Compliance & Trust

Enterprise-grade security and compliance built into every call.

Built for Trust & Security

Your data and communications are protected at every level

SOC 2 Type II Certified
GDPR Compliant
HIPAA Eligible
PCI-DSS Level 1

Regulatory Compliance

Meeting telecommunications standards worldwide

📋

TCPA Compliance (USA)

The Telephone Consumer Protection Act (TCPA) regulates telemarketing calls, auto-dialed calls, prerecorded calls, text messages, and faxes.

Your Responsibilities:

  • Obtain prior express written consent before calling or texting
  • Honor Do Not Call (DNC) registry requirements
  • Provide clear opt-out mechanisms
  • Maintain consent records

How We Help: Built-in DNC list management, consent tracking tools, and opt-out automation.

🌍

GDPR (European Union)

The General Data Protection Regulation protects personal data and privacy of EU citizens.

Your Responsibilities:

  • Process personal data lawfully and transparently
  • Obtain explicit consent for data collection
  • Enable data access, portability, and deletion requests
  • Report data breaches within 72 hours

How We Help: Data encryption, EU data residency options, audit logs, and data export tools.

🏥

HIPAA (Healthcare)

Health Insurance Portability and Accountability Act protects sensitive patient health information.

For Healthcare Organizations:

  • Business Associate Agreement (BAA) available
  • Encrypted call recordings and storage
  • Access controls and audit trails
  • Secure data transmission (TLS/SRTP)

Note: HIPAA compliance requires Enterprise plan and signed BAA.

🇨🇦

CASL (Canada)

Canada's Anti-Spam Legislation regulates commercial electronic messages.

Your Responsibilities:

  • Obtain express or implied consent before messaging
  • Clearly identify your business in messages
  • Provide functional unsubscribe mechanism
  • Honor opt-out requests within 10 days

How We Help: Automated unsubscribe handling and consent documentation.

💳

PCI-DSS

Payment Card Industry Data Security Standard for handling payment card information.

  • Level 1 PCI-DSS compliance via Twilio infrastructure
  • Secure payment data handling
  • Encrypted storage and transmission
  • Regular security assessments
🔐

SOC 2 Type II

Independent audit of security, availability, and confidentiality controls.

  • Annual SOC 2 Type II audits
  • Continuous monitoring and improvement
  • Third-party verified security controls
  • Reports available under NDA

Customer Responsibility for Compliance

You are responsible for obtaining proper consent before calling or messaging contacts. ZaZaVoice provides tools to help manage compliance, but you must ensure your use of the platform complies with all applicable laws and regulations.

This includes, but is not limited to:

  • Obtaining consent before placing calls or sending messages
  • Maintaining records of consent
  • Honoring opt-out requests promptly
  • Complying with calling time restrictions
  • Following industry-specific regulations

Violations of telecommunications laws can result in significant fines and legal liability. Consult with legal counsel if you have questions about compliance requirements.

Security Infrastructure

Multiple layers of protection for your communications

Encryption in Transit

All communications encrypted with TLS 1.3 for signaling and SRTP for media streams. No unencrypted voice traffic.

Encryption at Rest

Call recordings, transcripts, and customer data encrypted with AES-256 encryption in secure cloud storage.

Access Controls

Role-based access control (RBAC), multi-factor authentication (MFA), and IP whitelisting available.

Audit Logging

Complete activity logs for all account actions, API calls, and data access. Exportable for compliance review.

Data Residency

Choose where your data is stored (USA, EU, Asia-Pacific) to meet data sovereignty requirements.

Network Security

DDoS protection, intrusion detection, and 24/7 security monitoring across all infrastructure.

Infrastructure & Reliability

Built on proven, carrier-grade technology

Twilio Partnership

ZaZaVoice is built on Twilio's communications infrastructure. We are an independent software vendor (ISV) and reseller, not a telecommunications carrier.

What this means:

  • All voice traffic routes through Twilio's carrier network
  • Phone numbers are provisioned through Twilio's licensed carrier relationships
  • We provide the user interface, billing, support, and business logic
  • You benefit from Twilio's proven 99.9% uptime and global infrastructure

This partnership ensures you receive carrier-grade reliability without the complexity of working directly with telecommunications providers.

Uptime & Availability

  • 99.9% uptime SLA on Pro and Enterprise plans
  • Multi-region active-active deployment
  • Automatic failover and redundancy
  • Real-time status monitoring at status.zazavoice.com (example)

Data Backup & Recovery

  • Automatic daily backups of all customer data
  • Point-in-time recovery capabilities
  • Geo-redundant storage across multiple regions
  • Disaster recovery procedures tested quarterly

Compliance Tools & Features

Built-in tools to help you stay compliant

Consent Management

Track and document customer consent for calling and messaging. Store consent timestamp, method, and source.

Do Not Call Lists

Import and manage DNC lists. Automatic scrubbing prevents calls to opted-out numbers.

Opt-Out Automation

Automatic handling of STOP keywords for SMS. Immediate suppression from future communications.

Call Recording Disclosure

Configurable announcements to notify callers of recording, meeting two-party consent requirements.

Time Zone Compliance

Automatic enforcement of calling time restrictions based on recipient location and local regulations.

Audit Reports

Exportable reports for compliance audits including call logs, consent records, and opt-out history.

Privacy Practices

How we handle and protect your data

Data Collection

We collect only data necessary to provide our services: account information, call metadata, recordings (if enabled), and billing details. We do not sell customer data to third parties.

Data Retention

Call recordings retained according to your plan (30 days to unlimited). Call metadata retained for 2 years for billing and compliance. You can request data deletion at any time.

Data Sharing

We share data only with Twilio (our infrastructure provider) and payment processors. We comply with lawful subpoenas and legal requests as required by law.

Your Rights

You have the right to access, export, correct, or delete your data. Contact compliance@zazavoice.com to exercise these rights.

Compliance Questions?

Our team is here to help

For compliance-related questions, regulatory inquiries, or to request compliance documentation (SOC 2 reports, BAA, DPA), contact our compliance team.

Compliance Team

compliance@zazavoice.com

Legal Disclosure

ZaZaVoice is a product of MR Recruits Limited Liability Company (USA). We operate as an independent software vendor (ISV) and reseller. All telecommunications services are provided through our partnership with Twilio, a licensed telecommunications carrier. We are not a carrier and do not own telecommunications infrastructure.

Ready to Get Started?

Join businesses worldwide that trust ZaZaVoice for compliant, secure cloud calling.

Request Demo View Pricing