Trust & security

How CallSea handles your data and the EU AI Act

No fine print: what we do with recordings, what we never do, and our road to full AI Act conformity — written so your legal team can simply read it.

Our classification under the EU AI Act

Under Regulation (EU) 2024/1689, Annex III point 4(b), CallSea is a high-risk AI system: it monitors and evaluates the performance of persons in work-related relationships. We adopted this classification deliberately — it is a literal match to the product’s purpose. We do not pursue an avoidance strategy; we follow a provider compliance plan instead.

What CallSea does

Transcription and text scoring

Transcribes call recordings (with speaker separation), scores quality against criteria defined by your organization, assigns results to agents and aggregates them in dashboards and reports. Results can be delivered to your systems.

What CallSea never does

No voice or emotion analysis

Language models receive transcript text only — no tone-of-voice, prosody or any acoustic features. CallSea does not recognize employees’ emotions (Art. 5(1)(f) AI Act ban), does not make HR decisions, and does not permanently store audio recordings.

Enforced in code

Configuration validator

The platform includes a validator that makes it impossible to save scoring criteria inferring agents’ emotions or state of mind. This compliance requirement lives in the code — not just in the contract.

Human oversight

Every score can be verified

Every result traces back to a specific call and a transcript quote. AI scores are informational input for managers — with the right to challenge and correct them.

Data architecture: everything in the EU

Platform servers are located in Germany. Speech-to-text and scoring models run in the EU region — no processing step requires sending data outside Europe. Transcripts and evaluation results are stored; audio recordings are passed to transcription and are not stored permanently.

Provider compliance plan

Art. 5 guardrails (the configuration validator) are active today. Next phases cover labelling AI-generated content, a risk register and technical documentation, human-oversight mechanisms and accuracy benchmarks — through conformity assessment, the EU declaration of conformity, CE marking and registration in the EU AI database (2027 horizon).

Your duties as a deployer — and how we help

  • Informing employees before go-live (Art. 26(7)) — we provide a ready-made notice template as a contract annex.
  • DPIA (Art. 35 GDPR) — we supply the complete processing information your assessment requires.
  • Human oversight (Art. 26(2)) — score-to-quote traceability makes review practical, not theoretical.
  • AI literacy (Art. 4) — we provide materials for managers and HR working with results.

More detail on the blog: The EU AI Act in the call center. The standard data processing agreement (DPA) is available on request.