AI Receptionist Contract: The 12 Clauses to Actually Read Before You Sign

Bottom line. AI receptionist contracts are mostly form MSAs the vendor wrote, designed to be signed without reading. Twelve clauses decide whether the contract actually protects you: cancellation, data ownership, BAA scope, voice cloning rights, model training, configuration IP, SLA definitions, pricing changes, compliance representations, indemnification, data residency, and audit rights. This is the procurement checklist no vendor publishes. It is not legal advice — consult counsel before signing — but it is the engineering-grade walkthrough of what each clause should say and what to negotiate.

Most buyers sign the vendor's master service agreement (MSA) without redlining a single clause. The form is presented as standard, the sales rep is friendly, the trial period is short, and the contract goes into a Dropbox folder nobody opens until something goes wrong. That is the moment the clauses you didn't read become the clauses that decide the dispute.

We're building Sawy, an AI receptionist launching Q3 2026, and we have to write our own customer contracts soon. Reviewing the public-facing MSAs and terms of service from voice AI vendors that publish them taught us this: the gap between what these contracts typically say and what a thoughtful buyer should expect is large. Most clauses are negotiable if the buyer asks — almost no buyer asks.

This is for the operator, ops lead, or in-house counsel doing the procurement review. It is not legal advice; consult your counsel for the formal red-line.

The 12 clauses at a glance

Print this. Pull up the MSA. Score each one.

| # | Clause | What to look for | |---|---|---| | 1 | Cancellation terms | Month-to-month with 30-day notice; no auto-renewal lock-in | | 2 | Data ownership | You own all call recordings, transcripts, and derived data | | 3 | BAA scope and subcontractor list | If healthcare: BAA covers full subcontractor chain | | 4 | Voice cloning rights | Custom voices are your IP; not reused on other accounts | | 5 | Model retraining | Your data is not used to train models for other customers without opt-in | | 6 | IP for custom configurations | Your prompts, knowledge base, and call flows are yours | | 7 | SLA definitions | Uptime percentage, downtime definition, exclusions, remedy | | 8 | Pricing change terms | 60-90 day notice; opt-out right; grandfathering | | 9 | Compliance representations | Specific certifications with scope, not "we take security seriously" | | 10 | Indemnification | Mutual; covers IP infringement and material breach | | 11 | Data residency and export | Documented region; full export on cancellation in usable format | | 12 | Audit rights | You or your auditor can inspect controls; reasonable cadence |

Every one of these has a default vendor draft, a buyer-friendly version, and a red-line position you can take. The rest of this article walks each in detail.

Clause 1 — Cancellation terms

What it typically says. Annual term with automatic renewal unless the customer provides written notice 60 or 90 days before the current term ends. Some vendors require notice by registered mail.

What it should say. Month-to-month by default, or annual with a clear right to convert. Notice periods symmetric to the vendor's own change windows — 30 days for month-to-month, 60 days for annual. Cancellation effective by email or in-product action, not certified mail to a PO box. Auto-renewal should require affirmative vendor notice at least 60 days before rollover.

What to negotiate. If the vendor insists on an annual term, ask for a 30-day out clause in the first 60 days (a real trial period). Written confirmation of cancellation within 5 business days. Symmetry between your notice window and the vendor's price-change notice window.

Deal-breaker. Multi-year term with no out clause, or auto-renewal with no notice obligation on the vendor. Same with cancellation that requires chasing a sales rep through a portal with no "cancel" button. The FTC's "click-to-cancel" amendments to the Negative Option Rule — finalized October 2024 and explicitly B2B-applicable — were vacated by the 8th Circuit on July 8, 2025, days before the major provisions would have taken effect. State automatic-renewal laws (California, New York, Illinois, and others) and existing FTC misrepresentation guidance remain in force, so the deal-breaker still applies — just don't rely on the federal rule as the enforcement mechanism.

