LYRAA
Acceptable Use Policy
Cookie Policy
Data Processing Agreement
AI Disclosure Policy + Call Opening Scripts
The AI receptionist that actually sounds human.
Version 1.0
Effective: 20 April 2026
A Hyperion Tech product · Melbourne, Australia
ABN 20 646 814 048
DOCUMENT 01
Acceptable Use Policy
This policy sets out the boundaries of how Lyraa may be used. It is incorporated into the Terms of Service and applies to every Customer, user, and Caller on the platform.
| Applies to | All Lyraa Customers and authorised users |
| Incorporated by | Terms of Service, clause 7 |
| Enforcement | Account suspension or termination, with or without notice |
| Contact | info@lyraa.io |
| Version | 1.0 · Effective 20 April 2026 |
| SUMMARY IN PLAIN ENGLISH
Don’t use Lyraa to break the law, harass people, scam callers, send spam, handle sensitive regulated industries we don’t support, or abuse our platform. If we find you doing any of these, we’ll suspend or terminate your account. You’re responsible for what callers hear — Lyraa is the tool, you are the operator. |
- Purpose
1.1 This Acceptable Use Policy (AUP) governs your use of the Lyraa Service. It is incorporated into the Terms of Service by reference and applies to all Customers, authorised users, and any person acting on behalf of a Customer.
1.2 Capitalised terms used in this AUP have the meanings given in the Terms of Service unless defined here.
1.3 We may update this AUP from time to time. Material updates will be notified to Customers by email at least thirty (30) days before they take effect.
- Prohibited conduct
You must not use the Service, nor permit anyone to use the Service on your behalf, for any of the following:
2.1 Illegal activity
- Any activity that violates Australian law or the law of any jurisdiction in which Callers are located.
- Fraud, misrepresentation, impersonation, or deceptive practices.
- Money laundering, terrorism financing, or sanctions evasion.
- Infringement of any intellectual property, privacy, publicity, or contractual right of any third party.
2.2 Prohibited industries
- Adult entertainment, sexually explicit services, escort services, or any service marketed on the basis of sexual content.
- Gambling, wagering, online casinos, betting, sweepstakes, or lottery services, including promotional services for any of the foregoing.
- Any industry or service that violates the laws of Australia or the jurisdiction of the Caller.
2.3 Harmful content and behaviour
- Harassment, threats, intimidation, abuse, or stalking of any person.
- Hate speech, content that promotes or incites violence or discrimination based on race, religion, ethnicity, gender, sexual orientation, disability, or any other protected characteristic.
- Content that is defamatory, obscene, or intended to cause emotional distress.
- Promotion of self-harm, suicide, or eating disorders.
2.4 Unsolicited communications
- Sending unsolicited commercial electronic messages (spam) in breach of the Spam Act 2003 (Cth) or analogous laws.
- Cold-calling numbers listed on the Do Not Call Register except where an exemption applies.
- Robocalling, automated outbound dialling, or power dialling beyond the scope expressly supported by the Service.
- Failing to honour opt-out or unsubscribe requests.
2.5 Platform abuse
- Attempting to access any account, system, or data you are not authorised to access.
- Probing, scanning, or testing the vulnerability of the Service or any system or network.
- Bypassing or attempting to bypass any security, rate-limiting, or usage measure.
- Reverse engineering, decompiling, or creating derivative works of the Service except as permitted by law.
- Using the Service to build a competing product or service.
- Transmitting viruses, worms, trojans, or other malicious code.
- Overloading the Service with excessive requests, calls, or data that degrades performance for other Customers.
- Using automation, scripts, or bots to interact with the Service except via published APIs.
2.6 Misrepresentation
- Representing yourself as a person or organisation you are not.
- Configuring Lyraa to impersonate any natural person, including staff of a competitor, a government authority, or a financial institution.
- Configuring Lyraa to deny that it is an AI when directly and sincerely asked by a Caller, except where expressly permitted by applicable law.
