Sage Voice compliance — 11 gates × 4 verticals

Kill-shot — compliance is not proprietary IP

This is the buy-vs-build decision, not a regulatory perimeter.

Every gate on this page is publicly cited to NAIC model regulations, the CFR, FCC rulemakings, or state insurance code. Any competent engineering team plus four counsel engagements can reproduce the same gate map. We did not invent NAIC Model Bulletin 30 or 45 CFR § 164.514(b)(2); we operationalized them. The IP is the integration, the prompt library, the audit-chain wiring, and the bilingual authorship — not the regulations themselves.

The value is in the time-to-market arbitrage. A self-build is 6-12 months per vertical plus counsel engagements at $40-80k each. Sage Voice shipped all four verticals already. If you have a 36-month build cycle and a procurement queue, the buy-vs-build math favors Sage Voice. If you are Progressive with an internal AI team already mid-build, the math probably does not — and that is the population we are not pitching to.

What this means for counsel review. Tenant counsel should review the Sage Voice gate map as a starting point against the tenant's existing E&O posture, BAA chain, and SOC 2 program — not as a substitute for the substantive compliance program. Sage Voice is infrastructure, not a license.

Matrix

11 gates × 4 verticals.

Compliance gate	Insurance	Healthcare	Financial	Government
AI disclosure + acknowledgement	●	●	●	●
Identity + license verification	●	◐	●	◐
Suitability / Best Interest capture	●	—	●	—
Replacement disclosure	●	—	—	—
FCRA / ECOA notice	●	—	●	—
HIPAA Safe Harbor redaction	—	●	—	◐
BAA-gated provider routing	—	●	—	—
BSA/AML CIP capture	—	—	●	—
OFAC sanctions screening	—	—	●	—
TCPA pre-call consent	●	●	●	●
Two-party recording consent	●	●	●	●
State records-act retention	◐	◐	◐	●
Section 508 accessibility	◐	◐	◐	●
Hash-chained audit log	●	●	●	●
At-rest encryption (AES-GCM 256)	●	●	●	●

● enforced · ◐ available · — not applicable

Vertical detail

Insurance — 11 gates.

Gate 1 Producer + agency license per state. Sage Voice routes only to states where the tenant has declared producer + agency license. Calls that would bind outside licensed states are rejected at the API. NAIC Producer Licensing Model Act #218; state Insurance Code.
Gate 2 Carrier appointment per (product × state). The recommendation pipeline reads the tenant's carrier-appointment matrix and refuses to recommend a carrier the tenant is not appointed for in the consumer's state of solicitation. Carrier producer agreement; state appointment filings.
Gate 3 NAIC Best Interest documentation. Model #275 § 6.A.1 consumer-profile fields captured before any recommendation. Validation blocks the recommendation event if fields are missing. NAIC Suitability in Annuity Transactions Model Regulation #275; NY 11 NYCRR 224 (Reg 187); IA 191—15.69; FL § 627.4554.
Gate 4 AI disclosure delivery + acknowledgement. Federal NAIC Model Bulletin baseline + state add-ons (CO, NY, CA, UT) resolved per call. Disclosure text + acknowledgement timestamp persisted in audit log. NAIC Model Bulletin on the Use of AI Systems by Insurers (Dec 2023); CO C.R.S. § 10-3-1104.9 + 3 CCR 702-10 Reg 10-1-1; NY DFS Insurance Circular Letter No. 7 (2024); CA SB 1001; UT S.B. 149 (2024).
Gate 5 Replacement disclosure (life only). When the consumer reports existing life insurance, the assistant captures each policy + proposed action + reason and reads the state-specific replacement notice if proposed action is replace or surrender. NAIC Life Insurance and Annuities Replacement Model Regulation #613.
Gate 6 MIB + Rx consent (life only). Scripted authorization captured before any MIB or Rx pull. Audit log records consent + timestamp. FCRA 15 USC § 1681; MIB Group authorization standards.
Gate 7 TCPA + two-party recording consent. Pre-call check verifies prior express written consent for outbound AI voice (FCC 23-107 one-to-one consent). Recording-consent script triggered in two-party-consent states. TCPA 47 USC § 227; 47 CFR § 64.1200(a); FCC 23-107 (Dec 2023); state wiretap statutes.
Gate 8 Anti-rebating. Commission disclosure script delivered before any specific carrier recommendation; tenants own their compensation tier structure. CA Ins Code § 750; NY Ins Law § 2324; FL § 626.572.
Gate 9 State producer-compensation disclosure. Where state requires (e.g., NY 11 NYCRR 30, IL ICC), additional disclosure script injected into the system prompt. NY 11 NYCRR 30; state-specific producer-compensation rules.
Gate 10 Carrier supervisory framework. Every audit event is attributed to a supervisory chain — writing-agency principal → producer of record → assistant. Carrier supervisory provisions in producer agreement.
Gate 11 Record retention (5–7 yr, state-dependent). Audit log entries immutable. Transcripts encrypted at rest in R2 with per-tenant key derivation. Lifecycle policy configured per tenant's state. State Insurance Code recordkeeping; carrier supervisory expectations; NAIC Market Conduct Examination standards.

