Skip to content
claimpros.ai
Compliance architecture

Eight checkpoints before a single dial.
Your firm’s name never goes on a bad call.

TCPA1 liability is the first objection any attorney raises — and it should be. The penalties are statutory, the plaintiffs are organized, and the plaintiff bar has industrialized the process of identifying calling programs that cut corners.

This platform was designed for law firms. That means compliance is not a feature — it is the architecture. Every dial runs through eight independent checkpoints2. A lead either passes all eight — or it never reaches the dialer.

8
Independent TCPA checkpoints
72h
Consent freshness — no override
100%
Calls recorded with intent confirmation
0ms
Opt-out suppression delay
TCPA compliance

Eight independent checkpoints.

Each checkpoint is independent. Failing any one of them blocks the lead — the remaining seven do not compensate or offset. This is not a scoring system. It is a gate system. A lead either passes all eight or it does not dial.

  1. TrustedForm Certificate + Language Audit

    A TrustedForm certificate captures the consent session — exact form language, timestamp, IP address, and the claimant's interaction — at the moment of opt-in. The platform audits the captured form language against current FCC-23-107 disclosure requirements before accepting the lead. Certificates are attached to every lead record and retained for the full statutory period. Form language that fails the audit blocks the lead regardless of certificate validity.

  2. 72-Hour Consent Freshness Gate

    Consent has a shelf life. A claimant who opted in six days ago is a different legal situation than one who opted in six hours ago — and plaintiff attorneys know the difference. Any lead whose consent timestamp is older than 72 hours is quarantined automatically. The system attempts re-consent via SMS before that lead is permitted to re-enter the dial queue. This is a hard block enforced in code, not a configurable soft warning that an operator can override.

  3. LITIGATOR_LIST Scrub via DNC.com

    The LITIGATOR_LIST is a database of phone numbers held by known professional TCPA plaintiffs — individuals who file serial TCPA suits as a revenue strategy. A single call to a number on this list can result in five-figure statutory damages. Before any number reaches the dialer, it is checked against the current LITIGATOR_LIST via DNC.com. Any match results in permanent suppression. This is the most consequential scrub in any outbound calling program, and it runs on every number, every time.

  4. Federal + State DNC Registry Scrub

    The National Do Not Call Registry is table stakes. What matters is that it is current, not cached. The platform scrubs against a live DNC feed — not a monthly snapshot — before each dial. Beyond the federal registry, applicable state DNC registries are checked for all states with their own maintained lists. Any number that returns a match is suppressed permanently from your firm's dial pool and flagged in the lead record. State registry coverage is updated as new state rules take effect.

  5. Pre-Call SMS Opt-Out Window on 10DLC

    Before the outbound AI call fires, the claimant receives an SMS from a registered 10DLC number — a short notification identifying your firm and providing a clear opt-out mechanism. This creates an additional documented consent touchpoint and gives the claimant an opportunity to opt out before any voice contact occurs. The 10DLC registration ensures deliverability and carrier compliance for the SMS leg. Opt-outs received at this stage are processed immediately and propagate across all downstream systems before the call is ever attempted.

  6. In-Call Intent Confirmation and Recording

    At the opening of every AI-conducted call, the system identifies itself, names your firm, advises the claimant that the call is being recorded, and explicitly confirms the claimant's intent to engage with your firm about their Social Security disability claim. This exchange is captured in full audio and in the call transcript. The intent confirmation serves as an additional evidentiary layer — a documented, time-stamped, in-call record of the claimant's willing participation — beyond the initial consent certificate. Transcripts and recordings are retained per your state's applicable retention requirements.

  7. Instant Opt-Out Suppression

    Any opt-out signal — spoken verbally, triggered by keypress, or sent by reply SMS — is processed in real time. There is no batch processing window, no overnight suppression cycle, no delay of any kind. The number is suppressed across all active queues the moment the opt-out registers. The suppression event is logged with timestamp and mechanism. Any attempt to re-queue a suppressed number within the same session is blocked at the application layer. Opt-out records are retained indefinitely as part of the compliance record for your firm.

