Compliance at Lead Friendly
Lead Friendly is built around the TCPA, FCC AI-voice rules, 10DLC, and DNC requirements from the ground up. The platform enforces consent, AI-voice disclosure, DNC scrub, opt-out, quiet hours, and recording-consent rules at the gate before any call or message leaves the system.
This page is a plain-language summary. Binding terms are in our Acceptable Use Policy and Terms of Service. You are responsible for your own consent posture and the legality of the campaigns you run. We're responsible for the platform-level guardrails that ensure every outbound communication meets the applicable consent and disclosure rules.
What we enforce at the platform layer
- Artificial-voice disclosure — automatically injected into every AI voice agent prompt.
- National & internal DNC scrub — checked per send, refreshed at least every 31 days.
- Per-contact opt-out ledger — STOP keywords + email unsubscribe both write here. Future sends are blocked.
- 10DLC / TCR registration — required before US local-number SMS at production scale.
- TCPA quiet hours — 8am-9pm local recipient time by default, with state-specific overrides.
- Number-health quarantine — outbound numbers showing carrier-block patterns are automatically rotated out.
- Hiya / FCR caller-ID registration — reduces “Spam Likely” labelling.
- Two-party recording disclosure — opt-in per organization; required for two-party-consent jurisdictions.
Frequently asked questions
Is AI-generated voice calling legal in the United States?
Yes, with conditions. The FCC's February 2024 declaratory ruling treats AI-generated voice calls as "artificial or prerecorded voice" calls under the TCPA. That means prior express written consent (PEWC) is required for marketing calls to wireless or residential numbers, and an artificial-voice disclosure must be made at the start of the call. Lead Friendly's AI agents are configured to make that disclosure automatically.
Do you support 10DLC registration for SMS?
Yes. US local-number SMS goes through The Campaign Registry (TCR) via our Telnyx integration. You register your brand and use case once; the platform handles campaign assignment and routing. Unregistered traffic gets carrier-filtered with error 40010 — we will not let you send unregistered local-number SMS at production scale.
How do you handle DNC (Do Not Call) compliance?
Outbound voice and SMS go through a unified compliance guard before each send. The guard blocks any contact flagged do-not-call on their record or in the per-contact opt-out ledger, and every block is written to the compliance audit log. Scrubbing your lists against the National Do Not Call Registry is your responsibility — Lead Friendly does not perform DNC Registry scrubbing on your behalf. Before a marketing automation can be activated, an authorized user must affirmatively attest that the list has been scrubbed against the DNC Registry within the last 31 days and/or that you hold the required prior express written consent; that attestation is recorded.
How does opt-out work?
Inbound STOP keywords on SMS automatically write to the messaging_opt_outs table for that contact + channel. The contact is immediately blocked from further outbound on that channel; subsequent sends are dropped at the guard with a "skipped_compliance" reason. After an opt-out is recorded we send a single STOP confirmation SMS, and inbound HELP or INFO is auto-answered with the brand name, a support contact, and the standard rates disclosure (CTIA). Email unsubscribe links use HMAC-signed tokens (with a one-click List-Unsubscribe header) and write to the same opt-out ledger; every commercial email also carries a physical postal address as required by CAN-SPAM.
Do you handle two-party-consent call recording states?
Yes. AI calls: a recording-consent statement is included in the AI agent's mandatory first-turn disclosure for two-party-consent jurisdictions. Human rep calls: in two-party-consent or unknown-jurisdiction states, recording is automatically disabled unless a deterministic recording announcement is wired — the call still proceeds, it is simply not recorded. We do not record by default in those states absent that disclosure.
Are calls compliant with the FCC AI disclosure requirement?
Yes. Every AI voice agent prompt template includes the artificial-voice disclosure as required by 47 CFR § 64.1200(b). The disclosure plays at call start, before any sales messaging. There is no toggle to disable this — it is a hard product requirement.
What about quiet hours?
The outbound SMS and voice guards enforce TCPA-compliant quiet hours by default (8am-9pm in the recipient's local time, derived from the destination NPA-NXX). State-specific stricter windows (e.g. Florida 8am-8pm) can be configured per organization.
How is caller-ID spam-labeling handled?
Lead Friendly integrates with Hiya for caller-ID registration and supports Free Caller Registry (FCR) submission. Phone numbers acquired through the platform can be registered to your brand to reduce the risk of "Spam Likely" labeling. We track per-number health, automatically quarantine numbers that show carrier-block patterns, and rotate outbound traffic across healthy numbers.
Do you store HIPAA-protected data?
No. The platform is not HIPAA-eligible today and the AUP prohibits using it to transmit Protected Health Information (PHI). Healthcare use cases that don't touch PHI (general appointment reminders for non-medical services, for example) are fine.
What about international calling rules?
Today the platform is optimized for US compliance. International outbound is supported but the guards do not yet enforce country-specific rules (e.g. UK Telephone Preference Service, Canadian CRTC, EU GDPR ePrivacy). Customers running international campaigns are responsible for their own compliance posture in those jurisdictions.
Compliance questions for procurement?
Email security@leadfriendly.com for our latest compliance questionnaire response or DPA. Counsel-to-counsel walkthroughs of the TCPA / 10DLC posture available on request.