Vocelio.ai SMS & Call Compliance Policy - TCPA, CAN-SPAM & Global Regulations

1. Compliance Overview

This policy outlines the mandatory compliance requirements for all users of the Vocelio.ai platform, operated by Orionex Trading LLC (“Vocelio.ai,” “Company,” “we,” or “us”). Compliance with telecommunications and messaging laws is not optional — it is a legal requirement that protects both your business and the consumers you contact. .

🚨 YOUR RESPONSIBILITY

YOU are responsible for ensuring all your communications comply with applicable laws. Vocelio.ai provides tools and guidance, but ultimate compliance responsibility rests with you as the account holder and message sender.

1.1 Key Regulatory Frameworks

📞 TCPA (USA)

Telephone Consumer Protection Act
Regulates calls and texts to mobile phones, landlines, and fax machines. Requires explicit consent for marketing communications.

📧 CAN-SPAM (USA)

Controlling the Assault of Non-Solicited Pornography And Marketing Act
Sets rules for commercial email and messaging, including identification and opt-out requirements.

🌍 GDPR (EU)

General Data Protection Regulation
European privacy law requiring explicit consent for processing personal data, including phone numbers and contact information.

🇨🇦 CASL (Canada)

Canadian Anti-Spam Legislation
Requires express consent for commercial electronic messages and provides strict penalties for violations.

1.2 Compliance Principles

Consent First: Always obtain proper consent before making contact
Transparency: Clearly identify yourself and your purpose
Respect Preferences: Honor opt-out requests immediately
Time Awareness: Follow time restrictions for calling
Documentation: Maintain detailed records of consent and communications

1.3 Vocelio.ai's Role

Vocelio.ai provides:

Compliance Tools: Built-in features to help maintain compliance
Documentation: Guidance and best practices
Monitoring: Platform-level compliance checking
Support: Assistance with compliance questions

⚠️ Important Disclaimer

This policy provides guidance but is not legal advice. Consult with qualified legal counsel for specific compliance questions related to your business and use cases.

2. TCPA Requirements

The Telephone Consumer Protection Act (TCPA) is the primary law governing automated calls and texts in the United States. Non-compliance can result in fines of $500-$1,500 per violation.

2.1 TCPA Coverage

TCPA applies to:

Mobile Phones: All calls and texts to cell phones
Residential Landlines: Calls using artificial or prerecorded voice
Business Landlines: Certain marketing calls
Fax Machines: Unsolicited fax advertisements

2.2 Consent Requirements

📝 Required Consent Types

TCPA requires different levels of consent based on call type:

Express Written Consent: Marketing/advertising calls to mobile phones
Express Consent: Informational calls (appointments, confirmations)
Prior Express Consent: Calls to existing customers

Express Written Consent Requirements

For marketing calls to mobile phones, you must obtain consent that:

Is in Writing: Physical or electronic signature
Clearly Authorizes: Specifically permits automated calls/texts
Identifies the Seller: Names the business making calls
Includes Phone Number: Lists the number to be called
Has Clear Terms: Explains what consumer is agreeing to

2.3 Exemptions and Safe Harbors

Existing Business Relationship (EBR)

You may call existing customers without express written consent if:

Purchase/Transaction: Customer made a purchase within 18 months
Inquiry: Customer inquired about products/services within 3 months
Related Products: Calls are about same type of goods/services
No Opt-Out: Customer hasn't requested to stop receiving calls

Emergency and Non-Commercial Calls

TCPA doesn't apply to:

Emergency Calls: Health, safety, or emergency notifications
Non-Commercial: Political calls, surveys, debt collection
Healthcare: HIPAA-covered healthcare communications
Financial: Account notifications from financial institutions

2.4 Autodialer Definition

🤖 AI Calls & Autodialers

Vocelio.ai's AI calling system may be considered an "autodialer" under TCPA. This means:

Consent Required: You need proper consent for marketing calls
Strict Compliance: Must follow all TCPA requirements
Documentation: Maintain proof of consent
Opt-Out Compliance: Honor requests to stop calling

2.5 TCPA Compliance Best Practices

Double Opt-In: Confirm consent with follow-up verification
Clear Language: Use plain English in consent forms
Separate Consent: Don't bundle with other agreements
Regular Audits: Review consent records regularly
Training: Educate your team on TCPA requirements

3. Consent Management

Proper consent management is the foundation of compliant calling. This section outlines how to obtain, document, and manage consent effectively.

