Modulate prepares platforms for regulatory compliance

4% of annual revenue (under GDPR; exact penalties may vary)

• Lawful basis (such as user consent) for recording
• Adequate data residency controls to protect end user data
• Satisfy data subject rights such as the right to be forgotten

Modulate acts as your data processor. We are capable of storing all data securely, fulfilling data subject requests, and supporting data residency risk assessments, as directed by your legal team. We’re also happy to collaborate on a DPA to ensure our housing and use of your data is exactly as you need.

$10,000 per violation (under the US Federal Wiretap Act; exact penalties may vary)

• Obtain multi-party consent in regions which require it
• Disclose any data recording and analytics at call start
  

As a back-end data processor, Modulate does not directly interact with your end users, so no need to worry about obtaining additional consents. In addition, all of Modulate’s solutions are highly configurable and can be activated or deactivated for individual calls on the fly as necessary, allowing you to adjust your use of our analytics depending on the consents obtained.

7% of annual revenue (under the EU AI Act; exact penalties may vary)

• Assess the relative risk of each AI deployment
• Ensure human oversight over AI-enabled decisions
• Train AI systems only on ethically and legally sourced, and fair and unbiased, training datasets

All of Modulate’s AI systems are trained with compliant data, which we’ve custom-sourced only with clear consent from participants, and hand-tuned to avoid bias. In addition, Modulate’s platform is designed with human intervention and oversight as a core principle - all AI-informed decisions can trivially be routed to humans for review, or human review can be prioritized for those calls the AI is least confident in. In most cases, deployments involving Modulate will be classified as “Limited Risk” under the EU AI Act (excepting any use in relation to a voice-based authentication system), but Modulate also supports customers directly as they conduct their own risk assessments.

Not directly regulated, but substantially increases real risk of data breaches as well as regulatory exposure under data privacy regulation such as GDPR

• Industry-standard encryption for all data at rest and in transit
• Access control restricting to only what’s required for each individual, with audit logs and individual accounts whose behavior can be monitored
• Incident response and breach notification plans in place with routine tests

Modulate first got ISO 27001 certified many years ago, when our team consisted of only 12 employees. Security is built into everything we do and we’ve successfully managed the data of Fortune 500 companies and AAA game studios for years without any breaches. We also recognize that many organizations prefer to conduct their own security assessments for vendors and are experienced and ready to assist in completing such an assessment.