Clause 2 — Data ownership

What it typically says. Customer retains ownership of "customer data," with the vendor granted a broad license to "use, copy, modify, and create derivative works" for service provision, improvement, and analytics. Some forms quietly grant the vendor ownership of "derived data" or "aggregated data" without defining the terms.

What it should say. You own all call recordings, transcripts, structured outputs (extracted appointment info, captured contact data), and any reports the vendor generates from your account. The vendor's license is narrow — limited to providing the service to you, with no right to sell, share, or use the data for any other purpose. Derived data explicitly defined and owned by you when identifiable to your business or callers.

What to negotiate. Strike "create derivative works" unless the vendor needs it for a named purpose (transcripts technically qualify). Add explicit ownership language. Require deletion of all your data within 30 days of termination with written confirmation.

Deal-breaker. Any clause that grants the vendor ownership of your call data, or any irrevocable, perpetual, or sublicensable license beyond what's needed to provide the service. Both are non-starters for any operator who takes the long view.

For architecture questions on where the data lives, see the HIPAA voice AI architecture deep-dive.

Clause 3 — BAA scope and subcontractor list

What it typically says. For healthcare-adjacent vendors, a Business Associate Agreement (BAA) is offered as a separate addendum with no detail on downstream subcontractors. "Vendor will sign a BAA upon request" is the most common form.

What it should say. The BAA names every subcontractor that touches PHI — telephony, speech-to-text, LLM API, hosting, observability — and represents that each one is covered by an upstream BAA. The vendor commits to 30-day notice of subcontractor changes and continuous BAA coverage.

What to negotiate. Subcontractor list as an exhibit to the BAA. Notice of subcontractor changes with a right to object. Written representation that no PHI is sent to any service not under BAA. Survival clause so BAA obligations continue past termination for as long as the vendor holds your PHI.

Deal-breaker. Vendor refuses to sign a BAA, or signs but won't disclose subcontractors. Both indicate the vendor hasn't done the work to be a real Business Associate. The HIPAA voice AI architecture article covers the BAA chain in detail; the medical practices industry page walks the operational version.

Clause 4 — Voice cloning rights

What it typically says. If the vendor offers custom voice creation (training a synthetic voice on your staff or paid voice talent), the contract grants the vendor broad rights to use the resulting voice model — sometimes including reuse on other customer accounts or in marketing.

What it should say. Custom voices created for your account are your IP. The vendor's license is limited to using the voice exclusively for your account, with no right to use it on other customers, in demos, or in marketing. Voice biometric training data is confidential and deleted on request.

What to negotiate. Exclusive-use clause for any custom voice. Vendor deletes voice model and training recordings within 30 days of termination. Explicit prohibition on using your voice as a "demo voice" or "preset voice" for other customers. If a real human voice talent was used, require documented consent from the talent.

Deal-breaker. Vendor reserves the right to use voices trained on your data for other customers. A competitor's caller hearing your voice on a different brand is a brand-integrity event you cannot recover from. Same with vendors that won't represent voice-talent consent in writing.

Voice-cloning regulation is evolving fast. The FTC's impersonation rule and a growing patchwork of state laws (Tennessee's ELVIS Act, California's AB 2655, and similar provisions in New York and Illinois) now address AI-generated voices and deepfakes specifically. The legal landscape is fast-moving and varies materially by state — consult counsel with current jurisdiction-specific guidance before deploying a cloned voice in production.

Clause 5 — Model retraining

What it typically says. Vendor reserves the right to use customer data to "improve the service," which in practice means training the vendor's models for the benefit of all customers — including your competitors. Opt-out is often available but buried in account settings.

What it should say. Customer data is not used to train, fine-tune, or evaluate any model shared across customers without explicit, granular, revocable opt-in. If you opt in, the vendor commits to documented data handling — which model, what subset, what retention.

What to negotiate. Flip the default from opt-out to opt-in. Require the vendor to name any model your data would train. Anonymization and aggregation so data cannot be associated with your business or callers. Right to remove your data from future training runs (knowing weights already trained can't be un-trained, but the pipeline can be flushed).