3.1 Types of Consent

✍️ Express Written Consent

Required For: Marketing calls to mobile phones
Format: Written signature (electronic or physical)
Specificity: Must specifically authorize automated calls

🗣️ Express Oral Consent

Required For: Informational calls
Format: Verbal agreement
Documentation: Must record and maintain proof

🤝 Implied Consent

Limited Scope: Existing business relationships
Time Limits: 18 months for purchases, 3 months for inquiries
Restrictions: Related products/services only

📱 Digital Consent

Web Forms: Online consent forms with clear opt-ins
Mobile Apps: In-app consent mechanisms
SMS Opt-In: Text-to-join campaigns

3.2 Consent Form Requirements

✅ Compliant Consent Form Elements

Every consent form must include:

Clear Authorization: "I agree to receive automated calls and texts"
Business Identification: Company name and contact information
Phone Number Field: Customer provides number to be called
Signature/Opt-In: Clear action indicating consent
Opt-Out Instructions: How to revoke consent
No Purchase Required: Consent not condition of purchase

Sample Consent Language

📝 Example Consent Text

"By providing your phone number and clicking 'I Agree', you expressly consent to receive automated calls and text messages from [Company Name] at the number provided. Consent is not required to make a purchase. Message and data rates may apply. You can opt out at any time by texting STOP or calling [opt-out number]."

3.3 Consent Documentation

You must maintain records of:

Consent Forms: Original forms with signatures/opt-ins
Timestamps: Date and time consent was obtained
IP Addresses: For online forms, capture IP addresses
Source Information: How and where consent was obtained
Scope of Consent: What the customer agreed to receive

3.4 Consent Verification

🔍 Verification Best Practices

Double Opt-In: Send confirmation message to verify number
Record Keeping: Maintain detailed consent logs
Regular Audits: Periodically verify consent validity
Source Tracking: Know where each consent came from

3.5 Consent Revocation

Customers can revoke consent at any time:

Any Method: Verbal, written, or electronic request
Immediate Effect: Must honor revocation within 30 days
Any Representative: Request to any company representative
Reasonable Interpretation: Accept any clear indication to stop

3.6 Consent Management in Vocelio.ai

Our platform provides:

Consent Tracking: Built-in consent status for each contact
Automatic Suppression: Prevents calls to non-consented numbers
Audit Trails: Complete history of consent changes
Integration APIs: Connect with your consent management systems

4. Opt-Out Procedures

Providing clear, easy opt-out mechanisms is required by law and builds customer trust. This section covers how to implement compliant opt-out procedures.

4.1 Opt-Out Requirements

🚨 Critical Opt-Out Rules

Always Available: Provide opt-out in every communication
Easy and Free: Simple, no-cost method to opt out
Immediate Honor: Process requests within 30 days (24 hours for texts)
No Fees: Cannot charge for opt-out requests
Any Method: Accept verbal, written, or electronic requests

4.2 Opt-Out Methods

Voice Calls

Verbal Requests: "Please remove me from your list"
Interactive Options: "Press 1 to be removed"
Transfer to Agent: "Speak to representative to opt out"
Callback Number: Provide number to call for removal

Text Messages

STOP Keyword: Reply "STOP" to any message
Alternative Keywords: UNSUBSCRIBE, QUIT, CANCEL, END
Help Information: Reply "HELP" for assistance
Confirmation Message: Send confirmation of opt-out

