Regulatory frameworks
GDPR (General Data Protection Regulation)
GDPR (General Data Protection Regulation)
If you serve customers in the European Union:
- Inform users that they are interacting with an AI system
- Obtain consent before processing personal data through AI features
- Honor data subject requests including the right to erasure and data portability
- Document your AI processing activities in your records of processing
- Review the Data privacy guide for HoopAI-specific data handling details
HIPAA (Health Insurance Portability and Accountability Act)
HIPAA (Health Insurance Portability and Accountability Act)
If you handle protected health information (PHI):
- Do not include PHI in AI system prompts or knowledge bases without a BAA in place
- Configure your AI agents to avoid requesting or storing sensitive health data in conversation
- Review HoopAI HIPAA compliance capabilities with your account representative
TCPA (Telephone Consumer Protection Act)
TCPA (Telephone Consumer Protection Act)
For Voice AI and SMS-based Conversation AI:
- Obtain prior express consent before making automated calls or sending AI-generated texts
- Provide a clear opt-out mechanism in every interaction
- Respect do-not-call lists and time-of-day calling restrictions
- Disclose that the caller or responder is an AI system
Best practices for compliance
- Always disclose AI involvement in customer interactions
- Regularly audit your AI configurations for compliance with applicable regulations
- Keep your knowledge base and system prompts free of sensitive personal data unless necessary
- Document your AI deployment decisions and the safeguards you have in place
- Train your team on responsible AI use
Next steps
Data privacy
How HoopAI handles data in AI features
AI safety overview
Our principles for responsible AI