Legal

AI Transparency Statement

1. Introduction

This AI Transparency Statement is published to fulfill disclosure obligations under Article 50–54 of the EU Artificial Intelligence Act (EU AI Act). Synthflow AI is a provider of a no-code voice AI automation platform, enabling businesses to deploy AI agents that interact with users via natural voice conversations.

This document discloses key facts about how Synthflow AI’s AI systems operate, how data is used, and how users are protected.

2. Provider Identity

Organization: AgentFlow AI GmbH

Registered Address: Kurfürstendamm 15, 10719 Berlin, Germany

Website: https://synthflow.ai

3. Nature and Purpose of the AI System

Synthflow AI provides synthetic voice-based agents that automate inbound and outbound calls. These agents perform tasks such as appointment scheduling, lead qualification, data collection, reminders, and customer support triage. The system operates 24/7 with real-time audio generation, capable of supporting multiple languages and accents.

The purpose of this system is to automate repetitive human call-center tasks, improve operational efficiency, and reduce wait times for customers.

4. AI System Functionality

  • Powered by proprietary orchestration and models from OpenAI, ElevenLabs, Deepgram, and custom in-house logic.
  • Responds to voice input using real-time text-to-speech and ASR (automatic speech recognition).
  • Enables voice cloning and multilingual interactions in 50+ languages.
  • Integrated with third-party tools such as Zapier, HubSpot, Salesforce and Twilio.
  • System uses fallback logic, sentiment detection, and escalation triggers to transfer calls to a human when appropriate.

5. Human Interaction Disclosure

Users interacting with Synthflow AI’s system may hear a synthetic voice. This voice is not a human operator, and the system will disclose this at the start of every interaction with a statement such as:

“Hello, this is an AI assistant from [company name]. I’m not a human but I’m here to help you.”

This satisfies EU AI Act Article 50, which requires transparency of machine interactions.

6. Data Categories and Processing

Synthflow AI processes the following types of personal data in accordance with the GDPR and Synthflow’s Data Processing Agreement (DPA):

CategoryExamples
Audio & Voice DataCall recordings, speech-to-text transcripts
IdentifiersPhone number, caller ID, user metadata
Usage DataResponse times, interaction logs, sentiment signals
Optional CRM DataNames, appointment preferences, customer status (if integrated)

Data is used only for providing and monitoring the AI system and is deleted within 90 days unless otherwise agreed by contract.

7. Subprocessors & Hosting

Synthflow AI uses the following subprocessors, published and maintained at security.synthflow.ai:

  • Google Cloud Platform (hosting)
  • OpenAI (LLM)
  • Deepgram (speech-to-text)
  • ElevenLabs (text-to-speech)
  • Bubble.io (platform management)
  • Twilio (telephony infrastructure)

All data is hosted within the EU or under adequate safeguards.

8. Model Limitations & Risk Information

While Synthflow AI aims for high accuracy and low latency, limitations may exist:

  • Responses may be incomplete or misleading in rare cases (“hallucinations”).
  • Voice agents cannot provide legal, financial, or medical advice.
  • Unexpected behavior may occur with non-standard speech, sarcasm, or noisy environments.
  • Misclassification of tone or intent may lead to incorrect routing.

Mitigations:

  • Rule-based fallbacks
  • Call handoff to human agent
  • Testing under adversarial conditions

Outbound AI calls are only placed in jurisdictions where the customer has confirmed user consent is collected, per GDPR and national telecom laws. Synthflow AI provides support for opt-out management and consent flagging.

Example disclosure at call start:

“This is an AI-powered call from Synthflow. If you prefer to speak with a human, please say so.”

10. Rights of Individuals

Data subjects interacting with Synthflow AI systems can exercise their rights under GDPR, including:

  • Right to access data
  • Right to erasure (within 90-day retention policy)
  • Right to restrict or object to processing
  • Right to lodge a complaint with a supervisory authority

Requests should be directed to: privacy@synthflow.ai

11. Updates and Versioning

This statement is reviewed and updated regularly. The current version (v1.0) is effective from August 1, 2025.

Changes will be published at: https://synthflow.ai/ai-transparency