2.7 Data scraping and enrichment
- Collecting, harvesting, or scraping information about Callers beyond what is necessary to respond to their enquiry.
- Using information collected through the Service to build a database for resale, targeted advertising, or profiling unrelated to the Caller’s original enquiry.
- Enriching Caller data with information from third-party data brokers without a lawful basis and appropriate disclosure.
- Call conduct requirements
3.1 You are responsible for the content and conduct of every call handled by Lyraa on your behalf. This includes legal compliance, professionalism, accuracy of information provided, and adherence to any industry code of conduct applicable to your business.
3.2 You must ensure Lyraa has accurate information about your services, pricing, availability, and policies. Misleading or deceptive representations made by Lyraa on your behalf may result in liability under the Australian Consumer Law.
3.3 Where any law in the Caller’s jurisdiction requires disclosure that a call is handled by an AI assistant, that the call is being recorded, or that the Caller’s data is being processed, you must configure the Service to provide that disclosure. Our AI Disclosure Policy and opening script options are provided to help you comply.
- Consent obligations
4.1 You warrant that you have obtained, or will obtain before the call, all consents required under applicable law for: (a) the use of an AI assistant to handle the call; (b) recording of the call; (c) transcription and processing of the call; and (d) disclosure of Caller Personal Information to us as a service provider.
4.2 In Australia, call recording is regulated at the State and Territory level. In Victoria, New South Wales, Western Australia, and the Australian Capital Territory, the consent of all parties is generally required. In Queensland, South Australia, Tasmania, and the Northern Territory, single-party consent generally applies. You must configure the Service appropriately for each jurisdiction.
4.3 Where Callers are located outside Australia, additional consent obligations may apply. You are responsible for identifying and complying with those obligations.
- Fair use
5.1 The Service is provided on the basis of the usage allowance of your chosen plan. Excessive use that materially degrades Service performance for other Customers, even if within the nominal allowance, may be considered unfair use.
5.2 We may, at our discretion, throttle, suspend, or migrate Accounts that engage in patterns of unfair use. Where possible, we will notify the Customer and allow reasonable time to remedy the pattern.
- Investigation and enforcement
6.1 We may investigate suspected violations of this AUP. During an investigation we may: (a) review Account activity and call metadata; (b) review call recordings and transcripts, limited to the minimum necessary; (c) suspend Account access temporarily; and (d) contact the Customer for information.
6.2 If we determine that a violation has occurred, we may take any or all of the following actions without further notice: (a) warn the Customer; (b) impose usage restrictions; (c) remove or disable specific content or configurations; (d) suspend the Account; (e) terminate the Account; (f) report the violation to law enforcement or regulatory authorities; and (g) retain data as required by law.
6.3 Where a violation poses an imminent risk of harm, legal liability, or material reputational damage to us or to third parties, we may take immediate action without prior notice.
- Reporting violations
7.1 If you believe a Customer or user of the Service is violating this AUP, please report the matter to info@lyraa.io with relevant details. We treat all reports confidentially and investigate in good faith.
- Legal notices and requests from authorities
8.1 We cooperate with lawful requests from Australian and foreign authorities in accordance with applicable law. Requests for Customer Data should be directed to info@lyraa.io and must specify the legal basis for the request.
8.2 Where permitted by law, we will notify the affected Customer of any request for their data before disclosure.
This Acceptable Use Policy was last updated on 20 April 2026. Version 1.0.
