Legal
Regulatory Compliance
GeoQuote.ai uses AI to make automated phone calls on behalf of contractors to schedule appointments. We take legal compliance seriously. This page details every regulation we follow and exactly how we meet each requirement.
11 Regulations Covered
We comply with TCPA, FCC AI Disclosure, CRTC, CASL, PIPEDA, GDPR, CCPA/CPRA, PCI DSS, FTC Act, Call Recording Laws, and 12 state-level telemarketing restrictions. Every safeguard is enforced programmatically — not just by policy, but in code.
When Will the AI Call?
- Timing: The AI assistant calls within minutes of you submitting the estimate request, during permitted calling hours
- US calling hours: 8:00 AM – 9:00 PM your local time (some states end earlier — see State-Level section below)
- Canada calling hours: Mon–Fri 9:00 AM – 9:30 PM, Sat–Sun 10:00 AM – 6:00 PM your local time
- Outside hours? If you submit a request outside calling hours, the AI will call you at the next permitted window
- What to expect: The AI will identify itself, mention the contractor name, and ask if now is a good time to schedule your free on-site estimate
- No answer? If you don't answer, the AI may leave a voicemail and send a follow-up SMS with a link to self-schedule
- Opt out: Say "stop" during the call, or reply STOP to any text message — you will not be contacted again
🇺🇸 TCPA — Telephone Consumer Protection Act
✓ CompliantUnited States (Federal)
What is it?
The TCPA (47 USC § 227) regulates telemarketing calls, autodialed calls, prerecorded messages, and text messages. It requires express written consent before making automated calls, restricts calling hours, and mandates honoring do-not-call requests.
How GeoQuote.ai Complies
- Express written consent captured via widget checkbox before any call is placed — includes autodialed/prerecorded disclosure, revocation right, and "not a condition of purchase" language
- Consent timestamp, text, user agent, and page URL recorded for audit trail
- Calling hours enforced: 8:00 AM – 9:00 PM local time (recipient's timezone)
- 12 state-level overrides enforced for stricter states (FL, TX, PA, MA, ME, OR, IN, OK, MS, VA, WA, WI)
- Internal Do-Not-Call list maintained — opt-out requests honored immediately
- Real-time opt-out detection during calls via 8 keyword triggers (stop, quit, cancel, don't call, do not call, take me off, remove me, unsubscribe)
- All SMS messages include "Reply STOP to opt out" language
- AI assistant identifies itself at the start of every call
🇺🇸 FCC AI Disclosure Rule (2024)
✓ CompliantUnited States (Federal)
What is it?
The FCC's 2024 ruling classifies AI-generated voice as "artificial" under the TCPA. All calls using AI-generated speech must disclose that the caller is AI at the start of the conversation.
How GeoQuote.ai Complies
- Every call begins with: "Hi [name], this is Raya from [contractor]. I'm an AI scheduling assistant."
- The AI identification is part of the welcome greeting and cannot be skipped
- The disclosure happens within the first sentence of the call
🇨🇦 CRTC — Canadian Radio-television and Telecommunications Commission
✓ CompliantCanada (Federal)
What is it?
The CRTC regulates telemarketing in Canada through the Unsolicited Telecommunications Rules and the National Do Not Call List (DNCL). It sets strict calling hour windows that differ for weekdays and weekends.
How GeoQuote.ai Complies
- Calling hours enforced: Mon–Fri 9:00 AM – 9:30 PM, Sat–Sun 10:00 AM – 6:00 PM (recipient's local time)
- Canadian phone numbers identified via area code lookup (complete list of 50+ Canadian area codes)
- AI assistant identifies caller name, company name, and purpose at the start of every call
- Immediate opt-out honored — phone number added to internal DNC list
- Consent captured before calling, with clear disclosure of automated nature
🇨🇦 CASL — Canada's Anti-Spam Legislation
✓ CompliantCanada (Federal)
What is it?
CASL regulates commercial electronic messages (emails, SMS). It requires express or implied consent before sending commercial messages and mandates an unsubscribe mechanism in every message.
How GeoQuote.ai Complies
- Newsletter opt-in checkbox is unchecked by default — user must actively opt in
- Every SMS includes "Reply STOP to opt out" text
- Sender identification included in all messages (contractor name and contact info)
- Unsubscribe mechanism works instantly — STOP keyword triggers immediate removal
- Transactional messages (appointment confirmations) are clearly service-related, not promotional
🇨🇦 PIPEDA — Personal Information Protection and Electronic Documents Act
✓ CompliantCanada (Federal)
What is it?
PIPEDA governs how private-sector organizations collect, use, and disclose personal information in the course of commercial activities. It requires meaningful consent, limits data collection to what's necessary, and gives individuals the right to access and correct their data.
