Privacy & Compliance
We take your data security seriously. Dhwani Agent is built from the ground up to comply with global data protection regulations.
EU General Data Protection Regulation (GDPR)
Dhwani Agent is engineered to meet the stringent requirements of the European Union's General Data Protection Regulation (Regulation 2016/679). As a 100% on-premise voice AI solution deployed within your KR Groups-validated , we enable your organization to act as the full Controller of all personal data while we function strictly as a Processor under your instructions.
The on-premise architecture fundamentally eliminates the data transfer risks associated with cloud-based AI services. Every voice interaction, transcript, and analytical log remains within your secure perimeter — never crossing borders, never touching third-party servers, and never subject to foreign surveillance laws. This design choice aligns perfectly with the GDPR's emphasis on accountability and data minimization.
Detailed Compliance Framework
1. Lawfulness, Fairness & Transparency (Article 5(1)(a), Article 12-14)
The Dhwani Agent includes pre-configured call scripts and disclosure mechanisms that enable your organization to clearly inform data subjects about the purpose of the call, the identity of the controller, and the fact that the conversation may be recorded or analyzed. These disclosures are auditable and stored locally for regulator inspection.
2. Purpose Limitation (Article 5(1)(b))
The AI models powering Dhwani Agent are strictly constrained to the specific business function they are deployed for — whether customer support, lead generation, or service updates. The on-premise architecture prevents any secondary use of data for model training or unrelated analytics unless explicitly configured and consented to by the data subject.
3. Data Minimization (Article 5(1)(c))
Our conversational AI is designed to request and process only the information strictly necessary for the task. The system automatically redacts or masks sensitive information (such as payment details) that falls outside the defined scope of processing. All data fields are configurable by your compliance team through the KR Groups-secured admin console.
4. Accuracy (Article 5(1)(d))
Dhwani Agent maintains detailed interaction logs that allow data subjects to request corrections to any inaccurate information. The system supports data rectification workflows where authorized personnel can update records directly in the local database, with full audit trails maintained for compliance verification.
5. Storage Limitation (Article 5(1)(e))
The platform includes configurable retention policies that automatically delete or anonymize personal data after a defined period (e.g., 30 days, 6 months, or as per your data protection policy). These deletion routines run locally and are irreversible, ensuring compliance with the right to erasure without manual intervention.
6. Integrity & Confidentiality (Article 5(1)(f), Article 32)
Dhwani Agent implements state-of-the-art security controls: full-disk encryption with customer-managed keys, TLS 1.3 for any external communication, role-based access control integrated with your existing IAM (LDAP/SAML), and comprehensive logging of all administrative actions. The KR Groups validation process includes penetration testing and vulnerability assessments specific to your deployment environment.
7. Controller & Processor Obligations (Articles 24, 28)
Your organization acts as the Data Controller, determining the purposes and means of processing. Dhwani Agent operates strictly on your documented instructions. The underlying software is designed to prevent any unauthorized access by the technology provider — no backdoors, no telemetry, no remote access without explicit, audited, and temporary authorization granted by your administrators.
Data Subject Rights (Articles 15-22)
The Dhwani Agent dashboard empowers your Data Protection Officer and authorized personnel to fulfill data subject requests directly:
- Right of Access: Generate comprehensive reports of all data held about a specific individual directly from the local database.
- Right to Rectification: Edit inaccurate personal information with full version history maintained.
- Right to Erasure (Right to be Forgotten): One-click permanent deletion of all call logs, transcripts, and associated metadata.
- Right to Restriction: Temporarily flag and suppress processing of specific records pending dispute resolution.
- Right to Data Portability: Export interaction data in structured, machine-readable formats (JSON, XML, CSV).
- Right to Object: Maintain suppression lists to prevent future calls to individuals who have objected.
All data subject request tools operate entirely within your on-premise environment — no external APIs, no data leaving your control.
Cross-Border Data Transfers (Chapter V)
Because Dhwani Agent is deployed on-premise within your chosen jurisdiction, there are no cross-border data transfers of personal data. The solution eliminates reliance on adequacy decisions, Standard Contractual Clauses, or Binding Corporate Rules for the AI processing component. For organizations operating in the EU, the device can be physically located within EU borders, ensuring full compliance with Schrems II considerations.