Deal-breaker. Vendor uses customer data for training by default with no opt-out, or opt-out behind a 30-day written-request gate. Same with any clause granting the vendor the right to train models sold to or used by other customers on your data.

Once your data is in model weights, the exposure is irreversible. The right time to negotiate this is before the first call is processed.

Clause 6 — IP for custom configurations

What it typically says. Vendor grants customer a license to use the service, but the contract is silent on the customer's configuration work — the call flows you built, the knowledge base you uploaded, the agent prompts your team wrote. Silence here defaults to vendor ownership under the broader IP clauses.

What it should say. All configurations, customizations, prompts, knowledge base content, training data you provide, and integration logic are owned by you. The vendor's license is limited to operating the service for you. On termination, you can export everything in a portable format.

What to negotiate. Explicit "customer configurations" clause naming what you own: call flows, prompts, knowledge base, FAQ, escalation rules, voice persona. Export functionality maintained throughout the term. Vendor won't use your configurations as templates for other customers without written consent.

Deal-breaker. Vendor claims ownership of customer-built call flows or knowledge bases. Vendor refuses to provide configuration export on termination. Either makes the platform a roach motel — easy to enter, hard to leave with your work intact. The best AI receptionist buyer's guide covers vendor portability in the side-by-side.

Clause 7 — SLA definitions

What it typically says. "Vendor will use commercially reasonable efforts to maintain 99.9% uptime." That sentence does most of the hiding. "Commercially reasonable efforts" is not an enforceable commitment, the 99.9% number is undefined as to what counts as "up," and remedies are buried.

What it should say. A specific uptime percentage (99.9% is industry-standard, 99.95%+ for production-critical) with a precise definition of downtime — what counts (calls failing to connect, transcription errors above threshold, response latency above threshold) and what doesn't (scheduled maintenance with prior notice, force majeure). Measurement methodology named. Remedy specific: service credits tied to the shortfall, with a process for claiming them.

What to negotiate. Strike "commercially reasonable efforts"; the SLA percentage is a direct commitment. Real-time status page or proactive incident notifications. Material consecutive-month failure triggers termination for cause with refund of prepaid fees.

Deal-breaker. No SLA, or an SLA with no remedy. Same with an SLA that excludes everything that actually causes downtime — "the SLA does not apply to issues caused by third-party services" when most of the stack is third-party services makes the SLA meaningless.

Clause 8 — Pricing change terms

What it typically says. "Vendor may change pricing at any time upon notice." Some forms specify 30-day notice; some specify nothing and rely on auto-renewal to push increases through at term boundaries.

What it should say. Pricing fixed for the current term. Any change for the next term requires 60-90 day notice. Existing customers grandfathered at signed pricing for at least 12 months after any change. Notice via email to a designated contact, not an in-product banner.

What to negotiate. 90-day notice for any price increase. Right to terminate without penalty if you object. Cap the magnitude of any single increase (no more than CPI + 5% in any 12-month period). Lock in pricing for the duration of any prepaid annual term including renewals.

Deal-breaker. Vendor reserves the right to change pricing with no notice or immediate effect. No opt-out on price increases. Both turn the contract into a one-sided option held by the vendor — they keep the upside if your business grows, you bear all the price risk.

Pattern that has burned operators in adjacent SaaS: $99/month signs, $149 after 12 months "due to inflation," $199 the next year "due to model costs." Without notice protection and a cap, the cumulative increase is unrecoverable.

Clause 9 — Compliance representations

What it typically says. "Vendor maintains industry-standard security practices and complies with applicable laws and regulations." This is filler — no specific framework, no audit basis.

What it should say. Specific certifications named, with scope and current status. SOC 2 Type II is the minimum for any vendor handling business-critical data; the report available under NDA. HIPAA compliance referenced via the BAA. PCI DSS if applicable. State privacy laws (CCPA, Virginia CDPA, others) named where the vendor processes data of covered residents. Vendor commits to maintaining the named certifications throughout the contract.