HIPAA architecture

PHI handled as if you were already audited.

SSDI qualification necessarily involves discussion of medical conditions, diagnoses, and treatment history. The platform treats all claimant data as Protected Health Information from first contact.

SOC 2 Type 1 in progress · Type 2 follows

TLS 1.3 in transit

Every byte between claimant, agent, and storage is encrypted. No unencrypted backchannel exists.

AES-256 at rest

Storage layer encryption with per-tenant KMS keys for the most sensitive surfaces.

Role-based access

Logged, scoped, audited. Service-role keys reserved for legitimate cross-tenant background jobs.

BAA executed

Business Associate Agreement signed before any PHI processed. Subprocessor disclosure with 30-day change notice.

Per-tenant model isolation

Your data never trains another firm’s model.

Every firm on the platform operates in a fully isolated model environment. Your call transcripts, claimant data, qualification outcomes, and attorney decisions are used only to refine your firm’s model — never pooled into a shared training set, never used to improve scoring for a competitor firm, never accessible to any other tenant.

The isolation is architectural, not policy-level. Tenant boundaries are enforced at the data layer. There is no configuration state that would allow cross-tenant data access.

Continuously refined by your data. Untouched by anyone else’s.

Authorized practice

The AI does not practice law.

The AI conducts intake. It gathers facts, asks structured questions, scores eligibility against defined criteria, and delivers information. It does not advise the claimant on legal strategy, predict hearing outcomes, evaluate the merits of a particular theory of disability, or make representations about the strength of the claimant’s case.

For attorney firms, the two-stage workflow is specifically designed around this boundary: the AI produces a written recommendation memo with supporting data, and the attorney makes the accept/decline decision. No client relationship forms, no legal advice is given, and no representation is implied until your firm affirmatively accepts the case through its normal processes.

State-specific legal opinions

Outside-counsel opinion in hand before any state goes live.

State telephony and consumer-protection law layers on top of federal TCPA. We commission a written opinion from outside counsel for every state before outbound dialing turns on. Florida, California, and Washington remain blocked at the platform layer pending state-specific opinions.

Opinions are scoped to the platform’s actual call mechanics — automatic dialing system characterization, in-call recording disclosure, opt-out mechanism sufficiency, and the firm’s caller-ID disclosure obligations.

35 states activeFL · CA · WA blockedOpinions on file · Available on request
Halberstam & Reyes LLPSample · redacted

Outside counsel opinion · State of [Redacted]

Re: Application of state telephone consumer protection statutes to the ClaimPros voice qualification platform.

We have been asked to evaluate whether the platform’s outbound call mechanics, as described in the technical addendum, comply with the requirements of [State Statute]…

The platform’s eight-checkpoint pre-dial sequence — including FCC-23-107 named-firm consent verification, LITIGATOR_LIST scrub, federal and state DNC scrubs, and the 10DLC pre-call SMS opt-out window — satisfies the heightened consent requirements of [State Statute] §[]…

[ further analysis redacted ]

Conclusion: subject to the conditions noted above, the platform’s outbound call program may operate within [State] without requiring [Tier-Two registration / additional disclosure / etc.].

Halberstam & Reyes LLP2026 · 14 pp · privileged

Sample · firm name redacted · contents illustrative

Ready to talk compliance

Every compliance question answered before you sign.

Bring your outside counsel’s questions. Bring your firm’s skeptic. The 30-minute conversation is designed for exactly this. No proposal until you’re satisfied with the compliance architecture.

Request Contact →Reply within one business day
Compliance inquiries

partners@claimpros.ai

Send the document list — BAA template, SOC 2 update, subprocessor list, opinion-letter scope. We route within one business day.

Security disclosure

/security

HIPAA architecture, audit logging, vulnerability reporting.