India's Digital Personal Data Protection Act 2023 (DPDP Act) fundamentally changed the legal basis for collecting and processing customer data — including voice data from AI calls. For any business using voice AI to contact customers, compliance is not a checkbox to tick at deployment: it's an ongoing operational requirement that must be enforced on every single call.
Agni's consent management is built into the infrastructure layer — not bolted on as an optional feature. Here's exactly how it works.
What the DPDP Act Requires
The DPDP Act requires that personal data — which explicitly includes voice recordings and transcripts — can only be collected and processed with the individual's free, specific, informed, and unambiguous consent. For an outbound voice AI call, this means:
- The customer must be told who is calling and why
- The customer must be told that the call is being recorded
- The customer must be told how the data will be used
- The customer must actively acknowledge consent — not merely fail to object
- The consent event must be recorded with a timestamp
"Implied consent" — the assumption that a customer consents because they answered the phone — is not valid under DPDP. Positive consent signal is required.
Agni's Consent Disclosure: What the Customer Hears
Every Agni call opens with a configurable consent disclosure. A standard DPDP-compliant disclosure in Hindi sounds like:
"Namaste [Name]. Main [Company Name] ki taraf se bol raha hoon. Yeh call aapkI [EMI / policy / account] ke baare mein hai. Yeh call compliance ke liye record ki ja rahi hai. Aapki baat karna continue karne ka matlab hai ki aap is recording ke liye consent de rahe hain. Kya aap continue karna chahte hain?"
The disclosure is automatically rendered in the customer's detected language — Hindi, Tamil, Marathi, or any other configured language. A customer who responds in Tamil receives the disclosure in Tamil, not Hindi.
Positive consent signal required: Agni treats the customer's first substantive response after the disclosure as the consent event. The timestamp and audio of this response are stored as the consent record. If the customer says nothing (silent answer), the call terminates — silence is not consent.
The 60-Day Consent Window
Under DPDP guidelines, consent captured in one interaction is valid for a defined period — Agni's default is 60 days — for the same data processing purpose. This means:
- A customer who gave consent for collections-related data processing on March 1 does not need to be re-disclosed on March 15 for the same campaign purpose
- If 60 days pass without a new consent capture, the next call re-triggers the full disclosure
- A new purpose (e.g., moving from collections to a marketing campaign) requires fresh consent, regardless of the window
The consent window is configurable in the Agni compliance settings — businesses with stricter internal policies can set a shorter window (e.g., 30 days).
Consent Withdrawal: Immediate and Permanent
The DPDP Act gives customers the right to withdraw consent at any time. In an Agni call, this right is triggered by any clear withdrawal signal — "main consent nahi deta," "please don't call me again," "mujhe call mat karo," or any equivalent phrase in any supported language.
When Agni detects a consent withdrawal:
- The call is ended professionally and respectfully
- The phone number is flagged as DNC (Do Not Call) in the Agni system immediately
- The number is suppressed from all future campaign dials — no human intervention required
- The withdrawal event is logged with timestamp and audio clip as a compliance record
- If CRM integration is configured, the DNC status is written to the CRM contact record
Do-Not-Call Registry Compliance
Beyond individual consent withdrawal, Agni also manages:
- TRAI NDNC compliance: Phone numbers on the national DND registry are automatically suppressed before any commercial campaign
- Internal DNC list: Your organization's own DNC list (from previous opt-outs, legal holds, or compliance requirements) can be uploaded and is enforced at the infrastructure level
- Campaign-level DNC: Numbers that have received the maximum number of contact attempts are automatically suppressed for new campaigns of the same type
Consent Audit Trail
Every consent event in Agni produces a tamper-evident audit record containing:
- Phone number and customer ID
- Timestamp of consent capture (ISO 8601 format, IST)
- Audio clip of the consent event (customer's first substantive response)
- Transcript of the consent disclosure and customer response
- Call recording reference ID
- Consent expiry date (based on configured window)
These records are retained for 2 years on India-based infrastructure and are accessible for regulatory audit within 48 hours of request. This satisfies both DPDP audit trail requirements and RBI recording retention requirements for BFSI deployments.
"During an RBI audit, we were asked to produce consent records for 200 specific calls across a 12-month period. We pulled all 200 records with timestamps and audio clips in under an hour. The auditors were visibly surprised." — Head of Compliance, NBFC (Mumbai)
Consent for Different Use Cases
Consent configuration varies by campaign purpose:
| Use Case | Consent Requirement | Agni Handling |
|---|---|---|
| Collections (BFSI) | DPDP + RBI FPC | Full disclosure + positive acknowledgment + 2-year recording |
| Marketing/sales | DPDP + TRAI | Full disclosure + NDNC scrubbing pre-call |
| Transactional (OTP, delivery) | Lighter DPDP burden | Purpose disclosure at open, recording consent |
| Customer survey | DPDP | Purpose disclosure + voluntary participation flag |
Ready to get started?
DPDP consent management is built into every Agni plan at no extra cost. Start at app.ravan.ai or contact our compliance team at info@ravan.ai.
