Skip to main content

The Trust Covenant in detail

Security and trust, in writing.

We're pre-launch. We won't fake stats, certifications, or a customer roster. What follows is the Trust Covenant we'll sign every customer contract on top of, with the evidence we'll publish to back it up.

End-to-end encryptionT&C-gated outboundHuman review on sensitive topics

The Six Commitments

Six promises. Each one signed into the contract.

These are the commitments we will not loosen for any tier, any contract size, any customer. They're the spine of how Akhi.ai runs, and the reason a Muslim org can hand us their community's trust without worrying.

Halal-only, by platform refusal

Riba banking, alcohol, gambling, conventional insurance, pork, adult content. The list is public and permanent.

Akhi.ai will not onboard, run campaigns for, or accept inbound traffic from any business that falls in our refused-vertical list. The list is enforced at three points: signup confirmation, runtime system-prompt refusal, and a public canon page that we never quietly edit. Even a six-figure check doesn't move it.

  • Onboarding requires written confirmation that your business is not in any refused vertical
  • Akhi's system prompt declines haram-vertical campaigns at call time, regardless of how the request is phrased
  • When the list changes, we publish the change and the reason on /halal-business-filter
See the full halal-business filter

End-to-end encryption

TLS 1.3 minimum in transit. AES-256 at rest. Per-tenant keys. Data residency you control.

Calls are encrypted in transit between every hop: telephony provider, our voice infrastructure, and your CRM endpoint. Recordings and transcripts are encrypted at rest with per-tenant keys so a single-tenant compromise can never expose another customer. We default to US data residency and add EU and GCC regions as paid customers in those regions sign on.

  • TLS 1.3 minimum for all in-flight audio, transcript, and webhook traffic
  • AES-256 at rest with per-tenant key isolation. Recordings never share a key across customers.
  • US data residency by default; EU and GCC residency activated on first paid customer per region
  • Customer-controlled retention windows from 0 days (no recording) to 365 days, set per agent

Human-in-the-loop on sensitive topics

Fiqh questions, ambiguous refusals, sensitive donor conversations. Every one logged and routed to a human reviewer.

Akhi recognizes the categories where an agent should not answer alone: religious rulings, donor disputes, refusal-policy edge cases, anything flagged by the customer as escalation-only. In each case, the agent captures the question, returns a callback promise, and routes the case to your designated reviewer with the full transcript and context attached. Every deferral is logged for your records and the auditor's.

  • Customer-defined escalation list per agent: fiqh, donor disputes, refunds, anything you choose
  • Agent returns a dignified callback promise in-language, never a brushoff
  • Full transcript, language, sentiment, and context handed to the reviewer in your CRM or email
  • Every deferral logged and exportable for your audit trail

Akhi never gives fatwas

Every religious ruling defers to your imam or scholar. We never ship updates that loosen this.

Akhi is not a mufti. Akhi is not an imam. On every fiqh question (zakat eligibility, prayer-time edge cases, halal-ingredient rulings, marriage and family rulings, anything that crosses into religious authority), Akhi defers, logs, and hands off. This is a permanent product invariant. There is no premium tier where this changes. There is no enterprise contract where we let you turn it off. We agree with Al-Azhar (2026-02-10) and Egypt's Dar al-Ifta (2026-04-07): AI is for ops, not for deen.

  • Akhi defers to your designated imam or scholar on every religious ruling
  • Deferral is logged with the question text, the language, and the caller context
  • Customers can configure who the deferral routes to, but cannot disable the deferral itself
  • We will never ship a release that loosens this. It is in our system prompts and our contracts.
  • Al-Azhar Fatwa Authority and Egypt's Dar al-Ifta have publicly ruled AI tafsir/fatwa impermissible. Our product invariant matches the scholarly position.

T&C-gated outbound

Every uploaded phone list requires consent confirmation. Every campaign logs callability provenance. Legal blast radius is zero by design.

Outbound voice campaigns are the highest-risk surface in this product, and we treat them that way. Every uploaded list passes through a consent-confirmation step that captures who the numbers belong to, how consent was obtained, and when. Every campaign keeps that provenance attached. If a list fails consent confirmation, the campaign refuses to run. The agent cannot dial.

