Compliance
The One Voice includes built-in tools to help you meet telecommunications compliance obligations including call recording consent, SMS opt-out requirements, data retention regulations, and E911 requirements.
This page is for informational purposes only. Compliance requirements vary by jurisdiction and industry. Consult with qualified legal counsel to determine your specific obligations before relying on any features described here.
Recording Consent
Many US states and most countries require that all parties consent to being recorded ("two-party consent" or "all-party consent"). Requirements vary:
| Jurisdiction | Requirement |
|---|---|
| Federal (US) | One-party consent (only one party needs to know) |
| California, Florida, Illinois, and 9 other US states | All-party consent required |
| European Union (GDPR) | Informed consent required |
| Canada | One-party consent federally; some provinces stricter |
| United Kingdom | One-party consent under RIPA |
The One Voice approach: Use the Consent Announcement feature to inform callers of recording before the call begins. This is the safest approach and satisfies all-party consent requirements in stricter jurisdictions.
See Call Recording → Consent Announcement for setup instructions.
Recording Retention Presets
The One Voice ships with industry-specific retention presets. When active, recordings cannot be deleted before the compliance minimum — even by admins.
| Preset | Minimum | Key Regulation |
|---|---|---|
| Financial (IRS) | 7 years | IRC §6501, Sarbanes-Oxley |
| Financial (SEC) | 6 years | SEC Rule 17a-4 |
| Financial (Dodd-Frank) | 5 years | Dodd-Frank Act Title VII |
| Healthcare (HIPAA) | 6 years | HIPAA Privacy & Security Rules |
| Telecom (FCC) | 2 years | FCC General Order 112 |
| Insurance | 7 years | State insurance regulations |
| Government | 7 years | Federal records requirements |
To activate a preset:
- Go to Settings → Recording
- Under Compliance Preset, select your industry
- Save
The daily cleanup job at 3AM UTC enforces the minimum floor.
Legal Hold
When litigation, investigation, or regulatory inquiry requires preserving records:
- Go to Settings → Recording
- Toggle Compliance Hold (All Recordings) — this blocks ALL deletions org-wide
- For individual recordings, use the per-recording Legal Hold toggle (see Call Recording)
Legal holds cannot be overridden by retention policies or user-initiated deletes. Release the hold explicitly when the matter is resolved.
SMS Opt-Out Compliance (TCPA / CASL)
TCPA (US)
The Telephone Consumer Protection Act requires:
- Prior express written consent for marketing messages
- Immediate opt-out processing upon STOP reply
- Identification of sender in every message
The One Voice automatically processes opt-out keywords (STOP, UNSUBSCRIBE) and excludes opted-out numbers from all outbound SMS.
CASL (Canada)
Canada's Anti-Spam Legislation requires:
- Express or implied consent before sending commercial electronic messages
- Your full business name and contact information in every message
- An unsubscribe mechanism that works within 10 business days
The One Voice provides opt-out processing, but CASL consent management (documenting consent) is your responsibility.
10DLC
For US business SMS, 10DLC registration is not just a carrier requirement — it's how you document your messaging use case and consent practices. See SMS → 10DLC Registration.
E911 Compliance
E911 (Enhanced 911) links a physical address to each phone number so that emergency services can locate a caller.
Requirements:
- All numbers used for voice calling should have an E911 address
- For remote/mobile workers, the address should be updated when the employee works from a different location
- Some states mandate E911 registration for VoIP providers
To configure E911:
- Go to E911 in the left navigation
- For each number, click Add Address
- Enter the physical street address (validated against MSAG — Master Street Address Guide)
- Save
The E911 compliance report (also visible to your MSP in their admin portal) shows which numbers have and haven't been registered.
HIPAA Considerations
If you handle Protected Health Information (PHI) in calls (e.g., if your clients are healthcare providers):
- Enable the Healthcare (HIPAA) retention preset
- Disable or carefully control AI transcription — transcripts may contain PHI
- Use the recording consent announcement to inform patients
- Ensure your Voice subscription includes a Business Associate Agreement (BAA) — contact support to obtain one
Audit Log
All compliance-relevant actions are captured in the immutable Audit Log:
- Recording policy changes
- Legal hold set/released
- Compliance preset changed
- Recording accessed, downloaded, or deleted
- E911 address added/changed
Go to Settings → Audit Log to view and export.