Trust & security
How CallSea handles your data and the EU AI Act
No fine print: what we do with recordings, what we never do, and our road to full AI Act conformity — written so your legal team can simply read it.
Our classification under the EU AI Act
Under Regulation (EU) 2024/1689, Annex III point 4(b), CallSea is a high-risk AI system: it monitors and evaluates the performance of persons in work-related relationships. We adopted this classification deliberately — it is a literal match to the product’s purpose. We do not pursue an avoidance strategy; we follow a provider compliance plan instead.
Transcription and text scoring
Transcribes call recordings (with speaker separation), scores quality against criteria defined by your organization, assigns results to agents and aggregates them in dashboards and reports. Results can be delivered to your systems.
No voice or emotion analysis
Language models receive transcript text only — no tone-of-voice, prosody or any acoustic features. CallSea does not recognize employees’ emotions (Art. 5(1)(f) AI Act ban), does not make HR decisions, and does not permanently store audio recordings.
Configuration validator
The platform includes a validator that makes it impossible to save scoring criteria inferring agents’ emotions or state of mind. This compliance requirement lives in the code — not just in the contract.
Every score can be verified
Every result traces back to a specific call and a transcript quote. AI scores are informational input for managers — with the right to challenge and correct them.
Data architecture: everything in the EU
Platform servers are located in Germany. Speech-to-text and scoring models run in the EU region — no processing step requires sending data outside Europe. Transcripts and evaluation results are stored; audio recordings are passed to transcription and are not stored permanently.
Provider compliance plan
Art. 5 guardrails (the configuration validator) are active today. Next phases cover labelling AI-generated content, a risk register and technical documentation, human-oversight mechanisms and accuracy benchmarks — through conformity assessment, the EU declaration of conformity, CE marking and registration in the EU AI database (2027 horizon).
Your duties as a deployer — and how we help
- Informing employees before go-live (Art. 26(7)) — we provide a ready-made notice template as a contract annex.
- DPIA (Art. 35 GDPR) — we supply the complete processing information your assessment requires.
- Human oversight (Art. 26(2)) — score-to-quote traceability makes review practical, not theoretical.
- AI literacy (Art. 4) — we provide materials for managers and HR working with results.
More detail on the blog: The EU AI Act in the call center. The standard data processing agreement (DPA) is available on request.