DOCUMENT 02
Cookie Policy
This policy explains how Lyraa uses cookies and similar technologies on lyraa.io and our customer dashboard, and what your choices are.
| Applies to | lyraa.io and app.lyraa.io |
| Related policy | Privacy Policy |
| Governing law | Privacy Act 1988 (Cth) and GDPR where applicable |
| Consent basis | Consent for non-essential cookies via our cookie banner |
| Version | 1.0 · Effective 20 April 2026 |
| SUMMARY IN PLAIN ENGLISH
We use cookies to make the site work, remember your preferences, and understand how the site is used. You can accept all, reject non-essential, or customise at any time via the cookie banner or your browser settings. We do not use advertising cookies or cross-site tracking. |
- What are cookies
1.1 Cookies are small text files placed on your device by a website you visit. Similar technologies include web beacons, pixels, local storage, and session storage (together, cookies in this Policy).
1.2 Cookies are used to operate the site, remember preferences, understand how the site is used, and in some cases to show advertising. This Policy explains exactly which categories we use and which we do not.
- Categories of cookies we use
2.1 Strictly necessary cookies. Required for core functionality such as authentication, session management, security, and load balancing. These cookies cannot be turned off as the Service will not function without them. No consent is required under Australian or EU law for strictly necessary cookies.
2.2 Functional cookies. Used to remember your preferences, such as language, display settings, and whether you have dismissed notifications. These improve your experience but are not strictly necessary.
2.3 Analytics cookies. Used to understand how visitors interact with our website so that we can improve it. We use Google Analytics with IP anonymisation enabled. Analytics cookies set only after you grant consent via our cookie banner.
2.4 Advertising and tracking cookies. We do not currently use advertising cookies, retargeting pixels, cross-site tracking, or similar technologies. If we add any such technology in the future, we will update this Policy, update the cookie banner, and request fresh consent.
- Cookies we set
The following cookies may be set when you visit our website and dashboard. We maintain this list and update it when our cookie usage changes.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| lyraa_session | Lyraa | Authenticated session token. Strictly necessary. | Session |
| lyraa_csrf | Lyraa | CSRF protection token. Strictly necessary. | Session |
| lyraa_cookie_consent | Lyraa | Stores your cookie consent choices. | 12 months |
| lyraa_prefs | Lyraa | Stores UI preferences such as theme and language. | 12 months |
| _ga | Google Analytics | Distinguishes unique visitors. Analytics only. | 24 months |
| _ga_* | Google Analytics | Maintains session state for a specific property. | 24 months |
| _gid | Google Analytics | Distinguishes unique visitors within 24 hours. | 24 hours |
The exact names and durations of cookies may change if the underlying technology is updated. The up-to-date list is available at lyraa.io/legal/cookies.
- Your choices
4.1 On your first visit to our website, our cookie banner offers three options: Accept all, Reject non-essential, and Customise. Your choice is stored in a cookie and honoured on subsequent visits.
4.2 You can change your cookie preferences at any time by clicking the Cookie Preferences link in the website footer or by clearing your browser cookies to trigger the banner again.
4.3 Most browsers allow you to block or delete cookies via browser settings. Blocking strictly necessary cookies may prevent you from logging in or using the Service.
4.4 You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on at tools.google.com/dlpage/gaoptout.
- International visitors
5.1 If you visit our website from the European Union, the United Kingdom, or another jurisdiction with stricter cookie consent rules than Australia, our cookie banner will apply those stricter rules. Non-essential cookies will not be set until you have given affirmative consent.
- Updates to this policy
6.1 We may update this Cookie Policy from time to time. Material changes will be notified via a banner on our website for at least thirty (30) days after the update.
- Contact
Questions about cookies or this Policy can be directed to info@lyraa.io.
This Cookie Policy was last updated on 20 April 2026. Version 1.0.
