• TRUST & SECURITY
Learn how we build trust, security and compliance into Carl
Putting an AI teammate in front of your customers is a big decision. Before you say yes, your CEO, your IT lead, and your legal team will all have questions about trust and compliance. Here are our answers, in plain language.
• TRUST & SECURITY
Learn how we build trust, security and compliance into Carl
Putting an AI teammate in front of your customers is a big decision. Before you say yes, your CEO, your IT lead, and your legal team will all have questions about trust and compliance. Here are our answers, in plain language.
• TRUST & SECURITY
Learn how we build trust, security and compliance into Carl
Putting an AI teammate in front of your customers is a big decision. Before you say yes, your CEO, your IT lead, and your legal team will all have questions about trust and compliance. Here are our answers, in plain language.
0
Reported brand-risk incidents from Carl messages
100%
Compliant with EU regulations, including GDPR and the AI Act
Full visibility
Your team sees every message.
0
Reported brand-risk incidents from Carl messages
100%
Compliant with EU regulations, including GDPR and the AI Act
Full visibility
Your team sees every message.
0
Reported brand-risk incidents from Carl messages
100%
Compliant with EU regulations, including GDPR and the AI Act
Full visibility
Your team sees every message.
How do you make sure Carl doesn't say something inappropriate?
Most AI agents can, and do, write things their managers regret. We built Carl knowing that risk is real, and that it's your brand on the line, not ours. So we put six things in place to make sure Carl on-brand.
Before a single message goes to a single lead, your team reviews the templates Carl will work from. Sender name, tone, phrasing, length. Nothing goes out you haven't signed off on. If you want to change the library later, you can.
Carl is built to do one job: reactivate cold leads and book the sales call. When a lead asks something outside that scope, Carl doesn't guess.
Specifically, Carl will not:
- Quote prices or valuations for the car.
- Confirm or deny anything specific about a car the lead is buying or selling.
- Discuss financing, trade-in terms, or warranty.
- Make commitments about timing, delivery, or availability.
- Answer legal, tax, or contractual questions.
There's a list of things Carl is hardcoded never to send, regardless of context. Promises, guarantees, specific numbers we haven't been given, anything that could be read as a commitment on your behalf. The list is reviewed by us, and you can add to it.
When a lead replies with something unusual, angry, confused, off-topic in a way that suggests we may have the wrong person, the thread is flagged and a human at Carl reviews before the next message goes out. Routine threads don't need this. Anything that smells off does.
Before a new customer goes live, we run the agreed templates through a test set of historical conversations to confirm the tone lands the way you want. You see the test results and approve them. Only then does Carl start on your real list.
If a message ever lands wrong, we want to know fast and so do you. Your team can flag any thread directly from the audit log with a simple click. We retract or correct where possible, and document what changed in our process so it doesn't happen again.
Is this legal under GDPR and the AI Act?
The short answer is YES. Here comes the long answer:
You are the data controller. The leads are your customers, the data is your data, and you decide what gets processed and why. Carl HQ AS is the data processor, acting on your instructions. We sign a Data Processing Agreement (DPA) before any data changes hands.
The lawful basis depends on the relationship you have with the lead. In most cases it's legitimate interest under GDPR Article 6(1)(f), since the lead originally engaged with you and the follow-up is a natural continuation of that conversation. Where consent is the more appropriate basis, you decide and we follow your instructions.
All lead data processing locations are inside the EU / EEA. See our Data Processing Agreement for more details.
If a lead asks to be deleted, you tell us and we delete the record from our systems within 30 days.
The EU AI Act came into force in stages from 2024. Carl is classified as a limited risk system under the Act. The main obligation that applies to Carl is transparency: leads have the right to know they may be interacting with an automated system.
0
Reported brand-risk incidents from Carl messages
100%
Compliant with EU regulations, including GDPR and the AI Act
Full visibility
Your team sees every message.
0
Reported brand-risk incidents from Carl messages
100%
Compliant with EU regulations, including GDPR and the AI Act
Full visibility
Your team sees every message.
