Mercury

Compliance infrastructure for every AI agent you deploy

Q: Do I need Hello Voice to use Mercury?

No. Mercury is platform-agnostic. Ingest from any AI agent platform via HTTPS webhooks (Synthflow, Vapi, Bland, Retell, and any platform that fires webhooks) or via mTLS for Hello Voice. Mercury also exposes a REST API for compliance queries, tenant provisioning, audit log access, and evidence export, plus FHIR R4 for hospital EHR integration. Hello Voice customers get Mercury seats included in their plans, but Mercury is available standalone for any builder, agency, or platform.

Q: Which regulatory frameworks does Mercury support?

Mercury supports HIPAA/HITECH, FDCPA/Reg F, GLBA, PCI DSS, TCPA, and Insurance rule packs. New verticals are added as configurable rule packs, not new platforms.

Priced by agent, retained interaction volume, policy scope, and certification level. Connect any AI agent or platform with one integration. Mercury runs every interaction through configurable rule packs (HIPAA, FDCPA, GLBA, PCI DSS, TCPA), encrypts and retains the data for the full regulatory period, and exports audit evidence on demand. Audit-ready in days, not months. Close regulated deals without building a compliance team.

Start 7-Day Free Trial Contact Sales

HIPAA FDCPA GLBA PCI DSS TCPA Insurance

Dashboard

Policies

Audit Log

Tenants

Settings

AI Agent Status

Agent-Alpha

Operational

Policy Compliance Rate

Across 12,847 interactions

Audit Events (30d)

Structured & exportable

Active Rule Packs

HIPAA + PCI + TCPA

Human Escalations

Complete audit trails

Recent Compliance Events View All

HIPAA consent verified for inbound call #38291

2m ago

PCI DSS rule pack activated for payment workflow

7m ago

Human escalation triggered: PHI disclosure detected

12m ago

Transcript retention policy applied (tenant: acme-health)

18m ago

TCPA time-window check passed for outbound call

24m ago

The Problem

The gap between autonomy and audit.

AI agents are no longer scripted responders. They schedule procedures, access patient records, process payments, and modify clinical workflows. Without a compliance layer, every one of these actions is invisible, unregulated, and non-compliant.

Without Mercury

No audit trail

Agent-system interactions disappear after execution. No logs, no evidence, no accountability.

No policy enforcement

HIPAA, PCI, and FDCPA violations are discovered after the fact, if they are discovered at all.

No tenant isolation

Multi-client platforms share compliance context. One client's violation contaminates another's audit.

No data visibility

Zero insight into what agents access, when, or why. Procurement teams walk away.

With Mercury

Governance

Define what agents can say, access, and modify before they reach production.

Policy Engine Rule Packs Action Interception

Visibility

Every agent-to-system interaction logged with correlation IDs and timestamps.

Immutable Logs Correlation IDs Real-time Dashboard

Connectivity

Secure adapters between agents and EHRs, CRMs, and payment systems.

FHIR R4 mTLS Webhook Verification

Evidence

Export audit bundles per regulatory framework in minutes, not months.

Audit Bundles 6-Year Retention PHI Redaction

How It Works

Three steps to audit-ready agents

Every agent interaction flows through Mercury's ingestion layer, policy engine, and provider adapters. Three steps between your agent and a compliant, audit-ready deployment.

1. Connect your agents

Point your agent's event stream at Mercury's ingestion API via mTLS (internal) or secure webhooks (any platform).

mTLS Certificate Tree

Webhook Signature Verification

Platform-Agnostic

2. Enforce policies

Every request is evaluated against your compliance rule packs (HIPAA, PCI DSS, FDCPA, TCPA) in milliseconds with real-time redaction.

Real-time Redaction

Action Interception

Consent Validation

3. Route and retain

Mercury routes authorized requests to third-party systems via the Provider Adapter Layer. Every action is logged, encrypted, and retained.

Epic (FHIR R4)

Stripe & Salesforce

HubSpot & AWS SES

Adapter Ecosystem

Mercury connects to the platforms your agents run on and the systems they need to reach.

Voice AI Platforms

Vapi · Retell · Bland · LiveKit · Synthflow

Healthcare Systems

Epic (FHIR R4) · AthenaHealth · Nextech · Weave

CRM & Business

Salesforce · HubSpot · Zendesk

Payments & Comms

Stripe · AWS SES · Twilio · SendGrid

Connectivity

HTTPS Webhooks · FHIR R4 · OAuth SMART · Custom REST

Live Enforcement

Real-time policy enforcement in action

Mercury evaluates every agent interaction against your compliance policies and rule packs. Below is a real-time conversation between a voice agent and a patient, demonstrating how speech-to-text requests for patient records are intercepted, sensitive data is redacted, and every authorized action is securely logged.

Real-time Policy Engine

Enforcement Active

AI Agent

Idle

Inbound Request JSON

Waiting for agent interaction...

Compliance Boundary Cleartext

Patient Name John Doe

SSN XXX-XX-1234

Medication Metformin 500mg BID

Diagnosis Type 2 Diabetes

Authorized & Logged

HIPAA

SOC 2

Who It's For

One control plane, three deployment architectures

Mercury supports internal, external, and embedded architectures. The same policy engine scales from a single agent to thousands of tenants.

mTLS Internal Auth Direct Integration

Internal Agent Fleet

Healthcare AI startups & Internal Systems

Your organization builds its own agents that need to access patient management systems, telephony infrastructure, and CRMs. Mercury provides the mTLS certificate tree, ensuring every internal interaction is logged and compliant.