DOCUMENT 03
Data Processing Agreement
This DPA governs the processing of Personal Data by Lyraa on behalf of the Customer. It forms part of the Terms of Service and is executed when a Customer requires written data protection commitments — typically for GDPR or UK GDPR compliance.
| Data Processor | Hyperion Tech Pty Ltd (ABN 20 646 814 048) |
| Data Controller | The Customer (as defined in the Terms of Service) |
| Applicable law | GDPR 2016/679, UK GDPR, Privacy Act 1988 (Cth) |
| Data location | Amazon Web Services, Sydney, Australia (ap-southeast-2) |
| International transfers | Standard Contractual Clauses apply where recipient is in a non-adequate jurisdiction |
| Version | 1.0 · Effective 20 April 2026 |
| HOW THIS DPA WORKS
Every Lyraa Customer accepts this DPA as part of the Terms of Service. Enterprise customers who need a signed copy can request one from info@lyraa.io. This template is the authoritative version. No customer-specific amendments are made without written sign-off from both parties. |
- Parties and scope
1.1 This Data Processing Agreement (DPA) is entered into between Hyperion Tech Pty Ltd (ABN 20 646 814 048), a company registered in Australia trading as Lyraa (Processor, we, us, our), and the Customer who has entered into the Terms of Service (Controller, you, your).
1.2 This DPA applies to the processing of Personal Data by the Processor on behalf of the Controller in connection with the Lyraa Service.
1.3 Where there is any conflict between the Terms of Service and this DPA on matters of data protection, this DPA prevails.
- Definitions
In this DPA, the following terms have the meanings given in the GDPR: Personal Data, Processing, Data Subject, Controller, Processor, Sub-Processor, Supervisory Authority, and Personal Data Breach. Other capitalised terms have the meanings given in the Terms of Service.
- Subject matter and duration
3.1 Subject matter. Processing of Personal Data by the Processor for the purpose of providing the Lyraa Service to the Controller.
3.2 Duration. This DPA applies for the term of the Terms of Service and survives termination to the extent necessary to comply with legal obligations and to delete or return Personal Data.
3.3 Nature and purpose. The Processor provides an AI voice receptionist service. Processing includes: receiving, recording, and transcribing calls; generating call summaries and analytics; booking appointments; sending follow-up communications; storing and organising Personal Data within the Controller’s account; and enabling the Controller to export, correct, or delete data.
3.4 Types of Personal Data. Names, contact details (phone, email, address), voice recordings, call transcripts, booking information, free-text enquiry content, and any other Personal Data a Data Subject provides during a call.
3.5 Categories of Data Subjects. Customers of the Controller, prospective customers, and any other person who calls or otherwise contacts a phone number handled by the Service on behalf of the Controller.
- Processor obligations
4.1 The Processor shall process Personal Data only on the documented instructions of the Controller, as set out in the Terms of Service, this DPA, and any further written instructions agreed between the parties.
4.2 The Processor shall ensure that persons authorised to process Personal Data have committed themselves to confidentiality or are under appropriate statutory obligations of confidentiality.
4.3 The Processor shall implement appropriate technical and organisational measures as set out in Annexure 2.
4.4 The Processor shall not use Personal Data for its own purposes, including not using Personal Data to train or fine-tune any artificial intelligence or machine-learning model, and shall ensure that its Sub-Processors do not do so.
4.5 The Processor shall assist the Controller in responding to requests from Data Subjects, including requests for access, rectification, erasure, restriction of processing, data portability, and objection.
4.6 The Processor shall assist the Controller in ensuring compliance with obligations in respect of Personal Data Breach notifications, data protection impact assessments, and prior consultation with Supervisory Authorities.
4.7 At the Controller’s choice, the Processor shall delete or return all Personal Data at the end of the provision of services, and delete existing copies except where retention is required by law.
4.8 The Processor shall make available to the Controller all information necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by the Controller or an auditor mandated by the Controller.
- Sub-processors
5.1 The Controller grants the Processor general authorisation to engage the Sub-Processors listed in Annexure 3 and any additional Sub-Processors notified to the Controller in accordance with this clause.
5.2 The Processor shall inform the Controller of any intended changes concerning the addition or replacement of Sub-Processors with at least thirty (30) days’ written notice.
5.3 Where the Controller reasonably objects to a new Sub-Processor on legitimate data protection grounds, the parties will discuss alternatives. If no agreement is reached, the Controller may terminate the affected Service without penalty.
