Always offers a human
The agent hands off to your team on request, and whenever a call clearly needs a person. It books the routine work and makes sure no caller is ever stuck in voicemail — it does not replace your crew.
Security & compliance
Trustworthy on every call — by design
An AI answering your phone only works if your customers trust it and it keeps you on the right side of the rules. Here’s exactly how Brass AI is built to do both — with the guardrails baked in, not bolted on afterward.
The guardrails, in plain language
Six commitments that every call runs through.
Honest by design — enforced in code
The agent never claims a booking, an available slot, or a confirmation text that didn't actually happen. When messaging isn't connected, a notification is recorded as “queued/unsent” — never reported as delivered. This is enforced in the platform, not just asked of the prompt.
Announces that it's an AI
Every caller is told up front they're speaking with your automated assistant. No impersonation of a human, in line with the direction of AI-disclosure regulation.
Consent-aware call recording
Calls can be recorded and transcribed to do the job. In all-party-consent states the agent discloses recording at the start of the call, with region-aware prompts you configure — so disclosure matches where your callers are.
Caller PII masked before storage
Phone numbers and service addresses are masked before they're written to the database or shown in your dashboard, so sensitive caller details aren't sitting in the clear.
Encrypted & scoped per account
Traffic is encrypted in transit (HTTPS/TLS), the dashboard is gated by signed, expiring sessions, and access is rate-limited and scoped per tenant so one business can never see another's data.
Compliance posture
Where the rules are, and how we stay aligned
TCPA — and it applies to AI voices
In 2024 the FCC confirmed the TCPA's restrictions on artificial/prerecorded voices cover AI-generated voices. Those rules center on outbound calling; Brass AI is built around inbound calls a customer chose to make, and confirmation texts are sent only for a job the caller asked you to book.
All-party call-recording consent
Recording-consent law is state by state. For callers in all-party-consent states, disclose recording at the start of the call — the agent's greeting does exactly that where you enable it. The per-region details live in our Privacy Policy.
AI-disclosure laws are coming
New rules increasingly require telling people when they're talking to AI. Brass AI already identifies itself as an automated assistant on every call, so you're aligned with where the regulation is heading.
The per-region detail lives in our Privacy Policy and Terms. Brass AI gives you the tooling to disclose and obtain consent; each business stays responsible for the notices its callers see.
Your data stays yours
You own the calls, bookings, and customer details Brass AI handles for you. We process them to run your front desk — nothing more.
- We never sell your data, and we don't use caller recordings to train third-party ad profiles.
- Export or delete your workspace data whenever you want.
- Operator passwords are stored only as salted PBKDF2 hashes — never in plaintext.
- A current list of subprocessors (voice AI, telephony, hosting, email) is in our Privacy Policy and available on request.
On the roadmap:formal SOC 2 Type II attestation. We’ll publish it here once it’s complete — we won’t claim a certification we don’t yet hold.
Questions about security?
Talk to us about your compliance needs, or start a free pilot and see the guardrails in action on your own line.