What to negotiate. Current SOC 2 Type II report under NDA before signing. 30-day notice of any material change in compliance status (lapsed certification, auditor finding, new regulatory exposure). Representation that the vendor's service does not violate any law applicable to the vendor or to the customer's disclosed use.

Deal-breaker. Vendor cannot produce a current SOC 2 Type II report or equivalent. Vendor refuses specific compliance representations beyond the filler. For any vendor handling regulated data (healthcare, legal, financial), non-negotiable.

For HIPAA-specific architecture, the HIPAA voice AI article covers what the BAA needs to back up. For law-firm-specific compliance, the law firms industry page walks privilege and confidentiality.

Clause 10 — Indemnification

What it typically says. One-way indemnification by the customer in favor of the vendor. Some forms include vendor indemnification of the customer for third-party IP infringement claims on the service itself — but with broad carve-outs.

What it should say. Mutual indemnification, narrowly scoped. Vendor indemnifies you for third-party claims that the service infringes IP rights. Customer indemnifies vendor for misuse (uploading content you don't have rights to). Each party defends the other for breach. Caps tied to fees paid, with unlimited carve-outs for gross negligence, willful misconduct, and confidentiality breaches.

What to negotiate. IP infringement indemnification from the vendor for the service. Strike vendor carve-outs that swallow the indemnity (e.g., "does not indemnify for claims arising from open-source components" — a substantial portion of any AI service is open source). Add data-breach indemnification: vendor covers breach-notification costs, regulatory fines, and forensics costs caused by a vendor-side breach.

Deal-breaker. Vendor indemnifies for nothing, or with carve-outs so broad protection is theoretical. Same with any clause requiring the customer to indemnify the vendor for the vendor's own breach.

Indemnification is where the contract's risk allocation lives. Procurement teams already know how to negotiate this — voice AI doesn't justify a special standard.

Clause 11 — Data residency and export

What it typically says. Vendor reserves the right to store and process data in any region. Export "in a commercially reasonable format" on termination, often with a short window and a fee.

What it should say. Data residency documented at signing. If multiple regions or cross-border transfers are involved, the contract names them and references the applicable transfer mechanism (Standard Contractual Clauses for EU data, similar for other jurisdictions). Export available throughout the term and for at least 90 days after termination, in documented formats (JSON, CSV, audio in standard codec), at no additional fee.

What to negotiate. Specify your data residency in the contract. 60-day notice before any change. Export as a self-service feature, not a sales-team escalation. Migration assistance, including transcript and configuration handoff to a successor vendor, on commercially reasonable terms.

Deal-breaker. Vendor will not commit to documented residency. Vendor charges for export or sets the window so short you can't realistically use it. Both are roach-motel patterns. For EU buyers, no cross-border transfer mechanism named is a GDPR issue independent of other claims. The EU-US Data Privacy Framework (DPF) is currently in effect under the European Commission's 2023 adequacy decision (extended to the EEA in 2024) — but it is under ongoing CJEU challenge (Latombe appeal, filed October 2025) and the U.S. Privacy and Civil Liberties Oversight Board has been operating below quorum since January 2025. Treat DPF coverage as necessary but not sufficient; ask vendors what their backup transfer mechanism is if the DPF is invalidated.

Clause 12 — Audit rights

What it typically says. No audit right at all, or a vague "vendor will make security documentation available on request." Some forms grant audit rights but require 60-day notice, charge per audit, and limit the auditor to vendor-approved firms.

What it should say. You (or an independent third-party auditor) have the right to inspect the vendor's security controls, data handling, and compliance posture annually or on a security event, subject to reasonable confidentiality and operational constraints. Vendor provides SOC 2 Type II under NDA, responds to security questionnaires within 10 business days, and cooperates with regulator-driven audits.

