AInora

California Debt Collection Compliance

The Rosenthal Act is not federal FDCPA plus optional. It is mandatory.

AI voice agents that automate the routine 80 percent of collection calls while reducing compliance risk under California's Rosenthal Act, DFPI licensing, CCPA / CPRA, and federal FDCPA / TCPA / Reg F.

Book a compliance review
Answers in <1s|Bilingual EN / ES|Full call recording and audit trail
Try in browser · No signup
JessicaJessica·English

Click to start a conversation

Call our AI assistant

+1 (218) 636-0234

24/7 live AI - call anytime

Click the mic. Talk to Ainora for 60s.

The compliance stack

#1

California houses the largest state consumer-protection enforcement office in the United States, under the DOJ and DFPI.

$1,000

maximum statutory damages per Rosenthal violation, on top of actual damages, attorney fees, and class-action exposure.

2022

year the Debt Collection Licensing Act (SB 908) took effect; DFPI enforcement actions have trended up year over year since.

Sources: California DOJ, DFPI annual reports, Cal. Civ. Code § 1788.30

What the law says

Six rules that shape every California collection call.

Rosenthal Fair Debt Collection Practices Act

California's state-level FDCPA twin (Cal. Civ. Code §§ 1788-1788.33). Unlike federal FDCPA, Rosenthal applies to first-party creditors collecting their own debts, not only third-party agencies.

DFPI licensing (DCLA)

The Debt Collection Licensing Act (SB 908, effective 2022) requires most collectors doing business in California to hold a Department of Financial Protection & Innovation license. Annual reporting obligations apply.

CCPA / CPRA data-subject rights

Consumer debt records contain personal information subject to the California Consumer Privacy Act and its CPRA amendments. Consumers can request access, correction, or deletion, even mid-collection.

Time-of-day restrictions

Calls to California consumers are restricted to 8:00 a.m. to 9:00 p.m. local time. Time zone must be determined by the consumer's actual location, not the collector's area code.

Private right of action

Rosenthal gives California consumers a direct private right of action. Statutory damages up to $1,000 per violation, plus actual damages and attorney fees. Class actions are common.

Reg F and CA call-frequency limits

Federal Reg F caps consumer contact attempts (7 per week per debt, 7 days between conversations). California enforces the federal baseline and layers Rosenthal restrictions on harassing-frequency claims.

Live demo

Hear our AI in action

Emily handles a live collection call for Crown Recovery. Same voice tech, configured for California compliance.

EN
Emily
Crown Recovery Services
+1 (332) 241-0221
Book a demo call

Federal vs California

Two layers, stacked.

Federal FDCPA, TCPA, and Reg F set the floor. California layers Rosenthal, DFPI, and CCPA / CPRA on top, and Rosenthal reaches creditors FDCPA does not.

Federal baseline

  • FDCPA: applies to third-party debt collectors. Validation, harassment, false-statement rules.
  • TCPA: prior express consent for autodialed or prerecorded calls to wireless numbers.
  • Reg F (CFPB): 7 contact attempts per 7 days per debt; 7-day cooldown after a consumer conversation.
  • Calling hours: 8 a.m. to 9 p.m. consumer local time.

California add-ons

  • Rosenthal Act: reaches first-party creditors, not only third-party agencies.
  • DFPI license: required for most collectors under the DCLA since 2022.
  • CCPA / CPRA: data-subject access, deletion, correction, opt-out rights on debt records.
  • Private right of action: statutory damages plus attorney fees, class-action friendly.

Built-in vs configurable

What AI handles automatically. What we tune per client.

AI reduces risk on the repeatable rules. Your specialized policies, disclosures, and workflow live in the configurable layer and are signed off by your counsel.

