Safety, Security, and Compliance
How MERCENAI approaches responsible AI calling, sensitive data, outbound rules, BAA requests, and security.
Last updated: June 24, 2026Safety, security, and compliance
MERCENAI is built for businesses that depend on calls, customer trust, and clean follow-up. We design the platform to support responsible use of AI phone agents, while customers remain responsible for how they configure agents, what data they upload, and who they call.
Telemarketing and outbound calling
Outbound calling laws can require consent, do-not-call screening, calling-hour limits, caller identity disclosures, AI voice disclosures, opt-out handling, and consent records. You are responsible for making sure every campaign follows the laws that apply to your business and your callers.
- Use approved lead sources only.
- Keep consent records where required.
- Respect federal, state, internal, and customer-specific do-not-call lists.
- Do not use MERCENAI for spam, harassment, fraud, or deceptive calling.
- Include AI and recording disclosures when required by law.
Call recording and caller consent
Some states and countries require consent before recording calls or processing call audio. You are responsible for deciding when recording is enabled, what disclosures are used, and whether consent is required before a call continues.
HIPAA and BAA support
For healthcare or other sensitive workflows, MERCENAI can discuss HIPAA-aligned configurations and Business Associate Agreements for eligible customers. Do not upload protected health information or use MERCENAI for HIPAA-regulated workflows unless a signed BAA is in place and your account has been configured for that use case.
MERCENAI does not claim that every account, workflow, or customer use case is automatically HIPAA compliant.
GDPR and DPA requests
If your business requires a Data Processing Agreement, contact us before uploading regulated personal data. We can review DPA needs for eligible accounts and help clarify how data is processed for your use case.
Security practices
- Access controls for account data and dashboard access.
- Use of established service providers for hosting, payments, communications, and infrastructure.
- Commercially reasonable safeguards for data in transit and at rest where supported by service providers.
- Monitoring and abuse-prevention controls designed to protect the platform.
- Operational review of sensitive or high-volume use cases when needed.
Customer responsibility
MERCENAI provides tools. You control the caller lists, scripts, rules, offers, disclosures, escalation paths, and business data. You are responsible for reviewing agent behavior, testing before launch, monitoring live use, and complying with laws that apply to your business.
Need a BAA, DPA, or compliance review?
Email georgetasan8@gmail.com with your company name, use case, industry, expected call volume, and whether you need a BAA or DPA.
Helpful public resources
- HHS HIPAA Business Associate guidance: https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/
- FTC Telemarketing Sales Rule guidance: https://www.ftc.gov/business-guidance/resources/complying-telemarketing-sales-rule
- FCC AI-generated voice and TCPA guidance: https://www.fcc.gov/document/fcc-confirms-tcpa-applies-ai-technologies-generate-human-voices