When you decide to become a reseller of Callin.io in the United States, you are not just offering technology β you are also assuming responsibilities under U.S. and state privacy and recording laws. AI voice agents process personal data such as voice recordings and conversations. Even though the servers (LLMs) are hosted in the U.S., which simplifies some cross-border concerns, you still must comply with federal and state laws about notice, consent, voice data (and possibly biometric laws), and recording.
Imagine a hotel in the U.S. that chooses to use your branded AI receptionist to manage calls. The hotel does not contract directly with Callin.io but with you, the reseller. In this setup:
- Callin.io acts as the processor, hosting the servers, providing the AI models, and securing the technical environment.
- You, as the reseller, become the controller in front of the hotels β you sign the contract, ensure compliance, and provide guidance on legal requirements.
- The hotel is also a controller toward its callers (guests and non-guests), since it decides to use the AI receptionist in its daily operations.
This framework applies not only to hotel guests but also to non-guests β such as suppliers, business partners, or external prospects. Under U.S. law, every caller is a data subject, and their voice recordings are personal data (and sometimes sensitive, depending on the use). That means many obligations apply regardless of who is speaking.
Key Legal Requirements & Examples
Because the servers are in the U.S., there is no international data transfer issue under most U.S. privacy laws. Still, you must follow strict requirements:
- Privacy Policy β Callin.io states clearly how call data is collected, stored, and used, and resellers should reflect this in their own contracts.
- HIPAA-compliant virtual receptionist AI β for healthcare use cases, special safeguards apply.
- Biometric information β Illinois requires explicit consent under its Biometric Information Privacy Act (BIPA). Washington State has similar laws.
- Consent to recording β in most states, only one party needs to consent. However, 13 states require all-party consent (also known as two-party consent):
- California
- Connecticut
- Delaware
- Florida
- Illinois
- Maryland
- Massachusetts
- Michigan
- Montana
- Nevada
- New Hampshire
- Pennsylvania
- Washington
- Colorado privacy law β expands rules on biometric identifiers.
Practical Compliance Toolkit & Core Documents for U.S.
Contractual Clause (Reseller β Hotel)
Data Processing and Compliance
The Reseller acknowledges that Callin.io acts as a Data Processor and that the Hotel acts as a Data Controller with respect to all personal data collected during the use of the AI voice agent. The Hotel shall ensure that all callers (guests and non-guests) are informed that their calls may be handled by an AI system and that voice data may be recorded. The Hotel shall obtain express or implied consent as required under applicable state laws, particularly in states requiring all-party consent, or where voice/biometric data is involved. The Hotel shall implement appropriate data retention policies (not exceeding 60 days unless otherwise required by law or contract) and shall facilitate the exercise of caller rights including access, correction, and deletion. The Reseller will provide the Hotel with privacy notices, disclaimers, and other compliance materials to support these obligations.
Privacy Notice (Hotel β Callers)
Privacy Notice β AI Receptionist Service
This hotel uses an AI-powered receptionist system to manage incoming and outgoing calls. Your call may be handled by this system and, when necessary, recorded to assist with bookings, inquiries, or customer service.
Your voice and related personal data will be processed securely in servers located in the U.S. only. The data will only be used for legitimate business purposes and will not be shared for unrelated uses.
You have the right to request a copy of any recording, ask for corrections, or request deletion at any time. Contact [Hotel Contact / Data Protection Officer email] to exercise these rights.
We apply strict retention policies and delete or anonymize call recordings after a maximum of 60 days unless required longer by law or contract.
Call Disclaimer (to be played at the beginning of calls)
βThis call may be handled by our AI receptionist system and may be recorded. Your data will be processed securely within the United States in compliance with applicable state and federal laws. If you do not consent, please let us know.β
Compliance as a Competitive Advantage
Compliance isnβt just about avoiding legal risk β it builds trust. Hotels in the U.S. worry about liability. If you as a reseller offer not just technology but also a full compliance package (contracts, privacy notices, disclaimers, retention policies), you reduce that concern and increase your credibility.
For more insights, see our article on conversational AI risks.
Vincenzo Piccolo specializes in AI solutions for business growth. At Callin.io, he enables businesses to optimize operations and enhance customer engagement using advanced AI tools. His expertise focuses on integrating AI-driven voice assistants that streamline processes and improve efficiency.
Vincenzo Piccolo
Chief Executive Officer and Co Founder