4.3 Opt-Out Processing

✅ Required Processing Steps

Immediate Recognition: System recognizes opt-out request
Suppression List: Add number to do-not-call list
Confirmation: Send confirmation of opt-out (if requested)
Share Lists: Update all relevant calling systems
Record Keeping: Document opt-out date and method

4.4 Suppression List Management

Maintain comprehensive suppression lists:

Internal Lists: Customers who opted out of your communications
Company-Wide: Share opt-outs across all campaigns
Permanent Storage: Keep opt-out records indefinitely
Regular Updates: Update lists before each campaign
Third-Party Integration: Import external suppression lists

4.5 Partial Opt-Outs

Customers may opt out of specific types of communications:

Marketing Only: Stop promotional calls but allow service calls
Channel Specific: No texts but calls are okay
Time-Based: No calls during certain hours
Frequency Limits: Reduce but don't eliminate communications

⚠️ Opt-Out Exceptions

Even after opt-out, you may still contact customers for:

Transactional Messages: Order confirmations, shipping updates
Account Security: Fraud alerts, security notifications
Legal Requirements: Regulatory notifications
Emergency Communications: Safety and health alerts

4.6 Vocelio.ai Opt-Out Features

Our platform automatically:

Keyword Detection: Recognizes STOP and other opt-out keywords
Instant Suppression: Immediately adds numbers to suppression list
Cross-Campaign Protection: Applies opt-outs to all campaigns
Audit Logging: Records all opt-out activities
API Integration: Syncs with your CRM opt-out lists

5. Time Restrictions

Federal and state laws restrict when you can make calls and send texts. Violating time restrictions is one of the most common compliance failures.

5.1 Federal Time Restrictions

🕐 TCPA Time Rules

Permitted Calling Hours:

Start Time: 8:00 AM local time (recipient's time zone)
End Time: 9:00 PM local time (recipient's time zone)
Time Zone: Always use recipient's local time
Every Day: Applies to all days including weekends

5.2 State-Specific Restrictions

Many states have stricter rules than federal law:

State	Calling Hours	Special Restrictions
California	8 AM - 9 PM	Sunday restrictions in some areas
Florida	8 AM - 8 PM	Earlier end time
Texas	9 AM - 9 PM	Later start time
New York	8 AM - 9 PM	Enhanced penalties
Illinois	8 AM - 9 PM	Sunday restrictions

5.3 Time Zone Management

🌍 Time Zone Compliance

Critical time zone considerations:

Recipient's Time Zone: Always use the called party's local time
Area Code Mapping: Don't rely solely on area codes
Mobile Numbers: May not match current location
Database Updates: Keep time zone data current
Daylight Saving: Account for DST changes

5.4 Holiday and Weekend Restrictions

Consider additional restrictions for:

Federal Holidays: Some industries avoid holiday calling
Religious Observances: Respect major religious holidays
Local Customs: Regional preferences and traditions
Business vs Consumer: Different expectations for B2B vs B2C

5.5 Emergency Exceptions

Time restrictions may not apply to:

Health Emergencies: Medical alerts and urgent health information
Safety Notifications: Security alerts and safety warnings
Service Disruptions: Utility outages and service interruptions
Account Security: Fraud alerts and security breaches

5.6 Best Practices for Time Management

Conservative Approach: Use the most restrictive applicable time rules
Regular Updates: Keep time zone and regulatory databases current
Customer Preferences: Allow customers to set preferred contact times
Buffer Times: Stop calling 15 minutes before restrictions
Documentation: Log the time zone used for each call

5.7 Vocelio.ai Time Management

Our platform automatically:

Time Zone Detection: Identifies recipient time zones
Automatic Scheduling: Only calls during permitted hours
State Law Compliance: Applies most restrictive applicable rules
Holiday Calendars: Optionally avoids holiday calling
Custom Schedules: Allows customer-specific time preferences

6. Do Not Call List Compliance

Do Not Call (DNC) registries allow consumers to limit unwanted telemarketing calls. Compliance with DNC lists is mandatory and heavily enforced.