5.4 The Processor shall impose on each Sub-Processor written data protection obligations substantially equivalent to those set out in this DPA.
5.5 The Processor remains fully liable to the Controller for the performance of each Sub-Processor’s obligations.
- International transfers
6.1 Personal Data is stored in the Amazon Web Services Sydney region (ap-southeast-2).
6.2 Where Sub-Processors are located outside the European Economic Area or the United Kingdom, transfers of Personal Data are made in compliance with Chapter V of the GDPR, including the Standard Contractual Clauses adopted by the European Commission (Commission Implementing Decision (EU) 2021/914) or the International Data Transfer Addendum to the EU Standard Contractual Clauses issued by the UK Information Commissioner’s Office.
6.3 The Standard Contractual Clauses are incorporated into this DPA by reference. Module Two (Controller to Processor) applies. Where onward transfers are made to Sub-Processors, Module Three (Processor to Sub-Processor) applies between the Processor and the Sub-Processor.
- Personal Data Breach
7.1 The Processor shall notify the Controller without undue delay, and in any event within seventy-two (72) hours, after becoming aware of a Personal Data Breach affecting the Controller’s Personal Data.
7.2 The notification shall describe the nature of the breach, categories and approximate numbers of affected Data Subjects and records, the likely consequences, and the measures taken or proposed to address the breach and mitigate harm.
7.3 The Processor shall assist the Controller with notifications to Supervisory Authorities and Data Subjects to the extent required by law.
- Data Subject rights
8.1 The Processor shall, taking into account the nature of processing and to the extent possible, assist the Controller by appropriate technical and organisational measures for the fulfilment of the Controller’s obligation to respond to requests from Data Subjects exercising their rights.
8.2 The Controller is responsible for identifying and verifying Data Subjects exercising their rights. The Processor will action requests relayed by the Controller via the Account.
- Return and deletion
9.1 On termination of the Terms of Service, the Controller may export Personal Data from the Account in a machine-readable format for six (6) months.
9.2 After that six (6) month period, the Processor shall delete or de-identify all Personal Data held on behalf of the Controller, except where retention is required by applicable law or where data has been lawfully anonymised and cannot be linked back to any Data Subject.
- Liability
10.1 The liability of each party under this DPA is subject to the limitations of liability set out in the Terms of Service. Nothing in this DPA limits any liability that cannot be excluded or limited under applicable law.
- Order of precedence
11.1 In the event of inconsistency, the following order of precedence applies: (a) the Standard Contractual Clauses; (b) this DPA; (c) the Terms of Service.
- Governing law
12.1 Except where the Standard Contractual Clauses require otherwise, this DPA is governed by the laws of the State of Victoria, Australia.
ANNEXURE 1
Details of processing
| Subject matter | Provision of the Lyraa AI voice receptionist Service |
| Duration | For the term of the Terms of Service, plus a six-month retention period |
| Nature of processing | Recording, transcription, storage, analysis, summarisation, booking, follow-up, and integration with third-party tools authorised by the Controller |
| Purpose | Enabling the Controller to receive and respond to inbound calls from Data Subjects |
| Personal Data | Names, contact details, voice recordings, transcripts, free-text enquiry content, booking data, call metadata |
| Data Subjects | Callers to phone numbers handled by the Controller’s account |
| Frequency | Continuous, for the duration of the Terms of Service |
ANNEXURE 2
Technical and organisational measures
The Processor implements the following technical and organisational measures to protect Personal Data:
- Encryption of data in transit using Transport Layer Security (TLS) version 1.2 or higher.
- Encryption of data at rest using AES-256.
- Role-based access control with the principle of least privilege.
- Multi-factor authentication for all administrative access to systems processing Personal Data.
- Logging and monitoring of access to systems processing Personal Data.
- Regular vulnerability scanning and, at least annually, independent penetration testing.
