Critical Compliance Issue
Hey Vapi Team,
I just wanted to reach out about something that’s become a critical issue for my business.
I’ve built my entire voice assistant system on Vapi and honestly, I really enjoy the platform; it’s powerful, flexible, and exactly what I need. However, I work with EU-based clients, and because Vapi isn’t certified under the EU–U.S. Data Privacy Framework (DPF), I can’t legally continue using it to process personal data from those users.
I know GDPR compliance can be achieved through other means like SCCs, but since I don’t have a direct legal relationship with Vapi (no DPA or SCCs signed), the lack of DPF certification is currently a blocker. Unfortunately, this is forcing me to start transitioning to another platform that does offer those compliance guarantees — which I really don’t want to do.
I’m reaching out in the hope that DPF certification is either on your roadmap or being considered seriously. I’d love to stay on Vapi, but without a lawful transfer mechanism for EU data, it’s just not viable from a compliance standpoint.
Thanks — and I really hope this is something that can be resolved soon.
I just wanted to reach out about something that’s become a critical issue for my business.
I’ve built my entire voice assistant system on Vapi and honestly, I really enjoy the platform; it’s powerful, flexible, and exactly what I need. However, I work with EU-based clients, and because Vapi isn’t certified under the EU–U.S. Data Privacy Framework (DPF), I can’t legally continue using it to process personal data from those users.
I know GDPR compliance can be achieved through other means like SCCs, but since I don’t have a direct legal relationship with Vapi (no DPA or SCCs signed), the lack of DPF certification is currently a blocker. Unfortunately, this is forcing me to start transitioning to another platform that does offer those compliance guarantees — which I really don’t want to do.
I’m reaching out in the hope that DPF certification is either on your roadmap or being considered seriously. I’d love to stay on Vapi, but without a lawful transfer mechanism for EU data, it’s just not viable from a compliance standpoint.
Thanks — and I really hope this is something that can be resolved soon.
