclusively to fulfill the AI voice routing and processing requirements requested by the Client.
2. TCPA Compliance Mandate (Crucial)
The Telephone Consumer Protection Act (TCPA) strictly regulates automated outbound dialers. Clients utilizing Praveg AI for outbound US campaigns assume full liability for obtaining explicit written consent.
- Mandatory Intake Checkbox: Clients must update their digital forms to include explicit TCPA consent language. Example: "By submitting this form, I agree to receive automated calls and texts regarding my inquiry.
3. Mandatory Data Minimization & 48-Hour Destruction
To exceed both CCPA requirements and Financial GLBA (Gramm-Leach-Bliley Act) security protocols, Praveg AI enforces a volatile memory architecture:
- Automated Purge: All Call Transcripts and Audio Recordings will be permanently and irretrievably destroyed from Praveg's internal databases exactly 48 hours after the completion of the call.
- Encrypted Transport: All data in transit between Twilio telecom nodes and our Vapi processing core is encrypted via enterprise-grade TLS.
4. Financial Security Protocols (GLBA)
For Wealth Management and Financial Services clients, Praveg AI affirms that our architecture satisfies standard Confidentiality & Non-Disclosure requirements, ensuring client portfolio inquiries are processed securely and discarded immediately post-transfer.
Legal & Compliance Desk
Praveg AI Security Operations