0
Reported brand-risk incidents from Carl messages
100%
Compliant with EU regulations, including GDPR and the AI Act
Full visibility
Your team sees every message.
Can we see what Carl actually sent?
Yes. Every message, every reply, every conversion. Always.
Full audit trail per lead. For every lead Carl works, you can see the entire thread: what Carl sent, when, what the lead replied, how long the gap was, whether the thread was flagged for human review, and what the final outcome was. Nothing is hidden.
Search and filter. You can search the audit log by lead name, phone number, date range, outcome, or content. If a question comes up about a specific conversation six months later, you'll find it in under a minute.
Who has access. By default, the head of purchasing and anyone they nominate has full read access to the audit log for their dealership's data.
Can we see what Carl actually sent?
Yes. Every message, every reply, every conversion. Always.
Full audit trail per lead. For every lead Carl works, you can see the entire thread: what Carl sent, when, what the lead replied, how long the gap was, whether the thread was flagged for human review, and what the final outcome was. Nothing is hidden.
Search and filter. You can search the audit log by lead name, phone number, date range, outcome, or content. If a question comes up about a specific conversation six months later, you'll find it in under a minute.
Who has access. By default, the head of purchasing and anyone they nominate has full read access to the audit log for their dealership's data.
Can we see what Carl actually sent?
Yes. Every message, every reply, every conversion. Always.
Full audit trail per lead. For every lead Carl works, you can see the entire thread: what Carl sent, when, what the lead replied, how long the gap was, whether the thread was flagged for human review, and what the final outcome was. Nothing is hidden.
Search and filter. You can search the audit log by lead name, phone number, date range, outcome, or content. If a question comes up about a specific conversation six months later, you'll find it in under a minute.
Who has access. By default, the head of purchasing and anyone they nominate has full read access to the audit log for their dealership's data.
What happens if something goes wrong
We hold ourselves to zero brand-risk incidents. But if a message ever lands wrong, here's the flow.
You flag the thread. Directly from the audit log, with one click. Anyone on your team with access can do it.
We respond quickly. A real person at Carl, not an autoresponder, reviews what happened and gets back to you with a plan.
We retract or correct where possible. If the thread is still open, we'll send a follow-up that addresses the issue. If it's closed, we tell you exactly what was said so you know whether to reach out yourself.
We update the guardrails. Whatever caused the issue gets added to the blocked phrases list, the human review triggers, or the template library, depending on what went wrong. We share the change with you so you know what we did.
We tell other customers if it's relevant. If something we learn from your incident is useful to other customers, we share it. Anonymously, and with your sign-off.
What happens if something goes wrong
We hold ourselves to zero brand-risk incidents. But if a message ever lands wrong, here's the flow.
You flag the thread. Directly from the audit log, with one click. Anyone on your team with access can do it.
We respond quickly. A real person at Carl, not an autoresponder, reviews what happened and gets back to you with a plan.
We retract or correct where possible. If the thread is still open, we'll send a follow-up that addresses the issue. If it's closed, we tell you exactly what was said so you know whether to reach out yourself.
We update the guardrails. Whatever caused the issue gets added to the blocked phrases list, the human review triggers, or the template library, depending on what went wrong. We share the change with you so you know what we did.
We tell other customers if it's relevant. If something we learn from your incident is useful to other customers, we share it. Anonymously, and with your sign-off.
What happens if something goes wrong
We hold ourselves to zero brand-risk incidents. But if a message ever lands wrong, here's the flow.
You flag the thread. Directly from the audit log, with one click. Anyone on your team with access can do it.
We respond quickly. A real person at Carl, not an autoresponder, reviews what happened and gets back to you with a plan.
We retract or correct where possible. If the thread is still open, we'll send a follow-up that addresses the issue. If it's closed, we tell you exactly what was said so you know whether to reach out yourself.
We update the guardrails. Whatever caused the issue gets added to the blocked phrases list, the human review triggers, or the template library, depending on what went wrong. We share the change with you so you know what we did.
We tell other customers if it's relevant. If something we learn from your incident is useful to other customers, we share it. Anonymously, and with your sign-off.