Skip to main content

Documentation Index

Fetch the complete documentation index at: https://orbit-docs.devotel.io/llms.txt

Use this file to discover all available pages before exploring further.

Call Recording Consent

Recording a phone call without proper notification is a criminal offence in most jurisdictions where Orbit operates. This page is the canonical reference for which jurisdictions require one-party, all-party, or explicit-consent recording, and how Orbit’s voice platform helps you comply.
This page describes Orbit’s platform controls. It is not legal advice. Recording law varies by call destination, caller location, call purpose, and industry (healthcare, finance, and debt collection carry sector-specific overlays). Confirm your obligations with qualified counsel before launching a recording program.
Every voice number on Orbit carries a per-organization recording-consent policy configured under Voice → Calls → Recording settings. The policy applies to inbound, outbound, and agent-handled legs uniformly. The three announcement modes:
ModeBehaviour
noneNo recording, or recording with an external consent process you operate yourself. Orbit does not play any announcement.
announce_inboundPlays the consent announcement to inbound callers only. Outbound calls dial without an announcement.
announce_allPlays the consent announcement to every party on every call — inbound, outbound, and on agent transfer. Required for all two-party-consent jurisdictions.
The announcement itself can be either a TTS string (read out by Cartesia or ElevenLabs in the org’s default voice) or a URL to a .wav / .mp3 file in GCS or any reachable HTTPS endpoint. Announcements are played before the call connects to the human or agent leg — never mid-call.
When announce_all is active, Orbit refuses to start the SIPREC recording fork until the announcement has finished playing. If the caller hangs up during the announcement, no recording is captured and no per-minute recording cost is billed.

Jurisdiction matrix

The matrix below summarises the prevailing rule per region. Where a country has subnational variation (US, Canada, Australia), the strictest in-scope state’s rule applies if you route to that jurisdiction.
RegionRuleOrbit setting
United States — federalOne-party consent (18 U.S.C. § 2511)announce_inbound minimum
United States — CA, FL, IL, MA, MD, MT, NH, NV, PA, WAAll-party consent by state statuteannounce_all required
United States — other 38 statesOne-party consent sufficesannounce_inbound acceptable
European UnionGDPR Art 6 lawful basis + ePrivacy Art 5(1) — explicit consent or another documented basisannounce_all recommended
United KingdomUK GDPR + PECR + RIPA — broadly mirrors EU postureannounce_all recommended
Canada — federal (PIPEDA)Implied consent acceptable for QA with clear notice; explicit consent for marketingannounce_all recommended
Canada — Quebec (Law 25)Stricter than PIPEDA; treat as explicit-consentannounce_all required
Australia — ACT, QLD, SA, WAOne-party consentannounce_inbound acceptable
Australia — NSW, VIC, TAS, NTAll-party consent under state Surveillance Devices Actsannounce_all required
UAE, Saudi Arabia, Korea, Turkey, IndiaTreat as all-party / explicit consent — unauthorised recording is criminal in most casesannounce_all required
Brazil (LGPD), Argentina, ChileExplicit consent + documented lawful basisannounce_all required
Any other jurisdictionOperator’s responsibility to verify; default to announce_all until counsel confirms otherwiseannounce_all (default)
When in doubt, set the policy to announce_all. The announcement is brief (typical 5–8 seconds for “This call may be recorded for quality and training purposes”), customer-service trained, and legally defensible across every jurisdiction Orbit supports.

Per-region detail

Federal wiretap law (18 U.S.C. § 2511) permits recording when at least one party to the call consents — and the recording party counts as that one party. Ten states layer an all-party-consent requirement on top: California, Florida, Illinois, Maryland, Massachusetts, Montana, Nevada, New Hampshire, Pennsylvania, Washington. The applicable rule is determined by where the parties are physically located at the time of the call, not the location of the carrier or the dashboard operator. If any party is in an all-party state, that state’s rule governs.Industry overlays: HIPAA (treat call audio as PHI when it discusses health), PCI DSS (do not record DTMF tones that capture card numbers — use Orbit’s PCI mask feature), FDCPA / TCPA (debt collection and telemarketing have additional notice requirements beyond recording consent).
Under GDPR Art 6, recording requires a documented lawful basis (consent, contract performance, legitimate interest, legal obligation, etc.). ePrivacy Directive Art 5(1) layers on a confidentiality-of-communications requirement that, in most member-state implementations, is read as requiring explicit notification before recording starts. The UK applies the equivalent regime via UK GDPR, PECR, and RIPA.The pragmatic posture: play the announcement to every party (announce_all), keep a record of the legal basis (consent, legitimate_interest, etc.) in your CRM, and ensure the customer can request access or deletion of recordings via your GDPR data-subject-rights process. Orbit’s retention policy (configurable per channel under Settings → Compliance → Retention) lets you auto-delete recordings after a fixed window.
PIPEDA (federal, applies to commercial activity) treats recording as a collection of personal information and requires knowledge and consent at the time of collection. For quality-assurance recording with a clear, prominent notice at the start of the call, regulators have accepted implied consent. For marketing or sales-evaluation recording, explicit consent is the safer posture. Quebec’s Law 25 (in force since 2023) is stricter than PIPEDA and is best treated as an explicit-consent regime.
Recording is governed by state Surveillance Devices Acts, not federal law. ACT, QLD, SA, and WA are one-party-consent jurisdictions. NSW, VIC, TAS, and NT require all-party consent. The Telecommunications (Interception and Access) Act 1979 (Cth) also prohibits intercepting a call in transit without a warrant, but does not generally restrict consensual recording by a party to the call.
UAE, Saudi Arabia, Korea, Turkey, and India all treat unauthorised recording as a criminal offence under their respective penal or telecommunications codes. Brazil’s LGPD, Argentina’s Personal Data Protection Act, and Chile’s Law 19.628 all require an explicit lawful basis plus notice. For every region not separately listed above, treat the default as announce_all plus documented consent capture, and confirm with local counsel before routing production traffic.

Operator obligations

Orbit gives you the controls; the obligations remain yours.

Choose the strictest applicable rule

If your call may traverse a jurisdiction with all-party-consent, configure announce_all for the entire org — not just for numbers serving that region. Cross-jurisdictional liability is determined by the strictest state on the call.

Document your lawful basis

For GDPR / LGPD / PIPEDA destinations, keep a record per contact of which lawful basis applies and how it was captured. Orbit’s contact custom fields can store this; export them quarterly to your compliance system.

Honour deletion requests

GDPR Art 17, CCPA, and Quebec Law 25 give data subjects the right to request deletion of their recordings. Orbit exposes a per-contact delete endpoint and a retention-policy scheduler. Build the request flow into your support process.

Mask sensitive audio

Pause recording (or mute the recording leg) before capturing card numbers, full SSNs, or health-screening responses. Orbit supports mid-call recording-pause via the API for PCI-scope flows.

Where to configure

  • Per-org default: Voice → Calls → Recording settings. This picks the announcement mode and the TTS / audio URL.
  • Per-number override: Numbers → <select number> → Compliance → Recording. Useful when one DID serves a stricter jurisdiction than the org default.
  • Per-agent: Agents → <agent> → Voice → Recording. Agents can disable recording on specific call types (e.g. PCI-scope payment flows).
Changes take effect on the next call. Historical recordings retain the consent policy that was active at the time they were captured; the audit log records both the policy and the announcement payload for every recorded call.