Trends & opinion · 6 min read
India’s Digital Personal Data Protection Act lands soon. AI calling has obligations. None of them are scary.
DPDPA is the closest thing India has to GDPR. For AI calling, it touches three obligations: consent for the call, data minimisation in stored transcripts, and clear retention/deletion policies. None of this is hard if you architect for it from the start.
Consent: every call should be reachable from an opt-in source. Inbound enquiries (webform, brochure download, WhatsApp) are clean. Rented databases need a documented opt-in trail. DND lists must be respected pre-flight, with HTTP 451 returned on dispatch attempts to a DND number.
PII in stored transcripts is a needless risk. Phone numbers, emails, Aadhaar, PAN — all regex-redactable with high precision. We strip them before transcripts hit the database. The audio is preserved as legal evidence under the retention policy; the transcript is sanitised.
Retention: per-account configurable, default 90 days, with a hard auto-purge job. Customers can configure shorter retention for HIPAA-style use cases. The right answer is: have a written policy, enforce it via code, audit it quarterly. We give you all three out of the box.
Want to see how this works on your business?
Book a 20-min demo →