Compliance

Audit-ready, by design.

GDPR Processor + EU AI Act Provider+Deployer + PECR-aligned. Every disclosure, retention rule, and prospect right is recorded and exportable.

Posture
Compliant
Compliance posture v1.0 · all 12 items in force
Compliance checks · last 30 days
100% fired
across 1,247 calls
DSAR queue
2open
SLA: 30 days · oldest 4 days
Sub-processor changes
1pending
ElevenLabs scope · notice 23d left

Compliance surfaces

five sub-pages · drafted from the wiki
01
Sub-processors
Live register of third parties processing customer data through celliq. Source: data/sub-processors.yaml. Changes auto-trigger 30-day customer notice.
View register →
02
Audit log
Every mutation, by whom, when. Searchable, exportable. Retention 7 years (legal default). Used for DSAR fulfilment + breach investigations.
Open audit log →
03
Prospect rights
DSAR queue — access requests, deletion requests, correction requests. SLA: 30 days. Triggered by prospect, AE, or self-serve subject portal.
Open queue →
04
Retention policies
Default: call audio 30d, transcripts 90d, outcomes 365d. Configurable per data class. Auto-deletion with audit trail. Survives DSAR shortenings.
View policies →
05
Disclosure register
Last-30-days log of every compliance check firing — AI disclosure, recording disclosure, "are you human?" responses, DNC honourings, calling-window holds. Per call, per gate.
View register →

All five surfaces are placeholder tiles · each gets its own dedicated page once we ship them