6.1 National Do Not Call Registry

📋 National DNC Registry Facts

Managed By: Federal Trade Commission (FTC)
Coverage: All 50 states, territories, and Washington DC
Registration: Free for consumers at donotcall.gov
Permanence: Numbers remain on list indefinitely
Updates: Updated monthly with new registrations

6.2 State Do Not Call Lists

Many states maintain their own DNC registries with additional restrictions:

Broader Coverage: May include business numbers
Stricter Rules: More restrictive than federal requirements
Higher Penalties: State-specific fines and enforcement
Additional Requirements: Special registration or bonding

6.3 DNC Exemptions

The following are generally exempt from DNC restrictions:

Existing Business Relationships

Recent Customers: Purchased within 18 months
Recent Inquiries: Inquired within 3 months
Related Products: Same type of goods/services
No Opt-Out: Customer hasn't requested to stop calls

Non-Commercial Calls

Political Campaigns: Candidate and issue advocacy
Charities: Non-profit fundraising calls
Surveys: Research and polling calls
Religious Organizations: Faith-based outreach

Informational Calls

Account Information: Billing and service updates
Appointment Reminders: Healthcare and service appointments
Delivery Notifications: Package and service delivery
Emergency Alerts: Safety and security notifications

6.4 DNC Scrubbing Requirements

🧹 Mandatory Scrubbing Process

Before any marketing campaign, you must:

Download Current Lists: Get latest DNC registry data
Scrub All Numbers: Remove DNC numbers from call lists
Use Latest Data: Registry data must be less than 31 days old
Include State Lists: Check applicable state registries
Document Process: Maintain records of scrubbing activities

6.5 Safe Harbor Provisions

To qualify for safe harbor protection:

Written Procedures: Documented DNC compliance procedures
Employee Training: Staff trained on DNC requirements
Regular Scrubbing: Monthly updates of calling lists
Record Keeping: Maintain detailed compliance records
Prompt Response: Quickly investigate and resolve complaints

6.6 Industry-Specific DNC Lists

Some industries maintain specialized suppression lists:

Healthcare: HIPAA-related suppression lists
Financial Services: Credit and loan suppression lists
Insurance: Industry-specific do-not-call lists
Real Estate: Property-related suppression lists

6.7 Vocelio.ai DNC Integration

Our platform provides:

Automatic Scrubbing: Real-time DNC list checking
Multiple Sources: Federal and state DNC list integration
Regular Updates: Automatic list updates and synchronization
Audit Trails: Complete records of scrubbing activities
Custom Suppression: Upload your own suppression lists

7. SMS Compliance

Text message compliance involves multiple regulations and carrier requirements. SMS violations can result in immediate number blocking and significant penalties.

7.1 SMS Regulatory Framework

📞 TCPA for SMS

Express Written Consent: Required for marketing texts
Penalties: $500-$1,500 per violation
Autodialer Rules: Apply to automated texting

📱 Carrier Guidelines

10DLC Registration: Required for business messaging
Message Filtering: Carriers block suspicious content
Throughput Limits: Rate limiting based on registration

🛡️ CTIA Guidelines

Industry Standards: Wireless industry best practices
Consent Requirements: Clear opt-in procedures
Content Standards: Prohibited content types

🌐 SHAFT Compliance

Prohibited Content: Sex, Hate, Alcohol, Firearms, Tobacco
Automatic Blocking: Carriers filter SHAFT content
Account Suspension: Risk of service termination

7.2 SMS Consent Requirements

📝 SMS Consent Standards

For marketing SMS, you must obtain consent that includes:

Clear Agreement: "I agree to receive text messages"
Frequency Disclosure: How often you'll send messages
Cost Warning: "Message and data rates may apply"
Opt-Out Instructions: "Reply STOP to opt out"
Help Information: "Reply HELP for help"
Terms Reference: Link to full terms and conditions

