Home/Legal/Compliance
GDPR · CCPA · TCPA

Compliance

Last updated: 1 April 2026

RingDesk AI is designed to help businesses operate lawfully when using AI to handle phone calls. This page summarises the compliance frameworks relevant to our Service and your responsibilities as a user.

This page is informational. It does not constitute legal advice. You should consult a qualified legal professional for advice specific to your jurisdiction and industry.

1. Data Protection — GDPR (EU/EEA & UK)

RingDesk AI complies with the General Data Protection Regulation (EU) 2016/679 and the UK GDPR.

  • Lawful basis: We process personal data under contract performance, legitimate interests, and legal obligation.
  • Data residency: EU customer call processing is performed on EU-based infrastructure. Data is not transferred to third countries except under Standard Contractual Clauses (SCCs).
  • Data Processing Agreement (DPA): Available upon request at legal@ringdesk.net. Required for GDPR compliance when you are the data controller.
  • Data Subject Rights: We support all GDPR rights (access, erasure, portability, etc.) — see our Privacy Policy.
  • Retention: Call recordings deleted after 90 days by default; configurable to 7 days minimum.
  • Breach notification: We will notify affected customers within 72 hours of becoming aware of a personal data breach.

2. Data Protection — CCPA (California, USA)

RingDesk AI complies with the California Consumer Privacy Act (CCPA) and CPRA amendments.

  • We do not sell personal information.
  • California residents may request access, deletion, and portability of their personal data.
  • We do not use sensitive personal information for purposes beyond those disclosed.
  • Contact legal@ringdesk.net to exercise CCPA rights.

3. Telemarketing Compliance — TCPA (USA)

If you use RingDesk AI to make outbound calls to US numbers, you are responsible for complying with the Telephone Consumer Protection Act (TCPA). Key requirements:

  • You must have prior express written consent before using automated calling to wireless numbers for marketing purposes.
  • Calls must be made within permitted hours (8am–9pm recipient local time).
  • You must maintain and honour an internal Do Not Call list.
  • You must provide a clear opt-out mechanism during calls.

RingDesk AI provides configurable calling hours and opt-out detection features to assist with TCPA compliance. You are responsible for obtaining and documenting consent.

4. Telemarketing Compliance — PECR (UK)

For UK outbound calls, the Privacy and Electronic Communications Regulations (PECR) apply. You must:

  • Not call numbers registered with the Telephone Preference Service (TPS) without consent.
  • Identify yourself clearly at the start of each call.
  • Provide a valid contact number or address if requested.

RingDesk AI supports TPS suppression list integration — contact support@ringdesk.net to configure this.

5. Call Recording Laws

Call recording laws vary significantly. RingDesk AI enables call recording by default and plays a brief notification to callers in jurisdictions where this is required. You are responsible for additional compliance steps in your jurisdiction:

  • UK: One-party consent generally applies; GDPR governs how recordings are stored and used.
  • EU: GDPR requires a lawful basis for recording; inform callers before recording.
  • USA: Federal law requires one-party consent; 11 states require all-party consent (CA, CT, FL, IL, MD, MA, MI, MT, NV, NH, OR, PA, WA).
  • Australia: Varies by state; most require one-party consent.

You can disable call recording from your dashboard if required by your jurisdiction or sector.

6. Healthcare — HIPAA Considerations

RingDesk AI is used by healthcare providers (dental, medical, therapy practices). However, RingDesk AI is not currently a HIPAA-covered entity and does not sign Business Associate Agreements (BAAs) as a standard offering.

If you are a HIPAA-covered entity and intend to use RingDesk AI to handle calls involving Protected Health Information (PHI), please contact legal@ringdesk.net to discuss our enterprise compliance options. In the interim, we recommend configuring your account to minimise PHI captured in call transcripts (e.g., not capturing patient names or diagnoses in AI scripts).

7. Financial Services

If you operate in financial services (lending, insurance, mortgage, investment advice), additional regulations may govern your use of automated calling, including FCA rules in the UK and FINRA/SEC rules in the US. You are responsible for ensuring your use of the Service complies with sector-specific regulations.

8. AI Transparency (EU AI Act)

The EU Artificial Intelligence Act (effective 2025–2026) may require businesses using AI systems that interact with consumers to disclose that they are speaking with an AI. RingDesk AI provides a configurable disclosure message at the start of calls. We recommend enabling this for all consumer-facing deployments in the EU.

9. Data Residency Options

  • EU customers: call processing on EU-based servers by default.
  • UK customers: UK or EU servers; customer configurable.
  • US customers: US-based servers.
  • Enterprise: dedicated data residency available — contact sales@ringdesk.net.

10. Certifications and Audits

RingDesk AI currently maintains the following:

  • SOC 2 Type II audit in progress (expected Q3 2026)
  • Annual third-party penetration testing
  • GDPR-compliant data processing documentation

Compliance documentation is available to enterprise customers under NDA. Contact legal@ringdesk.net.

11. Contact Compliance Team

For compliance enquiries, DPA requests, or regulatory questions:
legal@ringdesk.net