TCPA & DNC Compliance Guide

Anima provides phone, SMS, and email infrastructure for AI agents. Compliance with the Telephone Consumer Protection Act ("TCPA"), the National Do-Not-Call Registry ("DNC"), the Reassigned Numbers Database ("RND"), CAN-SPAM, GDPR, CASL, and any equivalent state, provincial, or international rules is your responsibility as the customer, not Anima's.

Anima ships safety infrastructure to make compliance easier: rate limits, time-of-day enforcement, RND lookups, hard-cap controls, correlation IDs, and audit trails. None of those features turn an unconsented call into a consented one. Authority to contact a recipient comes from your relationship with that recipient.

If you operate an outbound voice or SMS workflow without prior express written consent (TCPA), without scrubbing against the federal DNC and the RND, without honoring opt-outs within the statutory window, or outside permitted calling hours, you are out of compliance — regardless of whether Anima's tooling "allowed" the request through.

1. Prior express written consent (TCPA).

Before placing any outbound autodialed or pre-recorded call, or sending any marketing SMS, to a US recipient, you must hold prior express written consent that clearly identifies your business and the calling/messaging program. Consent records must be retained for the duration of the relationship plus four years.

2. DNC scrubbing (federal + state + internal).

Marketing calls and SMS to numbers on the federal Do-Not-Call Registry are prohibited unless an established business relationship or written consent exception applies. You must also honor state-level DNC lists where applicable and your own internal suppression list.

3. RND scrubbing (Reassigned Numbers Database).

The Reassigned Numbers Database is the FCC's safe-harbor mechanism for avoiding calls to numbers whose subscriber has changed since you obtained consent. Querying RND before a call and dropping any "yes, reassigned since consent-date" result is the only way to qualify for the safe harbor. Anima exposes RND lookup as a callable safety check; using it does not transfer FCC responsibility to Anima.

4. Opt-out honoring (10 business days + STOP).

Once a recipient asks to be removed (any reasonable request, in any modality), you must stop calling/messaging that number within ten business days under TCPA, and within ten business days under CAN-SPAM for email. SMS programs must honor STOP, END, CANCEL, UNSUBSCRIBE, and QUIT keywords immediately and reply confirmation.

5. Calling time-of-day windows.

TCPA prohibits telemarketing calls before 8am or after 9pm in the recipient's local time. Many states impose stricter windows (e.g. Florida 8am–8pm). Time-zone determination from area code is best-effort, not authoritative; you remain responsible for any call placed outside the lawful window.

6. CAN-SPAM, GDPR, CASL, and successors.

Email programs must include a functional unsubscribe link, accurate header lines, a valid physical postal address, and clear identification of the message as commercial. EU/UK recipients require GDPR lawful basis (typically prior consent for marketing). Canadian recipients require CASL express or implied consent and clear sender identification.

7. Internal suppression list maintenance.

Maintain a single, authoritative suppression list across all your modalities (voice, SMS, email, push). A recipient who opts out of SMS has not necessarily opted out of email, but a recipient who opts out of all marketing has — and your suppression logic must respect that.

These are tools that make compliance feasible. They are not compliance themselves and they do not transfer your TCPA/DNC/CAN-SPAM duty to Anima.

TCPA gate middleware.

Outbound voice and SMS requests pass through a server-side gate that requires the caller to assert consent on each request and that fails closed (the call is not placed) when the assertion is missing or malformed. The assertion is recorded with the request for audit.

RND lookup endpoint.

A built-in lookup that queries the FCC Reassigned Numbers Database via Twilio Lookup. Calls to numbers flagged as reassigned after your consent date are blocked before placement. Querying counts toward your RND quota; the safe harbor is yours, not ours.

Time-of-day enforcement.

The voice path computes the recipient's local hour from the dialed number and refuses to place calls outside 8am–9pm local. State-stricter windows can be configured per-org. Best-effort time-zone resolution; you remain responsible for edge cases.

Per-tier call caps and per-second rate limits.

Each billing tier has a hard maximum daily call count and a per-second rate cap. Hitting the cap returns a 429; it does not silently degrade. The cap exists to contain incident blast-radius, not to certify your volume as lawful.

Hard-cap kill-switch.

An org admin can flip a hard-cap toggle that immediately halts all outbound voice, SMS, or email from the org. Useful when a misconfigured agent starts calling the wrong list. The toggle is synchronous and takes effect on the very next request.

Correlation IDs and audit trail.

Every request emits a request-id (unique per call) and a correlation-id (spans an entire workflow). Both are returned in response headers and indexed in our log store, so you can trace any disputed contact back to the exact authorizing prompt and the exact agent grant that issued it.

Delegation chain verification.

Sub-agent grants are verified against a parent grant on every request. Scopes can only narrow, never widen. Revocation propagates synchronously through the entire subtree. When a human principal revokes authority, every descendant agent loses access on the very next call.

Anima does not collect or verify consent on your behalf. We do not maintain a consent database, a per-recipient opt-in record, or a per-recipient established-business-relationship record. Those records belong in your CRM, your marketing platform, or your internal compliance system.

Anima does not vouch for the lawfulness of any specific call, message, or campaign. Our gates make it harder to place a clearly unlawful call (e.g. to a known reassigned number, or at 3am local) but they do not — and cannot — verify the consent foundation that makes the call lawful in the first place.

Anima does not represent that compliance with our safety controls discharges your obligations under TCPA, DNC rules, RND safe-harbor requirements, CAN-SPAM, GDPR, CASL, or any analogous rule. Where our controls and the law diverge, the law governs.

Per the Terms of Service, Section 23 (Indemnification), you agree to defend, indemnify, and hold harmless Anima from any claim, fine, judgment, or settlement arising from a violation of TCPA, DNC, RND, opt-out, time-of-day, CAN-SPAM, GDPR, or CASL rules in your use of the Service.

This includes carrier-imposed fines for unwanted-call labeling (STIR/SHAKEN attestation downgrades, carrier blocking, A2P 10DLC penalties) and any settlement Anima reaches with a regulator or carrier on a complaint that traces back to your traffic.

If you receive a TCPA, DNC, or carrier-blocking complaint about a call placed through Anima, write to compliance@useanima.sh within 72 hours with the correlation-id from the disputed call. We will preserve the relevant logs, the request payload, and the consent assertion, and we will cooperate with any legitimate regulatory or carrier inquiry.

Cooperation is not concession. The substantive defense — that consent existed, that DNC was scrubbed, that the call was within hours, that opt-out was honored — is yours to make.

Compliance posture changes as regulators move. If a rule we reference here drifts from current practice, write to compliance@useanima.sh or open an issue against the public docs. This page is informational and does not constitute legal advice. Consult counsel for your specific program.