- Secure software development lifecycle including code review and automated security testing.
- Documented incident response and Personal Data Breach notification procedures.
- Confidentiality obligations for all personnel with access to Personal Data.
- Background checks for personnel in roles with access to Personal Data, subject to applicable law.
- Business continuity and disaster recovery plans, tested at least annually.
- Data segregation between Customers at the application layer.
ANNEXURE 3
Authorised Sub-Processors
| Amazon Web Services | Hosting, storage, compute, database services · Sydney, Australia |
| Twilio Inc. | Telephony, SMS, voice connectivity · United States (with AU PoPs) |
| ElevenLabs Inc. | AI voice synthesis and text-to-speech · United States |
| Stripe Payments Australia | Subscription billing and payment processing · Australia |
| Google LLC | Website analytics via Google Analytics · United States |
The current list is maintained at lyraa.io/legal/subprocessors. Any changes are notified in accordance with clause 5.2 of this DPA.
This Data Processing Agreement was last updated on 20 April 2026. Version 1.0.
DOCUMENT 04
AI Disclosure Policy
Lyraa is an AI voice receptionist. Honesty about that fact is a matter of both ethics and law. This policy sets out our principles and the disclosure options we provide to Customers.
| Applies to | All calls handled by the Lyraa Service |
| Legal framework | EU AI Act · Privacy Act 1988 (Cth) · State-level call recording laws · ACMA Telecommunications Consumer Protections Code |
| Customer responsibility | Select and configure an appropriate disclosure for each jurisdiction in which Callers are located |
| Default stance | Disclosure recommended on every call; mandatory in high-risk configurations |
| Version | 1.0 · Effective 20 April 2026 |
| OUR POSITION
We believe Callers deserve to know they are speaking with AI. Our Service does not deceive Callers about its nature. Lyraa will always confirm it is an AI assistant when a Caller directly and sincerely asks. Customers may choose how proactively to disclose — but they may not configure Lyraa to deny it is AI. |
- Principles
1.1 Non-deception. Lyraa does not deceive Callers about its fundamental nature. When a Caller directly and sincerely asks whether they are speaking with a human or an AI, Lyraa truthfully discloses that it is an AI assistant. This behaviour is hard-coded and cannot be disabled by the Customer.
1.2 Proactive disclosure. We believe proactive disclosure at the start of every call is best practice. It builds trust, meets emerging legal requirements, and aligns with the expectations of modern consumers.
1.3 Customer choice within limits. Customers may choose the specific wording and timing of disclosure, subject to a minimum standard we enforce. Customers may not opt out of disclosure when required by law in the Caller’s jurisdiction.
1.4 Legal compliance. Where any law — including the EU AI Act, GDPR, UK GDPR, US state consumer protection laws, or Australian state call-recording legislation — requires specific disclosure, we enforce that disclosure automatically or block configuration that would breach it.
- Legal framework
2.1 European Union — EU AI Act. Article 50 of the EU AI Act requires operators of AI systems that interact with natural persons to ensure those persons are informed that they are interacting with an AI system, unless this is obvious from the circumstances. Where any Caller may be located in the EU, proactive disclosure is mandatory and cannot be disabled.
2.2 United Kingdom. The UK ICO’s emerging guidance on AI systems aligns closely with the EU AI Act. We apply EU-level disclosure rules to UK Callers.
2.3 Australia — Privacy Act and APPs. The Privacy Act does not currently mandate specific AI disclosure language. However, the Office of the Australian Information Commissioner has issued guidance that use of AI to process Personal Information should be transparent and disclosed at or before collection. Customers should treat proactive disclosure as best practice in Australia even where not strictly required.
2.4 Australia — call recording laws. Call recording is regulated at the State and Territory level in Australia. In Victoria, New South Wales, Western Australia, and the Australian Capital Territory, the consent of all parties is generally required to record a call. In Queensland, South Australia, Tasmania, and the Northern Territory, single-party consent generally applies. Customers must configure the Service appropriately for the jurisdiction of each Caller.