What to negotiate. Audit right with 30-day notice exercisable annually, shorter notice for cause. Documentation responsive to common audit frameworks (SOC 2, HIPAA, your industry-specific framework). For larger contracts, vendor participation in your annual third-party risk management review.

Deal-breaker. No audit right. Vendor won't respond to security questionnaires or provide SOC 2 reports under NDA. Each is a sign the vendor isn't operationally mature enough to be your Business Associate or data processor.

The deal-breaker vs negotiable vs accept matrix

For procurement teams running multiple vendor reviews, the at-a-glance scoring helps prioritize where to push.

| Clause | Deal-breaker if... | Negotiable if... | Accept if... | |---|---|---|---| | Cancellation | Multi-year no-out | Annual with mid-term out | Month-to-month, 30-day notice | | Data ownership | Vendor owns recordings | Broad license needs narrowing | You own all, narrow vendor license | | BAA + subcontractors | No BAA, no list | BAA exists, partial subcontractor disclosure | Full BAA with subcontractor exhibit | | Voice cloning | Vendor can reuse on other accounts | Exclusivity needs adding | Custom voices yours, exclusive use | | Model training | Default opt-out + buried | Opt-out clear, anonymization claimed | Opt-in default, anonymization documented | | Configuration IP | Vendor owns flows or won't export | Silent on ownership | Customer owns, exports portable | | SLA | No SLA or no remedy | SLA exists, remedy weak | Specific %, remedy, exclusions reasonable | | Pricing changes | Immediate or no notice | 30-day notice only | 60-90 day notice, opt-out, cap | | Compliance | No SOC 2 available | SOC 2 Type I only | SOC 2 Type II, named certifications | | Indemnification | One-way only, no IP indemnity | IP indemnity with broad carve-outs | Mutual, narrow carve-outs, breach coverage | | Data residency | No commitment | Commitment with broad change rights | Documented region, 60-day change notice | | Audit rights | None | Vendor-approved auditors only | Annual independent audit right |

The right way to use this: pick the column the vendor's current MSA sits in for each clause, then push every "accept" column item that matters for your business. Vendors don't say no to most of these — they say yes to anything a sophisticated buyer asks for, and rely on most buyers not asking.

A small experiment: 8 public voice AI MSAs reviewed against the 12 clauses

To pressure-test how typical AI receptionist contracts handle the 12 clauses in practice, we reviewed the public-facing MSAs and ToS of 8 voice AI vendors that publish them as of May 2026. Two reviewers independently scored each clause as Well (present, specific, buyer-reasonable), Poorly (present but ambiguous or one-sided), or Silent. We do not name vendors — public terms change, and a snapshot shouldn't be misread as a verdict on any specific vendor.

Result on the 8-vendor sample:

| Clause | Well | Poorly | Silent | |---|---|---|---| | Cancellation | 2 | 4 | 2 | | Data ownership | 1 | 5 | 2 | | BAA scope | 1 | 2 | 5 | | Voice cloning | 0 | 3 | 5 | | Model retraining | 1 | 4 | 3 | | Configuration IP | 1 | 2 | 5 | | SLA definitions | 2 | 3 | 3 | | Pricing changes | 1 | 5 | 2 | | Compliance reps | 2 | 4 | 2 | | Indemnification | 3 | 4 | 1 | | Data residency | 1 | 3 | 4 | | Audit rights | 0 | 1 | 7 |

What the sample shows. No vendor addressed all 12 clauses well. Audit rights and voice cloning are most consistently absent. Pricing changes, data ownership, and indemnification are usually present but vendor-favorable — buyer should redline. BAA-scope chain of trust is rarely backed up in writing, even from vendors that mention healthcare in marketing.

Caveats. Sample size 8 is illustrative, not statistical. Public ToS is only part of the contractual picture — vendors sign different terms with enterprise customers. The exercise is repeatable: pull the vendor's public terms, score them against the 12 clauses, and you have a quick triage before you talk to sales. See our sources registry for the public-facing benchmarks.

When this checklist doesn't apply

Three buyer profiles where the 12-clause review is overkill or under-kill.