Ship to clinical environments with compliance infrastructure built in from day one. Stop losing deals to procurement questionnaires you cannot answer.

AI Agent

Mercury

mTLS · Policy Engine

AthenaHealth

Weave

Salesforce

Webhook Verification OAuth SMART Cross-Platform

External AI Platforms

Voice AI agencies & Third-Party Platforms

You use a third-party voice AI platform to build agents that interact with systems you do not own. Mercury acts as the trust broker, verifying webhook signatures and enforcing client-specific rule packs per tenant.

Serve regulated clients across verticals without building compliance internally. Add Mercury to your stack and unlock every regulated deal.

Vapi

Retell

ElevenLabs

Mercury

Webhooks · FHIR R4

Epic EHR

Salesforce

Stripe

Tenant Isolation API Key Scoping CaaS

Embedded Compliance

SaaS Platforms & Multi-Tenant Agents

You are a SaaS platform that allows your customers to deploy their own agents. Mercury provides the multi-tenant isolation layer, enabling compliance-as-a-service with unique audit requirements per tenant.

Add compliance infrastructure for AI agents embedded in your platform. Mercury handles multi-tenant scanning, logging, and retention so you do not have to.

Tenant A

Tenant B

Tenant N

Mercury

Per-tenant isolation

HighLevel

Zendesk

HubSpot

Regulatory coverage

One engine, configurable by industry

Mercury's policy engine runs vertical-specific rule packs. Start with healthcare, expand to new verticals by adding packs.

HIPAA / HITECH

Healthcare privacy, substance use disorder protections, FTC Health Breach, FDA off-label communication rules.

FDCPA / Reg F

Debt collection communication controls. Call frequency, disclosure requirements, mini-Miranda, time-of-day restrictions.

GLBA

Financial data protection and privacy. Safeguards Rule, privacy notice requirements, information sharing controls.

PCI DSS

Payment card data handling. Scope reduction, access controls, audit trails for payment-taking agent interactions.

TCPA

Telemarketing consent and calling rules. Prior express consent, autodialer restrictions, DNC list management.

Insurance

Claims communication and disclosure requirements. State-specific insurance regulations, prohibited practices, documentation rules.

Plans

Pricing

Three feature-differentiated tiers with a 7-day free trial. Sentinel watches. Guardian protects. Citadel commands.

See Full Mercury Pricing

Hello Voice plans include Mercury Guardian-equivalent seats. View Hello Voice pricing

Certification

Mercury Compliance Certification

Certify your platform, agents, and deployments through continuous compliance scanning.

Level 1

Mercury Certified

Foundation scanning passed for 90+ consecutive days with no critical violations. Foundation certification for platforms beginning compliance adoption.

Level 2 / Recommended

Mercury Certified, Advanced

Enforcement scanning for 90+ days with compliance score above 95%. Full policy enforcement, audit evidence generation, elevated governance requirements.

Level 3

Mercury Certified, Premier

Full platform scanning for 180+ days with compliance score above 98%. Complete audit support and priority certification review.

Contact sales for certification pricing and eligibility.

FAQ

Mercury. Common questions about compliance infrastructure for AI agents

What is Hello Mercury?

Hello Mercury is the compliance control plane for AI agents in regulated industries. It receives interaction data from any AI platform via webhooks or mTLS, scans against configurable regulatory rule packs (HIPAA, FDCPA, GLBA, PCI DSS, TCPA, Insurance), encrypts and retains data for regulatory periods, and produces audit-ready evidence bundles.

Do I need Hello Voice to use Mercury?

No. Mercury is platform-agnostic and connects to any AI agent platform via HTTPS webhooks. Hello Voice customers get Mercury bundled at no incremental charge: Hello PAYG includes 4 to 8 Guardian-equivalent seats scaled to monthly voice-minute volume, and Hello Enterprise includes 8, 24, or Citadel allocation scaled to the customer's Enterprise allocation level. Mercury is also available standalone for any builder, agency, or platform.

Which regulatory frameworks does Mercury support?

Mercury supports HIPAA/HITECH (healthcare), FDCPA/Reg F (debt collection), GLBA (financial services), PCI DSS (payments), TCPA (telemarketing), and Insurance rule packs. New verticals are added as configurable rule packs within the same policy engine.

How does Mercury billing work?

Mercury offers a 7-day free trial. Billing starts when the trial ends, regardless of individual seat activation timing. You select a tier (Sentinel at $30/seat/month or Guardian at $25/seat/month) and pay per activated seat, plus metered usage for interactions, storage, and policy evaluation credits that exceed included pools. Annual pre-pay discounts are available (Sentinel: $25/seat, Guardian: $21/seat).

What is Mercury Compliance Certification?

Mercury Compliance Certification validates that AI platforms, systems, and agents meet compliance standards through continuous scanning. Three tiers are available: Mercury Certified, Mercury Certified Advanced, and Mercury Certified Premier. Certification provides badges, audit support, and faster procurement for certified partners. Contact sales for certification pricing and eligibility.

How long does integration take?

Most teams complete webhook integration in under a week. Mercury provides standard HTTPS webhook endpoints that accept interaction data from any AI platform. Hello Voice customers connect via mTLS with zero additional integration work. Full onboarding including rule pack configuration, tenant setup, and dashboard access typically completes within two weeks.

Make your AI agents audit-ready

Start your 7-day free trial and connect your first agent in under a week. Or talk to our team about enterprise deployment.

Start 7-Day Free Trial Contact Sales