Built-in

Platform-level

Configurable

Per client, with your counsel

Time-of-day restrictions based on consumer local time zone
Your specific Rosenthal disclosure and validation-notice wording
Reg F 7-in-7 contact-frequency caps per debt
Dispute-handling script, investigation window, response cadence
Full call recording, transcripts, and tamper-evident audit log
CCPA / CPRA data-subject request routing to your compliance team
DNC / litigious-consumer / cease-and-desist suppression lists
Payment-plan terms, settlement authority, and escalation thresholds
Voicemail scripts with Foti-compliant minimal disclosure
AI-identification policy (proactive, on request, or none) per your counsel
Encryption, access controls, and retention windows
DFPI-reporting data exports and licensed-entity metadata tagging

AI reduces compliance risk by automating the repeatable rules. Specialized legal review by California counsel is still required for your specific workflow.

How AI stays compliant

The pre-call, in-call, post-call flow.

Every call runs through the same sequence. If any check fails, the call does not happen or the AI hands off.

Verify consent and licensing jurisdiction
Check consumer local time zone
Check DNC, cease-and-desist, litigious lists
Check Reg F 7-in-7 contact-frequency cap
Place call with scripted validation disclosure
Record full call, stream transcript to audit log
Flag any CCPA / CPRA or dispute trigger for human
Archive with retention policy and metadata for DFPI reporting

Integrations

Connects to the collection stack you already run.

AI writes call outcomes, promises-to-pay, and dispute flags straight into your core system. No double entry, no CSV imports.

Salesforce·
HubSpot·
Experian·
Equifax·
TransUnion·
LexisNexis·
Stripe·
QuickBooks·
Telnyx·
RingCentral·
Twilio·
Zapier·
Make·
n8n·
Custom API·
Salesforce·
HubSpot·
Experian·
Equifax·
TransUnion·
LexisNexis·
Stripe·
QuickBooks·
Telnyx·
RingCentral·
Twilio·
Zapier·
Make·
n8n·
Custom API·

Plus 7,000+ apps via Zapier, Make, and n8n. If your collection system has an API, we connect it.

FAQ

California compliance, answered.

In most cases yes. The Debt Collection Licensing Act (effective January 2022) requires third-party collectors, debt buyers, and many first-party creditor affiliates doing business in California to hold a DFPI license. A handful of narrow exemptions exist (certain banks, licensed attorneys acting as attorneys). Confirm your status with California counsel before launching any collection program, automated or manual.
Yes. That is the key difference from federal FDCPA. Rosenthal applies to anyone regularly collecting a consumer debt, including the original creditor. If you call California consumers about your own unpaid invoices, Rosenthal applies to you.
That is a Rosenthal and FDCPA violation and exposes you to statutory damages, actual damages, and attorney fees. Our AI is configured to detect the consumer's local time zone and refuse to place outbound calls outside permitted hours. Scheduled retries are pushed to the next eligible window automatically.
When a caller references privacy rights (access, deletion, opt-out of sale / share, correction), AI flags the call, logs the request with a timestamped recording, and either escalates to a human handler or issues a scripted acknowledgment and routes the request to your compliance workflow. Your legal team confirms the response path during onboarding.
Consumers generally have one year from the violation date to bring a Rosenthal claim. That is shorter than FDCPA's federal one-year window but California counsel can advise on tolling and discovery-rule nuances for your specific facts.
California does not currently mandate a "you are speaking to an AI" disclosure for debt calls, but disclosure is a fast-evolving area (see SB 1120 on healthcare AI, AB 2013 training-data transparency, and proposed rules on automated communications). Our default configuration discloses AI on request and on voicemail, and can be set to proactive disclosure for your jurisdiction-specific policy.
Yes, with care. Voicemails must comply with Foti / Zortman-style disclosure doctrine: identify the company, state the purpose of communication, and avoid disclosing debt details that a third party could overhear. The AI uses pre-approved voicemail scripts and does not freestyle debt amounts or account numbers in messages.

Ready to de-risk your California collection calls?

Let AI handle the repeatable 80 percent with the guardrails already in place. Your team and your counsel stay in control of the 20 percent that matters.

Book a compliance review

This page is general information, not legal advice. Consult a licensed attorney in California before deploying any debt collection AI.