Vertical detail

Healthcare.

BAA chain — Sage Voice + downstream providers. Tenant signs BAA with Sage Voice. Sage Voice maintains BAAs with downstream providers (Retell, Vapi, OpenAI, Anthropic, ElevenLabs, Cloudflare). Healthcare-vertical calls refuse to route to providers outside the tenant's declared BAA list. 45 CFR § 164.504(e).
PHI Safe Harbor redaction on audit entries. All 18 identifier categories handled by a conservative regex pass before any audit entry is persisted. Healthcare-vertical entries with redacted=false are rejected at the Durable Object. 45 CFR § 164.514(b)(2).
Minimum necessary standard. Prompt library scopes intake to general chief complaint and duration only; diagnosis codes, lab results, imaging, and psychotherapy notes are excluded. 45 CFR § 164.502(b).
Notice of Privacy Practices delivery. Scripted at call start with text/email delivery confirmation captured. 45 CFR § 164.520.
HIPAA authorization for non-treatment disclosures. Structured capture aligned to § 164.508 elements. 45 CFR § 164.508.
Audit controls. Immutable hash-chained audit log with HMAC signing per entry; integrity verifiable via GET /api/v1/audit/verify. 45 CFR § 164.312(b).
Six-year retention. R2 lifecycle policy + Durable Object retention configured for 6+ years by default. 45 CFR § 164.530(j).
California AB 3030. AI disclosure scripted on calls placed to or from California numbers. Cal. Health & Safety Code § 1339.75.

Vertical detail

Financial.

CIP / KYC capture. Structured customer-identification fields persisted in the tenant's KYC store with audit-log linkage. SSN captured via DTMF, never voice. 31 CFR § 1020.220 (banks); § 1023.220 (broker-dealers); FINRA Rule 2090.
OFAC screening. Pre-funding screening hook with silent escalation on hit (the assistant does not reveal screening outcome to the customer). 31 CFR Part 501.
FCRA / ECOA notice. Scripted before any credit pull; acknowledgement captured in audit log. 15 USC § 1681; 12 CFR Part 1002 (Reg B).
Reg E disclosure summary. Delivered on EFT enrollment; full Reg E disclosures mailed/emailed via tenant's downstream pipeline. 12 CFR Part 1005.
Reg BI + Form CRS. Broker-dealer suitability capture; Form CRS link delivery and receipt confirmation in audit log. 17 CFR § 240.15l-1; § 240.17a-14.
GLBA Privacy. Privacy notice delivery confirmable per tenant's GLBA program. 15 USC § 6801; 16 CFR Part 313 (Reg P).
PCI DSS scope-out via DTMF. Cardholder data never enters Worker memory in plaintext; DTMF channel is P2PE. PCI DSS v4.0.

Vertical detail

Government.

Section 508 accessibility. TTY/relay friendly; transcripts available; opt-out to human channel always one phrase away. 29 USC § 794d.
Privacy Act of 1974. For federal agency tenants: SORN reference + routine-use disclosure in script. 5 USC § 552a.
State records-act retention. Configurable retention per state — CA Public Records Act (Gov. Code § 7920 et seq.) 5y, TX Public Information Act 5y, CO Open Records Act 3y, NY FOIL 6y.
State privacy law overlays. CA CPRA, CO CPA, VA VCDPA, CT CTDPA, UT UCPA, TX DPSA — voice recording = personal information, right to delete supported for non-statutorily-retained records.
NIST SP 800-53 Rev 5 / FedRAMP path. Tenant ATO process supported via SSP boilerplate + control-mapping artifacts. NIST SP 800-53 Rev 5.

Architecture

The audit-log primitive.

Every Sage Voice call produces an immutable audit log: per-tenant Cloudflare Durable Object, SQLite-backed, append-only. Each entry is hash-chained to the previous (SHA-256 of canonical JSON) and HMAC-signed with a per-tenant signing key. Chain integrity is verifiable with a single API call. Compatible with OpenTimestamps anchoring for external cryptographic timestamp.

Healthcare entries pass through HIPAA Safe Harbor redaction before persistence. Healthcare entries with redacted=false are rejected at the Durable Object layer — there is no path to a healthcare audit entry containing PHI.

Architectural note: the audit log is the system of record; the transcript R2 store is a downstream cache. If the transcript bucket is lost, the audit chain remains intact and discoverable.

Boundaries

What Sage Voice does NOT do.

Make legal compliance decisions for the tenant. Tenants engage regulatory counsel.
Sign the BAA on the tenant's behalf with downstream providers.
Promise that delivery of a disclosure equals affirmative defense. The audit log is necessary but not sufficient.
Bypass the licensed-producer / licensed-clinician / licensed-banker handoff. Every recommendation is human-reviewed.

Sage Voice provides compliance infrastructure. Tenants are responsible for engaging insurance regulatory counsel (Stradley Ronon, Locke Lord, Faegre Drinker, Foley & Lardner, McDermott Will & Emery), signing BAAs for healthcare, completing SOC 2 audits where applicable, and maintaining the substantive compliance program.