  • Consent-confirmation checkbox required at upload, with provenance log retained for the contract life
  • Per-number callability metadata stored alongside the contact record (DNC lists, time-zone bounds, opt-out history)
  • Outbound campaigns refuse to run on lists missing provenance. The failure is loud, not silent.
  • Customer can export the full provenance log on demand for legal review or audit

No impersonation, no dark patterns

Voice clones are opt-in only, labeled in transcripts, and never used to claim a human is on the line.

When asked, Akhi confirms it is an AI voice agent. Custom voice clones (built from a brief recorded sample) are opt-in only and require an explicit consent record from the person whose voice is cloned. Clones are labeled in every transcript. Akhi never claims to be a human. Akhi never says "the imam asked me to call" unless the imam actually asked.

  • Akhi identifies as an AI voice agent when a caller asks. Honest by default, never evasive.
  • Voice cloning is opt-in only, requires recorded consent from the source speaker, and is labeled in transcripts
  • No "the imam asked me to call" framing unless your imam actually authorized the campaign and we have proof
  • No urgency manipulation, no false-scarcity scripts, no pressure tactics in any agent template we ship

Where the data goes

A call moves through four hops. Every one is encrypted.

The shortest version of the data-flow story: caller dials in, Akhi answers, the structured outcome lands in your CRM, and the recording sits in encrypted storage until the retention window you set runs out, or you delete it sooner.

01

Caller → Telephony

Twilio, Plivo, SIP, or your existing provider. TLS-encrypted media. Akhi never sees your provider credentials.

02

Telephony → Akhi voice infrastructure

Audio streams to our voice runtime. Encrypted in transit. Turn boundaries match production-bar latency. No third-party LLM provider sees the call without your consent.

03

Akhi → Your CRM / webhook

Transcript, disposition, language, and structured fields delivered to the destination you configure. Webhook signatures verifiable. Retry on failure with idempotency keys.

04

Storage

Recordings and transcripts encrypted at rest with per-tenant keys. Customer-controlled retention. Export and delete via API at any time.

Access is auditable, not assumed

Customer admins, your designated reviewers, and a small Akhi engineering on-call rotation are the only roles that can access a given tenant's recordings or transcripts. Every access event is logged with actor, timestamp, and reason. The full audit log is exportable to you on request.

Compliance roadmap

Honest about what's true today.

Pre-launch posture: we don't claim a certification we don't have. Here's what's shipping today, what's in evaluation, and what's deliberately out of scope.

TLS 1.3 in transit · AES-256 at rest

Live today

Default for every customer, every call, every recording. No upgrade tier required.

GDPR-aligned posture · EU customer DPA on request

Live today

We treat EU customers as if GDPR applies regardless of the data subject's location. Standard DPA available before contract signing.

Customer-controlled data export and deletion

Live today

Export every recording, transcript, and metadata field via API. Delete on request: within 30 days for backups, immediately for live storage.

SOC 2 Type II · evaluation underway

Evaluation underway

Auditor selection planned for the early-access cohort. We don't claim SOC 2 until the report is signed.

EU and GCC data residency

Evaluation underway

Activated when the first paid customer in the region signs. We don't pre-build empty regions.

HIPAA · not in scope today

Not in scope today

We are not a healthcare voice AI vendor. If a future customer brings PHI into scope, we will document it explicitly before signing.

Reporting & transparency

If something goes wrong, you hear it from us first.

Pre-launch, we're writing the incident playbook before we'll need it. The promises below are what every customer contract will commit us to.

72-hour incident notification

Any security incident touching customer data triggers customer notification within 72 hours of detection.

Public post-mortem on every incident

Root cause, blast radius, remediation, timeline. Published, not hidden in a quarterly report.

We never sell or share customer data

No data sharing with third-party advertisers. No model training on your call data without explicit, opt-in consent. Default is no.

Subprocessor list, kept current

Telephony providers, transcription, voice synthesis, hosting. Updated within 30 days of any change.

Trust is built one contract at a time.

We're calling our first 30 customers personally. masjids, Muslim charities, halal businesses. The Trust Covenant on this page is what each of them signs. If your community deserves a voice agent that takes their data seriously, drop your number.

Halal-only platformEnd-to-end encryptionHuman review on sensitive topics