How GeoQuote.ai Complies
- Privacy Policy published at geoquote.ai/privacy — details all data collected including AI calling data, call recordings, and voice transcriptions
- Consent obtained before data collection via widget checkbox with clear disclosure
- Data collection limited to what's necessary: name, email, phone, address, and call metadata
- Third-party services disclosed: Google Cloud, Gemini AI, Twilio, Firebase, Stripe, Resend, Vercel
- Individual rights supported: access, correction, deletion requests honored via support@geoquote.ai
- Data retention policy: 90 days after account cancellation, then permanent deletion
- Do-Not-Call list and consent records maintained for compliance auditing
🇪🇺 GDPR — General Data Protection Regulation
✓ CompliantEuropean Union
What is it?
The GDPR is the EU's comprehensive data protection regulation. It requires lawful basis for processing, data minimization, transparency, and gives individuals extensive rights over their personal data.
How GeoQuote.ai Complies
- Lawful basis: consent (checkbox + clear disclosure before data collection)
- Cookie consent banner with Google Analytics opt-in/opt-out — default is denied until user accepts
- Privacy Policy details all data processing activities, third-party services, and retention periods
- Individual rights: access, rectification, erasure, restriction, portability, and withdrawal of consent
- Data minimization: only necessary data collected for the stated purpose
- Third-party processors disclosed with their specific purposes
- Contact point for data requests: support@geoquote.ai
🇺🇸 CCPA / CPRA — California Consumer Privacy Act
✓ CompliantCalifornia, United States
What is it?
The CCPA (enhanced by CPRA) gives California consumers the right to know what personal information is collected, the right to delete it, and the right to opt out of its sale. It applies to businesses that collect personal information from California residents.
How GeoQuote.ai Complies
- Privacy Policy discloses all categories of personal information collected
- We do NOT sell personal information to third parties — explicitly stated in Privacy Policy
- Consumer data shared only with the contractor whose widget captured it
- Right to deletion supported via support@geoquote.ai
- Right to know: consumers can request a copy of their data
- Cookie consent banner provides opt-out for analytics tracking
💳 PCI DSS — Payment Card Industry Data Security Standard
✓ CompliantGlobal
What is it?
PCI DSS is a set of security standards for organizations that handle credit card information. It requires secure storage, transmission, and processing of cardholder data.
How GeoQuote.ai Complies
- All payment processing handled by Stripe — PCI DSS Level 1 certified (highest level)
- GeoQuote never stores, processes, or transmits credit card numbers
- Stripe handles checkout, subscription management, and billing portal
- No credit card data touches our servers at any point
🎙️ Call Recording Laws (One-Party / Two-Party Consent)
✓ CompliantUnited States & Canada (varies by state/province)
What is it?
Several states and provinces require all-party consent before recording a telephone conversation. In one-party consent jurisdictions, only one party needs to consent. In two-party (all-party) states like California, all parties must be informed.
How GeoQuote.ai Complies
- Every call begins with the disclosure: "This call may be recorded for quality assurance"
- The recording notice is part of the mandatory welcome greeting — it cannot be skipped
- By continuing the call after the disclosure, the homeowner provides implied consent
- The disclosure is given before any substantive conversation begins
🇺🇸 FTC Act — Federal Trade Commission Act (Section 5)
✓ CompliantUnited States (Federal)
What is it?
Section 5 of the FTC Act prohibits unfair or deceptive acts or practices in commerce. For AI calling, this means the AI must not impersonate a human and must provide honest information.
How GeoQuote.ai Complies
- AI identifies itself as an AI assistant in the first sentence of every call
- Contractor name and purpose are clearly stated: scheduling a free estimate
- No misleading claims — estimates are clearly labeled as approximate
- Widget consent text is transparent about the automated nature of calls
- Privacy Policy and Terms of Service are linked from the consent checkbox
🏛️ State-Level Telemarketing Restrictions
✓ CompliantUnited States (12 States)
What is it?
Many US states have calling hour restrictions that are stricter than the federal TCPA. Our system enforces the most restrictive applicable rule for each call based on the recipient's area code.
How GeoQuote.ai Complies
- Florida, Indiana, Massachusetts, Mississippi, Oklahoma: 8:00 AM – 8:00 PM
- Maine: 9:00 AM – 5:00 PM
- Oregon, Pennsylvania, Texas: 9:00 AM – 9:00 PM
- Virginia, Washington, Wisconsin: 8:00 AM – 9:00 PM
- State detected automatically from phone area code before each call
- State-level restriction applied first if stricter than federal TCPA
Have a legal question or need a Data Processing Agreement?
Contact Legal TeamLast updated: March 12, 2026