Privacy & Compliance
HMS Sovereign provides Recording Consent (DTMF opt-in) and GDPR Mode for privacy-conscious deployments.
HMS Sovereign provides two complementary features for privacy-conscious deployments: Recording Consent (DTMF opt-in) and GDPR Mode. These can be used independently or together.
Recording Consent (DTMF Opt-In)
Recording consent is a pre-call flow that requires callers to actively agree before any recording or AI processing begins. It is designed for use cases where explicit consent is required by law or policy.
How It Works
When enabled on an assistant, the following happens at the start of every inbound call:
- The caller hears a spoken consent message (synthesized by your assistant's TTS provider)
- Press 1 — caller agrees. Recording starts and the AI assistant begins the conversation.
- Press 2 — caller declines. The call ends immediately.
- No response within 10 seconds — the message is repeated once. If still no response, the call ends.
What Happens Before Consent
No audio is sent to any STT provider, no LLM is invoked, and no recording starts until the caller presses 1. The only external action before consent is the TTS synthesis of the consent message itself.
| Action | Before pressing 1 | After pressing 1 |
|---|---|---|
| Audio sent to STT provider | ❌ | ✅ |
| LLM invoked | ❌ | ✅ |
| Recording started | ❌ | ✅ |
| Call stored in dashboard | ✅ (status only) | ✅ (full data) |
| TTS used for consent message | ✅ | ✅ |
Configuration
Add recording_consent to your assistant configuration:
{
"recording_consent": {
"enabled": true,
"message": "This call may be recorded and processed by an AI assistant. Press 1 to agree, or press 2 to hang up."
}
}Via API:
curl -X PATCH https://api.hmsovereign.com/api/v1/assistants/{id} \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"recording_consent": {
"enabled": true,
"message": "This call may be recorded and processed by an AI assistant. Press 1 to agree, or press 2 to hang up."
}
}'Fields
| Field | Type | Required | Description |
|---|---|---|---|
enabled | boolean | Yes | Activates the consent flow |
message | string | Yes | The text spoken to the caller. Use the language of your callers. |
Notes
- The consent message is spoken by your assistant's configured TTS provider — the same voice used during the conversation
- If the caller hangs up before pressing anything, the call is logged as ended. Basic metadata (timestamp, duration, phone numbers) is stored for billing purposes, but no conversation content is recorded or stored.
- This feature applies to inbound phone calls only. Web calls skip the consent flow.
- DTMF detection uses the standard telephone keypad signals. No voice recognition is involved.
GDPR Mode
GDPR mode is a per-assistant setting that disables storage of conversation content. When enabled, calls are processed normally — the AI speaks, the caller responds — but no transcript, recording, or summary is stored anywhere.
What GDPR Mode Disables
| Data | GDPR mode off (default) | GDPR mode on |
|---|---|---|
| Call recording (audio file) | ✅ Stored | ❌ Not recorded |
| Transcript | ✅ Stored | ❌ Not stored |
| Call summary | ✅ Stored | ❌ Not generated |
| Conversation history (messages) | ✅ Stored | ❌ Not stored |
| Webhook: transcript | ✅ Included | ❌ Omitted |
| Webhook: recording URL | ✅ Included | ❌ Omitted |
| Webhook: summary | ✅ Included | ❌ Omitted |
| Call record (metadata) | ✅ Stored | ✅ Stored (no content) |
| Usage & billing | ✅ Tracked | ✅ Tracked |
| Duration | ✅ Stored | ✅ Stored |
Call metadata (duration, timestamp, phone numbers, end reason) is always stored for billing purposes. Only the content of the conversation is omitted.
Webhook Behavior in GDPR Mode
The end-of-call-report webhook is still sent, but with a minimal payload. The transcript, summary, messages, and recording_url fields are excluded. A gdpr_mode: true flag is included so your webhook handler can identify these calls.
{
"message": {
"type": "end-of-call-report",
"gdpr_mode": true,
"call": {
"id": "...",
"duration": 42,
"ended_reason": "user_hangup"
}
}
}Configuration
Enable GDPR mode on an assistant:
{
"gdpr_mode": true
}Via API:
curl -X PATCH https://api.hmsovereign.com/api/v1/assistants/{id} \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"gdpr_mode": true}'GDPR mode can also be applied dynamically per call via the assistant-request webhook response, allowing you to enable it based on the caller's number or other context.
Using Both Together
Recording consent and GDPR mode complement each other and can be enabled simultaneously:
- Recording consent ensures the caller actively agrees before any processing begins
- GDPR mode ensures no conversation content is stored after the call
This combination is suitable for scenarios where you need to demonstrate consent was requested but do not want to retain any call content — for example, informational hotlines, internal tooling, or deployments in jurisdictions with strict data minimization requirements.
{
"recording_consent": {
"enabled": true,
"message": "This call is processed by an AI assistant. No recording will be stored. Press 1 to continue, or press 2 to hang up."
},
"gdpr_mode": true
}**Tip: ** When combining both features, you may want to update your consent message to reflect that no recording is stored — as shown in the example above.
Comparison
| Feature | Recording Consent | GDPR Mode |
|---|---|---|
| Requires caller action | ✅ Yes (press 1) | ❌ No |
| Prevents data processing before agreement | ✅ Yes | ❌ No |
| Disables recording storage | ❌ No | ✅ Yes |
| Disables transcript storage | ❌ No | ✅ Yes |
| Disables summary generation | ❌ No | ✅ Yes |
| Affects webhook payload | ❌ No | ✅ Yes |
| Applies to web calls | ❌ No (phone only) | ✅ Yes |
| Configurable per assistant | ✅ Yes | ✅ Yes |
| Overridable per call (assistant-request) | ❌ No | ✅ Yes |
Related Documentation
- EU Data Sovereignty — Infrastructure and provider data residency
- Assistant Configuration — Full API reference for assistant settings
- Webhooks — Webhook events and payloads including GDPR mode behavior
Autonomous Silence Handling
Intelligently detect and respond to prolonged silence during calls, preventing calls from hanging indefinitely.
AI Generation
AI-powered generation tools that help you configure voice assistants faster by turning natural-language descriptions into production-ready configurations.