Built for regulated industries.
Insurance runs on trust. Every AI decision Wayden makes is logged, explained, and auditable. Here's exactly how we protect your agency, your clients, and your E&O coverage.
Regulatory Compliance
Meeting every applicable standard
TCPA Compliance
Every AI-assisted call discloses itself as AI at the start of the conversation, including recording consent. State-specific 1-party and 2-party consent rules are applied automatically based on caller location.
- AI disclosure on every inbound and outbound call
- Recording consent captured before conversation begins
- State-level consent rules applied automatically
- DNC registry checked before every outbound call
- CAN-SPAM opt-out built into all outbound emails
Colorado AI Act (2026)
Wayden is designed to meet Colorado's high-risk AI requirements for insurance. Every AI decision includes a plain-language explanation, confidence score, and immutable audit trail.
- All AI decisions classified as high-risk under insurance use case
- Plain-language explanations for every agent action
- Confidence scores displayed on all recommendations
- Adverse action notices where required
- Annual algorithmic impact assessments planned
NAIC AI Bulletin
Wayden meets the NAIC Model AI Bulletin requirements adopted by 24+ states. Every decision above 80% confidence auto-executes; below that threshold, a human reviews before any action is taken.
- Transparent AI disclosure to policyholders on request
- Non-discriminatory algorithms — no protected class inputs
- Confidence < 80% triggers mandatory human-in-the-loop
- Bias testing on carrier matching and lead scoring
- Model governance documentation available on request
SOC 2 (Audit in Progress)
We are actively engaged in our SOC 2 Type II audit. Security controls are live. The full report will be available to Agency and Enterprise customers upon completion.
- SOC 2 Type II audit in progress with top-tier auditor
- Security controls live across all production systems
- Annual penetration testing by independent firm
- Report available under NDA during audit period
- Expected completion: Q3 2025
Data Security
How your data is protected
Encryption
- AES-256-GCM encryption for all data at rest
- TLS 1.3 for all data in transit
- Phone tokens encrypted with per-agency keys
- OAuth tokens encrypted server-side, never stored in plaintext
Isolation & Retention
- Per-agency data isolation — no cross-tenant data access
- Call recordings retained for 90 days, then deleted
- PII redacted from training data and logs
- 30-day data deletion on account closure (upon request)
Access Control
- Role-based access control (RBAC) with principle of least privilege
- MFA enforced for all admin accounts
- All access logged and audited
- Zero standing access to production for engineers
8 things Wayden AI will never do
These are hard-coded prohibitions enforced at the model layer. No setting or configuration can enable them. They protect your E&O coverage.
Wayden AI never tells a caller whether a claim is covered or will be paid.
Policy interpretation requires a license. AI describes, never interprets.
No AI action or statement can constitute a binding commitment.
AMS data may be stale. Wayden never confirms premium amounts as authoritative.
AI routes FNOL to your team and the carrier. It never advises on claims.
AI never references other carriers or agencies to avoid misrepresentation.
Caller must be identified before any personal information is shared.
Recording never starts until consent is captured per applicable state law.
Every decision is recorded and explainable
Every AI action generates an immutable audit record. Colorado AI Act, NAIC transparency requirements, and your own E&O carrier will all find what they need.
For E&O carriers and state regulators: Full audit logs are exportable on demand. Wayden maintains logs for a minimum of 7 years. Logs are immutable — no agent or user can modify a record after the fact. Contact compliance@waydenai.com for audit requests.