7.3 Required SMS Keywords

STOP Keywords

Must respond to all variations:

Primary: STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, QUIT
Case Insensitive: Accept uppercase, lowercase, mixed case
Immediate Processing: Stop messages within minutes
Confirmation Required: Send confirmation of opt-out

HELP Keywords

Provide assistance information:

Keywords: HELP, INFO, SUPPORT
Response Content: Company name, contact info, opt-out instructions
Character Limit: Keep under 160 characters
Customer Service: Include phone number for support

7.4 SMS Content Guidelines

🚫 Prohibited SMS Content

Carriers will block messages containing:

SHAFT Content: Sex, Hate, Alcohol, Firearms, Tobacco
Phishing: Requests for personal/financial information
Spam Indicators: Excessive caps, special characters
Illegal Content: Drugs, gambling, fraud
URL Shorteners: Suspicious link shortening services

7.5 10DLC Registration

Required for business SMS in the US:

Brand Registration: Register your business with carriers
Campaign Registration: Register each messaging campaign
Use Case Classification: Specify message purpose and content
Throughput Approval: Higher sending limits for registered brands

7.6 SMS Timing and Frequency

⏰ SMS Best Practices

Reasonable Hours: 8 AM - 9 PM recipient time
Frequency Limits: No more than 1-2 messages per day
Relevant Content: Only send valuable, expected messages
Clear Purpose: Each message should have clear value

7.7 International SMS Compliance

Different countries have varying SMS regulations:

European Union: GDPR consent requirements
Canada: CASL anti-spam legislation
Australia: Spam Act compliance
United Kingdom: PECR and ICO guidelines

8. International Compliance

When making international calls or contacting international prospects, you must comply with local telecommunications laws and regulations.

8.1 European Union (GDPR)

🇪🇺 GDPR Requirements for Calling

Legal Basis: Must have valid legal basis for processing phone numbers
Consent: Explicit consent required for marketing calls
Data Minimization: Only collect necessary contact information
Right to Erasure: Delete data upon request
Data Protection Impact Assessment: Required for high-risk processing

8.2 Canada (CASL)

Canadian Anti-Spam Legislation requirements:

Express Consent: Clear opt-in for commercial messages
Identification: Sender must be clearly identified
Unsubscribe: Easy opt-out mechanism required
Penalties: Up to $10 million CAD for violations

8.3 Australia

Do Not Call Register and Spam Act compliance:

DNC Register: Check Australian Do Not Call Register
Consent Requirements: Express consent for marketing
Time Restrictions: Weekdays 9 AM - 8 PM, Saturday 9 AM - 5 PM
Sunday Prohibition: No marketing calls on Sundays

8.4 United Kingdom

PECR and ICO guidelines:

TPS Registration: Check Telephone Preference Service
Consent Rules: Clear consent for automated calls
Caller ID: Must not withhold caller identification
ICO Registration: Data controller registration required

8.5 Country-Specific Considerations

🇩🇪 Germany

Strict Consent: Very strict consent requirements
Business Hours: Limited calling hours
High Penalties: Significant fines for violations

🇫🇷 France

Bloctel List: National do-not-call registry
B2B Restrictions: Limited business calling
CNIL Oversight: Data protection authority

🇯🇵 Japan

Personal Information Protection: Consent requirements
Cultural Sensitivity: Respect for privacy
Business Practices: Formal communication style

🇧🇷 Brazil

LGPD Compliance: Brazilian data protection law
Consumer Protection: Strong consumer rights
Local Registration: Business registration requirements

8.6 International Best Practices

🌍 Global Compliance Strategy

Local Legal Review: Consult local attorneys in target countries
Conservative Approach: Apply strictest applicable rules
Cultural Sensitivity: Respect local business customs
Language Considerations: Provide opt-out in local language
Time Zone Awareness: Respect local time restrictions
Regular Updates: Monitor changes in international laws

9. AI-Specific Compliance Rules

AI-powered calling systems have unique compliance considerations beyond traditional telemarketing rules.

