Compliance at Lead Friendly
AI voice calling sits at the intersection of the TCPA, the FCC's February 2024 AI-voice ruling, 10DLC SMS registration, DNC scrub rules, and state-specific recording consent laws. Lead Friendly's outbound guards enforce every one of those before a single byte leaves the platform.
This page is a plain-language summary. Binding terms are in our Acceptable Use Policy and Terms of Service. You are responsible for your own consent posture and the legality of the campaigns you run. We're responsible for the platform-level guardrails that keep the technically-permitted channel from becoming a regulatory disaster.
What we enforce at the platform layer
- Artificial-voice disclosure — automatically injected into every AI voice agent prompt.
- National & internal DNC scrub — checked per send, refreshed at least every 31 days.
- Per-contact opt-out ledger — STOP keywords + email unsubscribe both write here. Future sends are blocked.
- 10DLC / TCR registration — required before US local-number SMS at production scale.
- TCPA quiet hours — 8am-9pm local recipient time by default, with state-specific overrides.
- Number-health quarantine — outbound numbers showing carrier-block patterns are automatically rotated out.
- Hiya / FCR caller-ID registration — reduces “Spam Likely” labelling.
- Two-party recording disclosure — opt-in per organization; required for two-party-consent jurisdictions.
Frequently asked questions
Is AI-generated voice calling legal in the United States?
Yes, with conditions. The FCC's February 2024 declaratory ruling treats AI-generated voice calls as "artificial or prerecorded voice" calls under the TCPA. That means prior express written consent (PEWC) is required for marketing calls to wireless or residential numbers, and an artificial-voice disclosure must be made at the start of the call. Lead Friendly's AI agents are configured to make that disclosure automatically.
Do you support 10DLC registration for SMS?
Yes. US local-number SMS goes through The Campaign Registry (TCR) via our Telnyx integration. You register your brand and use case once; the platform handles campaign assignment and routing. Unregistered traffic gets carrier-filtered with error 40010 — we will not let you send unregistered local-number SMS at production scale.
How do you handle DNC (Do Not Call) compliance?
Outbound voice and SMS go through a unified compliance guard before each send. The guard checks the recipient against the National DNC Registry, your organization's internal DNC list, and the per-contact opt-out ledger. Any match blocks the send and writes to the compliance audit log. DNC scrub data is refreshed at least every 31 days as required by the rule.
How does opt-out work?
Inbound STOP keywords on SMS automatically write to the messaging_opt_outs table for that contact + channel. The contact is immediately blocked from further outbound on that channel; subsequent sends are dropped at the guard with a "skipped_compliance" reason. Email unsubscribe links use HMAC-signed tokens and write to the same opt-out ledger.
Do you handle two-party-consent call recording states?
Yes. Call recording can be configured per-organization to require an opening disclosure prompt for two-party-consent jurisdictions. The AI voice agent prompt builder injects the disclosure automatically. We do not enable recording by default for organizations until they confirm their consent posture.
Are calls compliant with the FCC AI disclosure requirement?
Yes. Every AI voice agent prompt template includes the artificial-voice disclosure as required by 47 CFR § 64.1200(b). The disclosure plays at call start, before any sales messaging. There is no toggle to disable this — it is a hard product requirement.
What about quiet hours?
The outbound SMS and voice guards enforce TCPA-compliant quiet hours by default (8am-9pm in the recipient's local time, derived from the destination NPA-NXX). State-specific stricter windows (e.g. Florida 8am-8pm) can be configured per organization.
How is caller-ID spam-labeling handled?
Lead Friendly integrates with Hiya for caller-ID registration and supports Free Caller Registry (FCR) submission. Phone numbers acquired through the platform can be registered to your brand to reduce the risk of "Spam Likely" labeling. We track per-number health, automatically quarantine numbers that show carrier-block patterns, and rotate outbound traffic across healthy numbers.
Do you store HIPAA-protected data?
No. The platform is not HIPAA-eligible today and the AUP prohibits using it to transmit Protected Health Information (PHI). Healthcare use cases that don't touch PHI (general appointment reminders for non-medical services, for example) are fine.
What about international calling rules?
Today the platform is optimized for US compliance. International outbound is supported but the guards do not yet enforce country-specific rules (e.g. UK Telephone Preference Service, Canadian CRTC, EU GDPR ePrivacy). Customers running international campaigns are responsible for their own compliance posture in those jurisdictions.
Compliance questions for procurement?
Email security@leadfriendly.com for our latest compliance questionnaire response or DPA. Counsel-to-counsel walkthroughs of the TCPA / 10DLC posture available on request.