Small operators under $200/month spend. A one-location service business signing a $79/month AI receptionist plan probably cannot negotiate the MSA — the vendor's process is sign-or-don't-buy. Use the 12-clause framework as a triage tool: if the form fails any deal-breaker (no BAA when you need one, vendor owns your call data, no SLA), walk. If it's merely vendor-favorable on the negotiables, sign and reconsider when you grow into a tier that can negotiate.

Enterprise buyers with their own template. Your procurement team has its own MSA template that the vendor will sign. The 12 clauses become internal QA on your own template: does our template actually cover model training, voice cloning, and BAA subcontractor disclosure? Most enterprise SaaS templates predate AI procurement and don't.

Highly regulated industries. Hospital systems, large law firms, and financial-services buyers operate under regulatory regimes (HIPAA, GLBA, attorney-client privilege rules) that impose floor requirements beyond the 12. Use the 12 as the starting checklist, then layer industry-specific requirements. For healthcare, the HIPAA architecture article and HIPAA compliance glossary entry are the right next reads.

The 12 clauses are necessary but not always sufficient. None of this is a substitute for your own legal counsel reviewing the specific contract on the specific deal.

FAQ

Do I need a lawyer to review an AI receptionist contract?

For any contract above ~$5,000/year annualized or involving regulated data (PHI, financial information, attorney-client material), yes — at minimum a brief paid review by SaaS-experienced counsel. For smaller contracts, the 12-clause framework here is a reasonable triage. A 30-minute counsel review (typically $150-$400) is a fraction of the cost of discovering a problem during a dispute. This article is not legal advice; consult your own counsel.

Can I negotiate the standard MSA from an AI receptionist vendor?

Usually yes, depending on contract size. Vendors typically negotiate above ~$10,000/year annualized; many will negotiate smaller deals with sophisticated buyers who ask. Negotiation is a redline exchange via email, not a formal drafting session. Vendors that refuse to negotiate any clause are either too immature for real procurement or too aggressive to be trusted on the substance.

What's the most important clause in an AI receptionist contract?

Depends on your business. Healthcare: BAA scope (Clause 3). Any business with proprietary configurations: IP for configurations (Clause 6). Everyone: data ownership (Clause 2) and model retraining (Clause 5). Cancellation (Clause 1) is the clause people forget until they need to leave.

What's a Business Associate Agreement (BAA) and do I need one?

A BAA is a HIPAA-required contract between a covered entity (your healthcare practice) and any business associate (a vendor that creates, receives, or transmits PHI on your behalf). Any HIPAA-covered entity using an AI receptionist that handles patient information needs one. The BAA is separate from the main service contract. The HIPAA architecture article covers the broader question.

What happens to my data if I cancel?

Depends on the contract. Buyer-friendly: export all recordings, transcripts, and configurations in portable format for at least 90 days post-termination; vendor deletes within 30 days of your written request. Vendor-unfriendly: vendor keeps your data indefinitely "for legal compliance" and export is offered only in formats you can't import elsewhere. Clauses 2 and 11 determine which version you have.

What we'd accept on our own customers

The honest test of this article is what we'll put in Sawy's own MSA: month-to-month with 30-day notice; customer owns all recordings, transcripts, configurations; BAA available with subcontractor exhibit; custom voices exclusive to your account; customer data not used for training unless opt-in; portable configuration export; 99.9% SLA with service-credit remedy; 60-day notice on price changes; SOC 2 Type II at launch; mutual indemnification; US data residency; annual audit right.

This list is aspirational — we're a pre-launch company — but it's the standard we'll hold ourselves to. We're publishing it before we ship the contract so you can hold us to it.

For evaluating AI receptionist vendors against this framework, the best AI receptionist buyer's guide is our side-by-side. For the operational deployment question, the AI receptionist use case page walks the call flow. For the upstream human-vs-AI decision, the AI vs human receptionist decision framework is the right next read.