Compliance Checklist
Last Updated: October 14, 2025
This checklist helps Aivery users ensure compliance with relevant regulations when recording and processing meeting data.
General Compliance
- Review and accept Aivery Terms of Service
- Review Privacy Policy and understand data handling
- Configure user access controls and permissions
- Enable audit logging for compliance tracking
- Establish data retention policies
- Train team members on compliance requirements
- Document internal recording policies
- Designate compliance officer/point of contact
Recording Consent
- Identify applicable recording consent laws (one-party vs two-party)
- Create standard consent announcement script
- Enable Aivery consent tracking features
- Train team on obtaining verbal consent
- Send pre-meeting consent notifications
- Display recording indicators during meetings
- Document consent for each recording
- Maintain consent audit trail
Data Protection (GDPR)
If Processing EU Personal Data:
- Appoint Data Protection Officer (if required)
- Sign Data Processing Agreement (DPA) with Aivery
- Conduct Data Protection Impact Assessment (DPIA)
- Maintain record of processing activities
- Implement data minimization practices
- Establish data retention and deletion procedures
- Enable data subject rights (access, deletion, portability)
- Document legal basis for processing
- Implement security measures (encryption, access controls)
- Report data breaches within 72 hours
- Update privacy notices for participants
- Obtain explicit consent where required
Data Subject Rights Implementation:
- Process for access requests (within 30 days)
- Process for deletion requests (right to be forgotten)
- Data portability export functionality
- Objection and restriction processes
- Complaint handling procedure
California Privacy (CCPA/CPRA)
If Processing California Resident Data:
- Update privacy policy with CCPA disclosures
- Implement "Do Not Sell" mechanisms
- Enable data access request process
- Enable data deletion request process
- Provide opt-out of data sales (if applicable)
- Train team on CCPA requirements
- Respond to requests within 45 days
- Maintain records of requests and responses
- Designate authorized agent process
- Implement non-discrimination policies
Healthcare (HIPAA)
If Recording Healthcare Meetings:
- Sign Business Associate Agreement (BAA) with Aivery
- Conduct HIPAA risk assessment
- Obtain patient authorization for recordings
- Implement physical safeguards
- Implement technical safeguards (encryption, access controls)
- Implement administrative safeguards (policies, training)
- Enable audit controls and monitoring
- Create incident response plan
- Train workforce on HIPAA requirements
- Establish breach notification procedures
- Minimum necessary standard implementation
- Secure PHI in recordings and transcripts
- Regular security reviews and updates
Required Documentation:
- Privacy policies and procedures
- Security policies and procedures
- Breach notification procedures
- Workforce training records
- Risk assessment documentation
- Business Associate Agreements
Financial Services (FINRA/SEC)
If Recording Client Communications:
- Review FINRA Rule 3110 (Supervision)
- Review FINRA Rule 4511 (Recordkeeping)
- Obtain client consent for recordings
- Implement retention policies (3-6 years minimum)
- Enable immutable recording storage
- Implement audit trails
- Designate compliance officer
- Create supervisory procedures
- Train registered representatives
- Regular compliance reviews
- Enable eDiscovery capabilities
- Maintain books and records
Retention Requirements:
- Customer communications: 3 years
- Order tickets and confirmations: 3 years
- General correspondence: 3 years
- Complaint records: 4 years
- Advertising: 3 years
Payment Card Industry (PCI DSS)
If Processing Payment Information:
- Never record credit card numbers
- Never record CVV/CVC codes
- Implement data masking for payment discussions
- Train team on PCI requirements
- Use PCI-compliant payment processors
- Regular security assessments
- Incident response plan
- Access control measures
SOC 2 Compliance
- Review Aivery's SOC 2 Type II report
- Implement organizational security policies
- Enable multi-factor authentication
- Conduct regular access reviews
- Implement change management procedures
- Regular vulnerability assessments
- Incident response procedures
- Business continuity planning
Industry-Specific Requirements
Legal Services
- Attorney-client privilege considerations
- Client consent procedures
- Ethical rules compliance
- Conflict check processes
- Secure storage and retention
Education (FERPA)
- Student consent for recordings
- Limit educational record access
- Secure storage of student information
- Parent/guardian rights (if applicable)
Government/Public Sector
- Freedom of Information Act (FOIA) considerations
- Public records retention requirements
- Security clearance requirements
- Federal/state specific regulations
Data Security Best Practices
- Enable encryption in transit (TLS)
- Enable encryption at rest (AES-256)
- Implement strong password policies
- Enable multi-factor authentication
- Regular security awareness training
- Conduct periodic security audits
- Implement least privilege access
- Regular software updates and patching
- Secure API integrations
- Monitor for security incidents
- Incident response plan in place
- Regular backup and recovery testing
Integration Compliance
CRM Integrations (Salesforce, HubSpot, etc.)
- Review third-party terms and privacy policies
- Authorize appropriate data access scopes
- Implement API security best practices
- Regular access reviews
- Data mapping documentation
- Sync audit trails
Video Platform Integrations (Zoom, Teams, etc.)
- Review platform recording policies
- Comply with platform terms of service
- Enable platform consent features
- Coordinate with platform security settings
Ongoing Compliance
Monthly Tasks:
- Review access logs for anomalies
- Update user access as needed
- Review consent records
- Check for policy updates
Quarterly Tasks:
- Conduct compliance training refreshers
- Review and update policies
- Audit trail review
- Vendor compliance assessment
Annual Tasks:
- Comprehensive compliance audit
- Update risk assessments
- Renew vendor agreements
- Review and update documentation
- Regulatory changes review
Documentation to Maintain
- Internal recording policies
- Employee training records
- Consent records and audit trails
- Data processing agreements
- Incident reports and responses
- Access control policies
- Data retention schedules
- Privacy impact assessments
- Vendor agreements and SLAs
- Compliance audit reports
Contact for Compliance Support
Aivery Compliance Team
- Email: compliance@aivery.ai
- Phone: [Support Phone]
- Help Center: https://help.aivery.ai/compliance
Legal Questions
- Email: legal@aivery.ai
Data Protection Officer
- Email: dpo@aivery.ai
Additional Resources
- Aivery Security Whitepaper: https://aivery.ai/security
- SOC 2 Type II Report: Request via compliance@aivery.ai
- HIPAA BAA Template: https://aivery.ai/hipaa-baa
- GDPR DPA Template: https://aivery.ai/gdpr-dpa
- Compliance Help Center: https://help.aivery.ai/compliance
Certification Status
Aivery maintains the following certifications:
- SOC 2 Type II ✓
- ISO 27001 (In Progress)
- GDPR Compliance ✓
- CCPA Compliance ✓
- HIPAA Eligible ✓
For certification documents, contact: compliance@aivery.ai
Disclaimer: This checklist is provided for informational purposes and does not constitute legal advice. Consult with qualified legal counsel to ensure compliance with all applicable laws and regulations in your jurisdiction and industry.
Last Updated: October 14, 2025