Skip to content
tarıtas

Live in production · enterprise deployments

Enterprise voice AI

Voice AI that holds up in production and in procurement.

Taritas builds and operates voice AI for regulated enterprises on infrastructure you control: your cloud, your region, your audit trail. Deployments are pinned to your data-residency requirements, encrypted in transit and at rest, and built to HIPAA and GDPR-ready architectures, with SLA-defined operation once they are live. We build on LiveKit with your choice of Claude, GPT, or open-source models, not a reseller wrapper on someone else’s platform.

Book a partner conversation Request the security pack
Procurement

What your security team asks, and what we hand them.

Most voice AI dies in procurement, not production. These are the questions an enterprise security and compliance review asks, with the artifact or answer we provide before contract.

Where does call audio and transcript data live?
Pinned to your cloud and your region at deployment, and written into the residency architecture we hand your security team.
How long is anything kept, and who enforces it?
A configurable retention schedule, written down and enforced in code, not in a policy slide.
Can we see exactly what the agent did?
Every call and every action, logged and queryable. The audit trail is the artifact your review reads.
Who else touches the data?
A subprocessor map covering every component and every data path, handed over before contract.
Is the data encrypted?
Encrypted in transit and at rest. Processing stays inside your cloud boundary, so plaintext audio never leaves the region.
What is the SLA once it is in production?
Call-quality monitoring, failure handling, and an SLA-defined response under managed services. Terms are set per deployment.
What happens if Taritas disappears?
You own the IP and the accounts it runs in. The documentation is written for a team that has never met us.
Security posture

Engineered to pass the review, not to market around it.

Security here is a set of practices and artifacts, described as engineering posture, never as a certification we do not hold.

  • Encrypted in transit and at rest, with processing kept inside your cloud boundary.
  • Residency pinned to your cloud and region at deployment, and documented.
  • A retention schedule enforced in code, not in a policy deck.
  • Every call and every action logged and queryable.
  • A subprocessor map covering every component and every data path.
  • Designed for the security review from day one, not retrofitted after the audit finds a gap.
Data residency

It lives in your cloud. It does not leave.

In-region call path Caller audio enters the client's cloud boundary. Speech-to-text, language model, and text-to-speech stages all run in-region. The spoken reply returns to the caller and nothing crosses the boundary. CALLER audio YOUR CLOUD · YOUR REGION SPEECH → TEXT in-region LANGUAGE MODEL your knowledge base TEXT → SPEECH in-region SPOKEN REPLY AUDIO · TRANSCRIPTS · EMBEDDINGS: STAY IN-REGION
Speech to text, the language model, and text to speech all run inside the boundary you choose. The reply goes back to the caller. Audio, transcripts, and embeddings stay in-region.
  • The region is pinned at deployment and documented for your review.
  • The retention schedule is enforced in code, not in a policy deck.
  • Every component on the path is named on a subprocessor map.
  • Your choice of cloud: Azure, AWS, GCP, or on-premise.
Regulated industries

Where the privacy regime is the project.

Healthcare, public sector, and cross-border data. We treat the compliance regime as engineering, described as posture rather than a certification claim.

Healthcare

Patient-facing voice on HIPAA-ready architectures

Healthcare deployments run on the practice’s own clinical content, never the open internet, with residency, retention, and audit built for HIPAA and equivalent privacy regimes.

Public sector

Built to pass a government security review

A North American municipality answers its public phone lines with our engineering, live and managed. Public-sector work is designed for the security review before procurement asks.

Cross-border

In-country data residency for GDPR and beyond

When the requirement is that voice and transcript data stay in a specific country, residency is a deployment choice we pin and document, not an afterthought.

Reliability

Production operation, not a demo that stalls under load.

Built on production LiveKit: real concurrency, call-quality monitoring, and failure handling, with the same audit trail your security review reads. Under managed services, operation is backed by an SLA-defined response. Specific availability terms are set per deployment.

  • Engineered for concurrent call load, proven at platform scale.
  • Call-quality monitoring and failure handling on the live system.
  • Monthly tuning cycle, model updates, and knowledge-base maintenance under managed services.
  • The audit log records every call and action, queryable after the fact.
How it is built

A cascade pipeline you can swap, not a wrapper you cannot.

Separate, swappable stages on LiveKit: streaming speech to text, a language model reasoning over your knowledge base, real writes to your systems, and natural speech you can interrupt. Models are your choice, Claude, GPT, or open-source, with no per-minute platform lock-in. This is the layer a thin Retell or Vapi wrapper cannot give you.

Production engineering A 15-second default timeout broke our voice AI’s call transfers Production engineering Rate limiting a voice agent with one Postgres UPDATE Production engineering Three attempts at masking a voice agent’s thinking silence
Engagement

How an enterprise build runs.

Delivered under your brand, or directly

Most enterprise work ships through a regional IT services partner under their brand. Buying for your own platform? We build directly too.

You own the result

IP transfers to you or your client as standard work for hire. It runs in your accounts. Taritas retains only internal frameworks and templates.

Fixed-scope SOWs

A first custom build is from $25,000, typically delivered in 6 to 8 weeks, with 4 weeks of post-launch tuning included.

Operations you can hold to an SLA

Managed services from $2,000 per month per deployment: monitoring, monthly tuning, model updates, and SLA-defined response.

Pricing is published in full, including the partner margin model, on the partner page. We do not duplicate the numbers here so they cannot drift.

The security pack

Take the artifacts to your security team.

Residency architecture, retention schedule, audit logging, subprocessor map, and exit plan: the pack your review reads before contract. Tell us where to send it.

Reply within one business day
FAQ

The questions buyers and their security teams ask.

Is Taritas’s voice AI HIPAA and GDPR compliant?

Taritas builds HIPAA and GDPR-ready architectures as standard: in-country data residency, a retention schedule enforced in code, audit logging, and a subprocessor map. We describe these as engineering posture, not as certifications, and design every build to pass your security review.

Where does voice and transcript data live? Can it stay in-country?

Yes. Deployment is pinned to your cloud and your region, so audio, transcripts, and embeddings stay inside the boundary you require. The region is a deployment choice we document, not an afterthought.

Is the audio encrypted end to end?

Data is encrypted in transit and at rest. True end-to-end encryption is not compatible with a system that must understand and act on speech, so instead the processing runs inside your cloud boundary and plaintext audio never leaves the region.

Can your voice AI pass an enterprise or government security review?

That is the part we are best at. We design for the security review first: residency, retention, audit trails, and a subprocessor map are documented before procurement asks. A North American municipality already runs our engineering on its public phone lines.

What SLA and uptime do you offer for production voice agents?

Production operation includes call-quality monitoring, failure handling, and an SLA-defined response under managed services. Specific terms are set per deployment.

Do you build for US enterprises, or only through partners?

Both. Most enterprise work ships through a regional IT services partner under their brand, and we also build directly for platforms and providers buying for themselves. The engineering is the same.
Next step

Thirty minutes. A live deployment. A straight answer.

We show a production system, walk the architecture, and tell you honestly whether a platform build is all you need. Buying directly rather than through a partner? Say so and we will scope it with our team.

Book a partner conversation Request the security pack

Reply within one business day