Skip to content
Product
Voice Operations

Compliant Outbound Voice. Single-Tenant by Default. Audit-Grade by Design.

A dedicated voice agent for vendor questionnaire intake, compliance evidence interviews, and incident notification fan-outs. Every call is TCPA-checked, consent-verified, PII-scrubbed, and written to a hash-chained audit trail on both sides of the boundary.

Sample output
Call Transcript
PII-scrubbed, timestamped, verbatim transcript with speaker labels and confidence scores.

Interactive tour coming soon.

Talk to our concierge about activation

Why It Matters

Results That Speak for Themselves

Single-tenant
Dedicated Voice Worker
Every customer who activates Voice Operations gets a dedicated worker stack. Isolated container, database, Telnyx profile, DID pool, and HMAC signing key. There is no cross-customer code path by construction.
Compliance-first
TCPA, DNC, Consent Enforced
Every outbound dial runs through TCPA business-hour checks, daily per-contact caps, DNC list lookups, and consent verification before it ever reaches the phone. Incident notifications use a documented lawful-basis bypass.
Audit-grade
Hash-Chained Audit Trail
Every call event is written to an append-only SHA-256 hash chain on both sides of the boundary. Tampering is detectable and alerts page on-call instantly. Transcripts land in your existing Aurora audit pipeline.

Before & After

Manual Voice Workflows vs. Voice Operations

Every team with a security or compliance program has these problems. Voice Operations replaces them with a dedicated, single-tenant voice agent that is part of Aurora Command from day one.

Without Aurora
  • A vendor POC needs to finish a 60-question security questionnaire but will not sit down at a web form. You chase them with emails and it takes three weeks.
  • Your SOC 2 auditor needs interviews with five stakeholders across three time zones. Coordinating the human calendars burns a full week of project time.
  • A P1 incident breaks at 2am and you need to reach 30 affected customer contacts. You wake up the on-call team and dial each number by hand.
  • You worry about prompt injection attacks against LLM agents because you cannot see what instructions the model was handed.
  • Transcripts sometimes contain PII (SSNs, credit cards, phone numbers) that you cannot afford to store unencrypted.
With Aurora
  • The vendor POC gets a scheduled call from an agent that reads each question aloud, captures their answers, and returns a completed questionnaire the same day with full transcript attached.
  • Aurora dispatches a voice interviewer to each stakeholder on their own schedule. Interviews run in parallel, transcripts attach to the evidence request, and stakeholders attest to accuracy before evidence is sealed.
  • Your IR playbook runs a voice_notification step. The agent fans out 30 parallel calls, delivers the scripted incident summary, captures acknowledgments, and logs every attempt to the incident timeline.
  • Instruction bundles are HMAC-signed by aurora_command and verified by the worker before the LLM sees them. Adversarial test corpus runs in CI with a 95 percent defense-rate gate.
  • Every transcript passes through a Luhn-validated scrubber before it lands in Aurora. PII categories are replaceable per script, and the scrubbed transcript carries SHA-256 fingerprints of the original values for audit proof without raw storage.

Key capabilities

Every Capability Customers Need to Run Voice in Production

Minutes metering, compliance enforcement, prompt-injection hardening, and tight integration with the rest of your Aurora program.

Vendor Questionnaire Voice Intake
Convert any Aurora vendor questionnaire template into a spoken script. Multiple-choice, yes/no, numeric, and date questions are translated into natural phrasing. Completed answers return as a fulfilled evidence request.
Compliance Evidence Interviews
Open-ended interview scripts for SOC 2, HIPAA, and ISO audits. Transcript spans attach to evidence requests with the source_voice_interview tag, and stakeholders attest before evidence seals.
Incident Notification Fan-Out
A new IR playbook step type delivers voice notifications to affected parties during a live incident. Fan-out safety blocks any run larger than 50 targets without an explicit directive approval.
Minutes Metering + Quotas
Per-org monthly minute budgets with 80, 95, and 100 percent enforcement thresholds. Growth tier includes 500 minutes; Enterprise includes 5000. Additional minutes are purchasable as a 1000-minute pack.
Single-Tenant Worker Topology
Each customer gets a dedicated Docker stack, Postgres database, Telnyx child profile, and DID pool. No shared infrastructure between customers.
Enterprise-Grade Hardening
Signed instruction bundles, prompt-injection guards, PII scrubber, hash-chained audit, and 90-day credential rotation. Every attack path is documented in the threat model.
What You Can Show Reviewers
Artifacts reviewers recognize, plus sample previews of structure.
Scroll for artifact previews

Connected to your stack

Connects to Your Stack

Pull evidence automatically from the systems your team already uses.

Common questions

Questions Teams Ask About Voice Operations

Compliance, security, privacy, pricing, and lifecycle answers for the Voice Operations add-on.

Why single-tenant? Is that not expensive to operate?
Single-tenant is a security decision, not an operational convenience. A dedicated worker per customer means a compromise of one customer never leaks to another. Yes, it is more expensive to operate than shared infrastructure. That cost is baked into the plan pricing. Concierge provisioning makes the operational overhead manageable.
How does the agent avoid prompt injection from a hostile caller?
Four layers. First, user-controlled fields are scrubbed of the common injection patterns before they reach the LLM. Second, the system prompt strictly marks CONTACT_DATA and TASK_DATA as data-not-commands. Third, instruction bundles are HMAC-signed by aurora_command and verified by the worker before use. Fourth, the agent has no access to any system outside the current call. A 100-plus adversarial test corpus runs in CI with a 95 percent defense-rate gate.
What happens if the worker and Aurora disagree about a call outcome?
Aurora is the system of record. The worker posts signed callbacks on every state transition, and aurora deduplicates for 7 days via an idempotency key. If the worker is unreachable during a callback, it retries with backoff. If aurora ever observes a state inconsistency, an audit event is written and the on-call engineer is paged.
Can I record calls?
Recording is opt-in per campaign. The recording disclosure is inserted by the core layer and cannot be removed by customer authors. Recordings are stored with a SHA-256 fingerprint and subject to your configurable retention policy (default 90 days). Transcripts are always retained.
How is consent captured for voice interviews with employees?
A stakeholder must have an active voice_ops_consent record before an interview can be dispatched. The first-call flow presents a consent disclosure and records acceptance. Without an active consent row, the integration endpoint refuses to create the call.
Can incident notifications bypass consent and business hours?
Yes, under the incident-notification lawful basis, which is explicitly documented per campaign and requires legal sign-off captured in the campaign metadata. Business hours and consent are bypassed; the daily per-contact cap still applies.
How much does it cost?
Voice Operations is an add-on to Aurora Command. Growth tier includes 500 minutes per month; Enterprise tier includes 5000 minutes per month. Additional minutes are purchasable in 1000-minute packs. See the pricing page for the latest line items.
What happens at decommission? Can my data be recovered?
Decommission tears down the worker container and volumes and releases the Telnyx DIDs. Before decommission, the worker's final state is backed up and uploaded to the customer's designated backup bucket. If any voice_ops data is under legal hold, decommission is refused until the hold is released.
Live walkthrough
Activate Voice Operations With Concierge Support
Every customer who buys Voice Operations is walked through activation by a Borealis concierge. Contract review, 10DLC registration, billing consent, callback setup, and your first test call happen in a single session.
Talk to our concierge about activation
View Pricing
Share one request and we will show the path to call transcript without losing approvals, ownership, or reviewer context.