2.5 Industry codes. Additional disclosure obligations may apply in regulated industries including financial services, legal services, healthcare, and debt collection. Customers operating in such industries must identify and comply with their industry-specific obligations.
- Disclosure configurations
3.1 Customers choose one of the following disclosure configurations during onboarding. The configuration applies to every inbound call handled by the Service unless the Customer specifies jurisdiction-specific overrides.
3.2 Configuration A — Full proactive disclosure. Lyraa opens every call by identifying itself as an AI assistant and stating that the call is being recorded. This is the recommended configuration and is mandatory where Callers may be in the EU or UK.
3.3 Configuration B — Recording disclosure only. Lyraa opens every call by stating that the call is being recorded, but does not proactively identify itself as AI. Lyraa will still identify itself as AI if a Caller directly asks. Available in Australia where single-party consent applies or where all-party consent is obtained through a prior agreement.
3.4 Configuration C — Identity disclosure only. Lyraa opens every call by identifying itself as an AI assistant but does not announce that the call is being recorded. Available only where recording is excluded by the Customer or where recording is covered by separate arrangements.
3.5 Configuration D — Minimal disclosure. Lyraa greets the Caller without proactive AI or recording disclosure. Lyraa still identifies itself as AI if the Caller directly asks. This configuration is available only where the Customer has obtained all required consents through prior agreements with the Caller and where no law in the Caller’s jurisdiction mandates proactive disclosure. This configuration is not available for calls that may be from EU or UK Callers.
- Customer obligations
4.1 Selecting an appropriate configuration. The Customer is responsible for selecting a configuration that complies with all applicable laws in every jurisdiction from which Callers may call. Where in doubt, select Configuration A.
4.2 Prior consents. Where the Customer relies on prior consents (for example, through signed terms of engagement with their own customers), the Customer warrants that those consents are valid, current, and cover the processing Lyraa performs.
4.3 Jurisdictional overrides. Customers may configure jurisdiction-specific disclosures if they can accurately determine the Caller’s jurisdiction. Where jurisdiction cannot be determined reliably, the most stringent applicable disclosure must be used.
4.4 Indemnity. The Customer indemnifies us against any claim, fine, or liability arising from an inappropriate disclosure configuration selected or maintained by the Customer.
- Enforcement
5.1 We enforce the following minimum standards regardless of Customer configuration. Attempting to bypass these standards is a material breach of the Terms of Service.
- Lyraa will always identify itself as AI when a Caller directly and sincerely asks. This cannot be disabled.
- Lyraa will never claim to be a specific named human or to be human when asked.
- Lyraa will not imitate the voice of a specific natural person without that person’s express written consent and our review.
- Where Callers may be in the EU or UK, proactive disclosure is enforced automatically and cannot be disabled.
- Updates
6.1 AI regulation is evolving rapidly. We review this Policy quarterly and may update it in response to legal, regulatory, or industry developments. Customers will be notified of material updates and may be required to re-select a configuration.
CALL OPENING SCRIPTS
Approved opening scripts
These scripts are the authoritative opening messages Lyraa plays based on the disclosure configuration selected by the Customer. Scripts are delivered in the Customer’s configured voice, region-appropriate accent, and adjusted for the Customer’s business name.
