It’s the architecture. Hard-coded, runtime-enforced, applied to every turn of every conversation — without ever asking the subscriber to acknowledge it mid-flow.
CoolBiz®’s compliance logic is hard-coded into the platform core. It cannot be overridden by a system prompt, by training data, by the subscriber’s instructions, or by anything an end-user types into the chat surface. The AI still functions as an AI — full conversational range, full feature set — but the compliance layer refuses to let it lie about what it saw or expose what the law says must stay protected.
Conditional logic runs invisibly behind every conversation. When sensitive data appears — a card number, a national identifier, a clinical diagnosis — the engine masks it before it ever reaches a foundation-model provider. Country-specific identifier recognition fires automatically based on the user’s detected language and locale.
The result: a chatbot that talks like a chatbot and complies like an enterprise system. Audit-ready by design. Multilingual by default. Operating across 195 countries with one engine.
Three coverage tiers describe how the platform engages with each jurisdiction. The full list — by country, by framework, by industry — is one click away.
Explicit, named compliance with the privacy and data-protection law of each region. ISO 27001:2022 controls active across all covered jurisdictions. Country-specific pattern recognition implemented where the law requires it.
Countries without active national privacy laws are protected under CoolBiz®’s ISO-aligned strictest-policy enforcement. Universal PII masking, sensitive-data redaction, 30-day data purge, encryption in transit and at rest.
Jurisdictions with emerging or unique data frameworks, rolling out alongside CoolBiz®’s Vertical Pro Tier launches. Each requires a per-subscriber attestation flow at connection time.
Industry tiles below describe coverage outcomes — not the specific legal acronyms. The granular per-industry framework matrix is available on request to qualified subscribers.
Patient communications, scheduling, intake. Mental health, reproductive, addiction-care heightened sensitivity tier.
Account, card, and transaction protection. Card data masked in real time and never stored.
Privileged communications, case data, client confidentiality. Bar-rule compliant by design.
Claims, policy data, member IDs. Vertical Pro Tier identifiers per state license requirements.
Buyer/renter PII, mortgage qualification, FCRA-protected credit references.
Employee records, payroll, GDPR Article 9 special categories, works council rules.
Student communications outside FERPA scope, admissions, campus services.
Consumer PII, payment data, cookies and tracking under all major frameworks.
Pro Tiers layer industry-specific APIs, identifier prompts, role-based gating, and CRM/database read-write capability onto the base subscription. Available as consumption-based add-ons with applicable minimum monthly commitments.
Athenahealth, Dentrix, and other BAA-eligible CRMs auto-connect with role assignment. NPI, DOB and specialty identifier prompts. Healthcare-tier STT for medical vocabulary.
State bar identifier prompts. Privileged-communication handling. Practice-management CRM integrations as available.
License-number and broker-dealer affiliation identifiers. GLBA-protected NPI data handling. Connected CRM detection at the API tier.
State license + line-of-authority identifiers. AgencyBloc and other carrier CRMs gated by plan-tier detection.
Pro Tier subscribers can upload structured data files (Excel, CSV) for the AI to inject into connected systems, and pull records back into the chat surface or as downloadable Excel / PDF / Word artifacts — all gated by role-based access. CRMs detected as below-BAA-eligible tier are filtered out automatically.