Allo’s compliance tools
Allo gives you four tools to stay compliant with recording laws. Mix and match based on your needs.- Consent Message
- Privacy Mode
- Transcription Control
- AI Provider Choice
Inbound consent message
An automated message plays before the call connects: “This call is recorded for quality and training purposes.”Who it’s for: Teams receiving inbound calls that need to notify callers.How it works:- Message plays automatically before the phone rings
- Caller hears it before anyone picks up
- Customizable text
- Toggle per phone number or org-wide
Enable consent message
US recording laws
Federal law (one-party consent) allows recording if one party consents. But when calls cross state lines, the stricter state’s law applies. For outbound sales teams calling all 50 states, this matters.All-party (dual) consent states — 13 states
All-party (dual) consent states — 13 states
These states require all parties to consent before recording:
All other states follow one-party consent (federal baseline).
| State | Key notes |
|---|---|
| California | All-party consent. Violations carry criminal penalties. |
| Connecticut | All-party consent for in-person and phone. |
| Delaware | All-party consent. |
| Florida | All-party consent. Criminal and civil penalties. |
| Illinois | All-party consent. Also has BIPA for biometric data (see AI section). |
| Maryland | All-party consent. |
| Massachusetts | All-party consent. Strictest state — secret recordings are a felony. |
| Michigan | All-party consent. |
| Montana | All-party consent. |
| Nevada | All-party consent for in-person. One-party for phone (but courts vary). |
| New Hampshire | All-party consent. |
| Pennsylvania | All-party consent. Criminal penalties. |
| Washington | All-party consent. Criminal and civil penalties. |
Recommendation for outbound sales teams
Recommendation for outbound sales teams
If your team calls all 50 US states:
- Enable consent message for all inbound calls — covers you everywhere
- Enable privacy mode for outbound calls — no audio stored, transcripts + AI summaries still sync to your CRM
- Train your team to verbally disclose recording at the start of outbound calls to dual-consent states
Coming soon: state-level automatic compliance
Coming soon: state-level automatic compliance
Allo is building area-code-based compliance rules. This will let you automatically apply different recording settings based on the state you’re calling.Example: Calls to California numbers automatically use privacy mode, while calls to Texas numbers record normally.This feature is on the roadmap. Contact support for updates or to join the early access list.
EU & international
GDPR / European Union
GDPR / European Union
Recording requires a legal basis — typically consent or legitimate interest.Key requirements:
- Inform callers before recording starts
- Document your legal basis
- Provide access to recordings on request
- Honor deletion requests (right to erasure) — GDPR recommends 30 days
- Data processing agreement (DPA) available from Allo
- CNIL enforces strict consent rules
- Consent must be freely given, specific, and informed
- Recordings used for training must be anonymized or consented to separately
- Allo’s Mistral AI option keeps processing with a European provider
Canada (PIPEDA)
Canada (PIPEDA)
Federal PIPEDA follows one-party consent for calls. But provincial laws add requirements:
- Quebec — Stricter privacy law (Law 25). Consent required for recording.
- British Columbia & Alberta — PIPA applies. Similar to PIPEDA but with provincial enforcement.
Other countries
Other countries
Recording laws vary widely. For country-specific guidance:
- Check local telecommunications authority rules
- Consult legal counsel in target markets
- Contact Allo support for configuration help
AI & transcription compliance
Real-time transcription and AI analysis receive the same legal treatment as call recording. The same consent that covers recording also covers transcription. Key considerations:- BIPA (Illinois) — Speaker identification (voiceprints) may qualify as biometric data under BIPA. If you handle calls with Illinois residents, consult legal counsel about biometric consent.
- AI disclosure laws — California (AB 2013) and Texas require disclosure when AI is used to analyze calls. Your consent message should mention AI analysis.
- AI-generated summaries — Treated as derived data. Same retention and access rules apply as for recordings.
Data retention
Default: Recordings and transcripts are kept indefinitely in your Allo account. Custom retention: Contact Allo support to set auto-deletion after a specific number of days. Regulatory benchmarks:| Regulation | Guideline |
|---|---|
| GDPR | Delete when no longer necessary. 30 days recommended for call recordings. |
| CCPA | Respond to deletion requests within 45 days. |
| HIPAA | 6-year retention minimum. BAA available for healthcare customers. |
| SOX | 7-year retention for financial records including call records. |
Need a HIPAA Business Associate Agreement? Contact support — available for healthcare customers on Business plan.
FAQ
Can I keep transcripts but delete recordings?
Can I keep transcripts but delete recordings?
Yes. Enable Privacy Mode — audio is never stored, but transcription and AI summaries work normally. Transcripts sync to your CRM as usual.
Can I set compliance rules per state or area code?
Can I set compliance rules per state or area code?
Not yet. This feature is on the roadmap. For now, contact support to configure privacy mode per line or user.
Do I need consent even in one-party states?
Do I need consent even in one-party states?
Legally, no (if you’re the consenting party). But best practice: always disclose. Interstate calls default to the stricter state’s law. A blanket consent policy protects you everywhere.
Does the consent message play for every call?
Does the consent message play for every call?
Only for numbers where it’s enabled. You can configure it per number or org-wide.
Is AI transcription covered by recording consent?
Is AI transcription covered by recording consent?
Yes. Courts treat real-time transcription the same as recording. One consent disclosure covers both.
Can callers opt out of recording mid-call?
Can callers opt out of recording mid-call?
Not yet via an automated mechanism. Agents can manually note opt-outs. Contact support for custom workflows.
Where is my data stored?
Where is my data stored?
Encrypted at rest and in transit on Allo’s secure infrastructure. SOC 2 compliant. Visit our Trust Center for details.
What about HIPAA?
What about HIPAA?
Business Associate Agreements (BAA) are available for healthcare customers on the Business plan. Contact support to set one up.
Can I auto-delete recordings after X days?
Can I auto-delete recordings after X days?
Yes. Contact support to configure custom retention periods. Common settings: 30 days (GDPR), 90 days, or 1 year.
