Skip to main content

Documentation Index

Fetch the complete documentation index at: https://orbit-docs.devotel.io/llms.txt

Use this file to discover all available pages before exploring further.

ADR-011: Compliance gates default OFF — opt-in per market; US TCPA voice is the only federal hard guard

Status: CURRENT Date: 2026-05-16

Context

Pre-flip, every compliance gate (quiet hours, TCPA Numeracle, recording consent, regional A2P) defaulted ON for every tenant globally. Live bug: a WhatsApp send to a +90 Istanbul recipient at 03:00 was rejected by a US-tuned default. Legitimate non-US sends were being mis-blocked.

Decision

Every jurisdiction-specific compliance gate defaults OFF. Tenants opt-in per market via organizations.settings.*. ONE statutory carve-out: the US TCPA federal voice dialing window (47 U.S.C. § 227(b)(1)(B)) is hard-blocked regardless of tenant settings, with a distinct error code TCPA_FEDERAL_DIALING_WINDOW_BLOCKED.

Reason

Orbit is a global CPaaS, not US-only. Statutory damages on US TCPA voice (500500–1500 per call) are the unique six-figure-in-hours exposure that justifies non-opt-out enforcement; nothing else clears that bar.

Consequences

  • CHANNEL_DEFAULTS all flipped to enabled: false.
  • New enforceUsTcpaVoice() runs first in voice-compliance-guard.ts.
  • Invariant #56 SUPERSEDED (mechanism preserved).
  • New invariant #68 codifies the posture.
  • UI banner on /settings/compliance surfaces the opt-in model and the federal carve-out.

Source memos

  • [[decision_compliance_opt_in_2026_05_13]]
  • invariants.md #56 (superseded) and #68 (current)
  • [[invariants_compliance]]