Built for Compliance
AnrizVoIP is designed to help businesses operate within the legal and regulatory frameworks that govern communications, data protection, and healthcare worldwide. Here is how we support your compliance obligations.
Compliance Frameworks We Support
From data privacy to healthcare and payment security, AnrizVoIP addresses the regulations that matter most to your business.
General Data Protection Regulation
- Data subject rights: access, correction, deletion, and portability
- Lawful basis for processing clearly documented
- Data minimisation by default on all collection forms
- Breach notification within 72 hours as required
- Data Processing Agreement (DPA) available on request
- No personal data transferred outside your server without consent
Health Insurance Portability and Accountability Act
- HIPAA-ready infrastructure for healthcare deployments
- AES-256 encryption of Protected Health Information (PHI) at rest
- TLS 1.3 encryption of PHI in transit
- Role-based access controls limiting PHI access by job function
- Comprehensive audit logs for all PHI access and modifications
- Business Associate Agreement (BAA) available on request
Payment Card Industry Data Security Standard
- No cardholder data stored on AnrizVoIP servers
- Payment processing handled exclusively by certified payment processors
- Network segmentation separates call center from payment systems
- Encrypted transmission for any payment-adjacent data
- Quarterly vulnerability scans on payment-related infrastructure
- Access to payment system logs restricted to authorised personnel only
Telephone Consumer Protection Act
- Built-in Do Not Call (DNC) list management for outbound campaigns
- Calling hours enforcement per state and federal regulations
- Consent tracking for marketing and promotional calls
- Automated opt-out handling for SMS and call campaigns
- Call recording disclosure prompts configurable per jurisdiction
- Audit trail for all outbound campaign consent records
Information Security Management System
- Information security policies aligned with ISO 27001 Annex A
- Risk assessment and treatment framework applied to all deployments
- Asset management with classification of data by sensitivity
- Supplier and third-party security assessments conducted
- Internal audit and management review processes in place
- Continual improvement cycle across all security controls
Service Organisation Control 2
- Security, availability, and confidentiality trust service criteria addressed
- Logical and physical access controls documented and enforced
- Change management procedures for all platform updates
- Incident response plan with defined escalation paths
- Monitoring controls for system availability and performance
- Vendor management and third-party risk assessments completed
Shared Responsibility Model
Compliance is a partnership. We build the secure foundation; you operate it within the rules of your industry and jurisdiction.
Your Responsibilities
- Obtain required consents from your customers before making calls or sending messages
- Maintain your own DNC lists and honour opt-out requests promptly
- Ensure your agents comply with applicable telecom laws in your jurisdiction
- Configure call recording disclosures appropriate to your local laws
- Obtain any required telecommunications or call centre licences
- Keep your server infrastructure patched and updated
Our Responsibilities
- Deliver a platform built with security and compliance controls from the ground up
- Provide encryption, access controls, and audit logging as standard features
- Notify you promptly of any security vulnerabilities affecting your platform
- Maintain documentation to support your compliance audits
- Provide Data Processing Agreements and Business Associate Agreements on request
- Apply critical security patches to the platform without delay
1. Data Sovereignty
One of the most important compliance advantages of AnrizVoIP is that your platform runs on your own server infrastructure. This means:
- Your data never leaves your server without your explicit action
- You choose the physical location of your data (country, data centre)
- You maintain full ownership and control of all call records, agent data, and customer information
- AnrizVoIP has no access to your data unless you grant it for support purposes
- Compliance with local data residency laws is achievable by choosing your server location
2. Documentation and Agreements
We provide the legal documentation required to support your compliance audits and regulatory obligations:
- Data Processing Agreement (DPA): Available on request for GDPR-regulated businesses
- Business Associate Agreement (BAA): Available on request for HIPAA-covered entities
- Security Overview: Technical documentation of our security controls
- Penetration Test Reports: Available to enterprise clients under NDA
- Sub-processor List: Full list of any third parties involved in data processing
3. Audit Logs and Reporting
Comprehensive audit logging is built into every AnrizVoIP deployment to support internal reviews and external compliance audits:
- All admin and agent login events logged with timestamp and IP address
- Configuration changes tracked with user attribution
- Call detail records (CDR) retained and exportable for regulatory review
- Recording access logs for HIPAA and legal discovery purposes
- DNC list access and modification history maintained
- Agent activity reports available for workforce compliance monitoring
4. Important Notice
AnrizVoIP provides the technical infrastructure and controls to support compliance, but compliance is ultimately your responsibility as the operator of the platform. You must ensure your use of the platform complies with all applicable laws, regulations, and licensing requirements in your jurisdiction. We strongly recommend consulting a qualified legal or compliance professional for your specific industry and region.
5. Compliance Enquiries
For compliance documentation requests, DPA or BAA signing, audit support, or regulatory questions, contact our compliance team:
Compliance and Legal: legal@anrizvoip.com
Security Questions: security@anrizvoip.com
General Contact: Contact page
Last updated: April 2026
Ready to Meet Your Compliance Obligations?
Our team can walk you through exactly how AnrizVoIP supports your specific regulatory requirements, whether GDPR, HIPAA, PCI-DSS, or beyond.