Configuration A — Full proactive disclosure
Required for calls where any Caller may be located in the EU or UK. Recommended for all calls as the default.
| A1 · STANDARD
“Hi, you’ve reached [Business Name]. This is an AI assistant, and this call is being recorded to help us serve you better. How can I help today?” 14 words of disclosure before the open question. Clear, warm, businesslike. Default recommendation. |
| A2 · WARM AND CASUAL
“Hey, thanks for calling [Business Name]. Quick heads-up — I’m an AI assistant, and we record calls to keep things accurate. What can I help you with?” For businesses with informal brand voice. Same disclosure content, friendlier register. |
| A3 · FORMAL
“Good morning, you have reached [Business Name]. Please be advised that this call is being handled by an AI assistant and is being recorded. How may I assist you?” For professional services, financial, legal, or healthcare clients where register matters. |
| A4 · AFTER-HOURS
“Hi, you’ve reached [Business Name] after hours. This is an AI assistant and the call is being recorded. I can take your details or book you in — how can I help?” Sets expectation that the Customer’s team is not live. Default after-hours script. |
Configuration B — Recording disclosure only
Available in Australia where all-party consent is required for recording but the Customer has elected not to proactively disclose AI.
| B1 · STANDARD
“Hi, you’ve reached [Business Name]. This call is being recorded. How can I help today?” Shortest compliant opening for all-party-consent Australian states. Neutral register. |
| B2 · WARM
“Hey, thanks for calling [Business Name]. Just so you know, we record calls for quality and record-keeping. What can I help you with?” Softens the disclosure with context. Recommended for trades and service businesses. |
Configuration C — Identity disclosure only
Available where the Customer has disabled recording or where recording is covered by separate arrangements.
| C1 · STANDARD
“Hi, you’ve reached [Business Name]. I’m an AI assistant — happy to help. How can I assist you today?” Identity disclosure without recording notice. Suitable for intake-only workflows. |
Configuration D — Minimal disclosure
Available only where the Customer has obtained all required consents through prior agreements. Not available for calls that may come from EU or UK Callers.
| D1 · STANDARD GREETING
“Hi, you’ve reached [Business Name]. How can I help you today?” Standard business greeting. Lyraa will still identify itself as AI if asked. |
Direct-question responses
These responses are triggered when a Caller directly asks whether they are speaking with a human or an AI. They apply across all configurations, including Configuration D, and cannot be disabled.
| Q1 · “AM I SPEAKING WITH A REAL PERSON?”
“Good question — I’m an AI assistant for [Business Name]. I can still help with bookings, quotes, and most enquiries. Would you like me to have a team member call you back instead?” Honest disclosure followed by a helpful alternative. Never lies or deflects. |
| Q2 · “IS THIS A RECORDED CALL?”
“Yes, we record calls so we can serve you better. Is that okay with you?” Confirms recording and offers Caller an opt-out moment. |
| Q3 · “ARE YOU A BOT?”
“I’m an AI assistant, yes. I can help with a lot of things — what were you hoping to sort out today?” Plain acknowledgement, redirects to utility. |
Industry-specific openers
Industry-specific openers are built on top of the base configuration. They add context but do not weaken disclosure.
| TRADE SERVICES (PLUMBER, ELECTRICIAN, HVAC)
“Hi, you’ve reached [Business Name]. This is an AI assistant and the call is recorded. If it’s an emergency, I can get someone to you today — otherwise I can book you in. What’s going on?” Combines Configuration A with emergency triage. Default for trades. |
| CLINIC (DENTAL, MEDICAL, ALLIED HEALTH)
“Good morning, [Clinic Name]. This call is handled by an AI assistant and is being recorded. I can book, reschedule, or pass a message to the practice. How can I help?” Formal register for clinical settings. Does not provide medical information — always hands off. |
| PROFESSIONAL SERVICES (LEGAL, ACCOUNTING)
“You have reached [Firm Name]. Please be advised this call is handled by an AI assistant and is being recorded. For confidential matters I will arrange a direct call back with the relevant professional. How may I assist?” Formal register. Does not accept privileged or confidential information — redirects. |
| REAL ESTATE AGENCY
“Hi, [Agency Name]. I’m an AI assistant and this call is being recorded. I can help with property enquiries, open-home bookings, or connect you with an agent. What were you after?” Broad intake options. Recommended for inbound lead capture. |
This AI Disclosure Policy and script library was last updated on 20 April 2026. Version 1.0.