9.1 AI Disclosure Requirements

🤖 AI Transparency Rules

Some jurisdictions require disclosure when AI is used:

California SB-1001: Requires bots to identify themselves
Proposed Federal Rules: FCC considering AI disclosure requirements
Industry Best Practice: Many recommend voluntary disclosure
Consumer Expectations: Growing expectation for AI transparency

9.2 Voice Synthesis Considerations

Human-like AI voices raise special concerns:

Deception Prevention: Avoid intentionally deceiving consumers
Clear Communication: Ensure AI can communicate clearly
Context Awareness: AI should understand conversation context
Appropriate Responses: Handle unexpected situations properly

9.3 Automated Decision Making

GDPR and other laws regulate automated decisions:

Right to Human Review: Option to request human intervention
Decision Transparency: Explain automated decision logic
Bias Prevention: Ensure fair and non-discriminatory outcomes
Data Quality: Use accurate, up-to-date information

9.4 AI Training and Data Use

📊 Training Data Compliance

When using conversation data to improve AI:

Consent for Training: Separate consent for AI improvement
Data Anonymization: Remove personally identifiable information
Opt-Out Options: Allow exclusion from training data
Data Minimization: Use only necessary data for training

9.5 Human Oversight Requirements

Maintain appropriate human control:

Transfer Capability: Easy transfer to human agents
Monitoring Systems: Human oversight of AI conversations
Intervention Triggers: Automated alerts for problematic calls
Quality Assurance: Regular review of AI performance

9.6 Emerging AI Regulations

Stay aware of developing AI-specific laws:

EU AI Act: Comprehensive AI regulation in Europe
State Legislation: Various US states considering AI rules
Industry Standards: Emerging AI ethics guidelines
FCC Proceedings: US telecom regulator AI considerations

10. Penalties & Enforcement

Understanding potential penalties helps prioritize compliance efforts and demonstrates the serious consequences of violations.

10.1 TCPA Penalties

Violation Type	Penalty Range	Additional Notes
Standard TCPA Violation	$500 - $1,500 per call	Per call/text without consent
Willful/Knowing Violation	Up to $1,500 per call	Treble damages possible
Class Action Settlements	$1M - $100M+	Can involve millions of calls
Do Not Call Violations	Up to $43,792 per call	FTC enforcement action

10.2 State-Level Penalties

States often impose additional penalties:

California: Up to $2,500 per violation under state law
Florida: $500 per violation plus injunctive relief
Texas: Up to $25,000 per violation for businesses
Illinois: $500-$1,500 per call plus attorney fees

10.3 International Penalties

🌍 Global Enforcement Actions

GDPR Fines: Up to 4% of global annual revenue or €20M
Canada CASL: Up to $10M CAD for businesses
Australia: Up to $2.2M AUD per violation
UK ICO: Up to £17.5M or 4% of annual turnover

10.4 Enforcement Agencies

Federal Agencies

FCC: TCPA enforcement and rulemaking
FTC: Do Not Call Registry and consumer protection
State AGs: State-level consumer protection enforcement

Private Enforcement

Individual Lawsuits: Consumers can sue for damages
Class Action Suits: Large-scale litigation
Attorney Fees: Prevailing plaintiffs often recover legal costs

10.5 Non-Monetary Consequences

Compliance failures can result in:

Injunctive Relief: Court orders to stop calling
Carrier Blocking: Phone carriers blocking your numbers
Reputation Damage: Negative publicity and brand harm
Regulatory Scrutiny: Increased oversight and monitoring
Business Impact: Loss of customers and revenue

10.6 Recent Enforcement Trends

Increased Activity: More enforcement actions each year
Higher Penalties: Larger settlements and judgments
Technology Focus: Scrutiny of AI and automated systems
Broad Liability: Liability for third-party violations