Voice AI · SaaS Platform

Astos

Organisations upload leads. An AI voice agent dials each one, holds the conversation, and records the outcome. Every call leaves an immutable compliance audit trail.

Category

Generative AI / Voice AI · SaaS Platform

Industry

Debt collection, insurance, banking, healthcare

Technology

Next.js 16, React 19, TypeScript, Tailwind v4, NestJS 11, Prisma 5, PostgreSQL, Python, ElevenLabs

Status

In development on staging. Production on GCP, EU only, planned.

Platforms

Web. Operator dashboard and marketing site.

Astos
Astos dashboard — campaign overview with lead list and call statuses

Campaign detail

Campaign overview with the lead list and call states.

Astos call detail — single call with transcript and compliance outcome

Call detail

A single call with transcript and compliance result.

Astos analytics — call funnel, intent classification, and time series charts

Analytics

Funnel, intent classification, and time series charts.

100%

EU data residency

3

Compliance gates before every call

30s

Dialer cycle

15 min

JWT token lifetime

2

Isolated databases

Evolution

From a distributed stack to one voice loop.

Astos evolution v1 — composed multi-vendor voice pipeline architecture

Version 01 — Composed

Composed multi-vendor pipeline

The original design used Deepgram for speech to text, Cartesia for text to speech, and a separate telephony provider, each with its own API key and integration surface. It was designed but superseded before completion.

  • Deepgram speech to text
  • Cartesia text to speech
  • Separate telephony provider
  • Three integration surfaces
Astos evolution v2 — ElevenLabs single vendor voice loop architecture

Version 02 — Single vendor

Single vendor voice loop

ElevenLabs now runs the full loop end to end behind one Python service: speech to text, an LLM driven conversation, text to speech, and telephony. Chosen to cut latency and integration surface. The call status model was simplified accordingly.

  • ElevenLabs end to end
  • One Python voice service
  • Lower latency, fewer seams
  • Failover adapters kept as stubs
Phase 1

Foundation

Multi tenant single database architecture with org scoping and soft deletes. JWT auth with rotated refresh tokens and MFA.

Phase 2

Calling domain

Lead and call state machines settled. The voice pipeline consolidated on ElevenLabs end to end.

Phase 3

Security and infra

Signed webhooks, error tracking, AdminJS excluded from production. Hosting locked to GCP EU only on GKE with CMEK.

Phase 4

MVP service model

Internal facing managed service for the first year. Astos staff operate orgs, credits, and campaigns for clients.

The Problem

Outbound calling in regulated industries is bound by strict, auditable rules.

Heavy compliance load

Outbound calling in regulated industries carries strict duties: consent, do not call lists, allowed calling windows, and recording disclosures.

Evidence must be auditable

Compliance proof cannot be editable. Astos writes immutable check and audit records that are never updated or deleted.

Manual calling does not scale

The dialer automates lead selection and call placement per campaign, honouring schedule windows, attempt limits, and lead state.

Data residency constrains the stack

GDPR and EU data residency are a locked architecture decision, not an afterthought added later.

The Product

From lead upload to compliant call — automatically.

Upload leads and configure the campaign

Step 1

Upload leads and configure the campaign

Create a campaign with agent persona, script, caller number, schedule window, and retry rules. Upload leads via CSV. Columns become dynamic variables that fill placeholders in the script.

AI calls automatically, compliance gated

Step 2

AI calls automatically, compliance gated

The dialer picks due leads every 30 seconds. Before each call it validates consent, do not call status, and the calling window. Blocked calls never dial. Passed calls run live on ElevenLabs.

Outcomes, transcripts and analytics

Step 3

Outcomes, transcripts and analytics

The AI service returns status, duration, transcript, intent, and sentiment via webhooks. Dashboards show funnel, intent, and time series. Customers can receive signed outbound webhooks.

How It Works

The technical pipeline in detail.

Astos technical pipeline — operator dashboard, backend API, compliance engine, AI voice service, and integrations
01

Operator dashboard

Next.js 16 + React 19 + TanStack Query

Operators trigger and monitor campaigns and calls. The browser talks to the API behind an auth proxy that keeps the refresh token in an HttpOnly cookie.

02

Backend API

NestJS 11 + Prisma 5 + PostgreSQL

The source of truth for all tenant data. Loads campaign and lead, runs the compliance gate, writes immutable records, and initiates the call.

03

Compliance engine

NestJS compliance checks

Consent, then do not call, then calling window, before every call. A block cancels the call and is recorded permanently.

04

AI voice service

Python + ElevenLabs

Places and runs the live voice conversation, records audio and transcript, and reports back through authenticated webhooks.

05

Integrations out

HMAC SHA256 webhooks

Call and lead events are delivered to customer endpoints, signed and retried with backoff.

What makes Astos special

Core Features.

AI voice campaigns

Outbound calling with configurable agent persona, script, voice, schedule, and retry rules, across a clear draft to archived lifecycle.

Robot

Automated compliance engine

Consent records, do not call suppression, calling windows, and recording disclosures. Immutable audit trail with CSV export.

Lead management

Async CSV upload, a full lead state machine, do not call protection, and dynamic variables for script personalisation.

Autonomous dialer

A scheduler that selects and places due calls every 30 seconds, honouring schedule, attempt limits, and lead state.

Analytics dashboard

Overview KPIs plus per campaign funnel, intent classification, and time series charts.

Integrations and provisioning

Signed outbound webhooks with retries, phone number provisioning with a KYC flow, and a prepaid credits system.

Architecture & Technology

Next.js + NestJS + Python, EU-hosted.

A cross service architecture: a Next.js operator dashboard, a NestJS multi tenant API as the source of truth, and a separate Python AI voice service. Each service runs its own database and integrates over HTTP and webhooks only. EU hosted throughout.

Frontend

Next.js 16, React 19

TypeScript, Tailwind v4, TanStack Query & Form, Zod, Radix UI, Recharts

Backend

NestJS 11

Node.js 22, Prisma 5, JWT & MFA auth, throttling, Helmet

Data

PostgreSQL 15+

Two isolated databases, soft deletes, immutable audit tables

AI Voice

Python + ElevenLabs

Speech to text, LLM, text to speech end to end

Infra

Hetzner DE + Railway EU

Production target: GCP GKE, Cloud SQL with CMEK, EU only

Multi-tenant by design

Every row carries an org id and every query is scoped to it from the JWT, so there is no cross tenant access. Soft deletes everywhere. Audit and compliance logs are immutable.

Isolation

Org-scoped · soft deletes

Compliance-gated calling

No call is placed without passing consent, do not call, and calling window checks. Results are written as immutable records, with recording disclosures per jurisdiction.

Gate

Consent · DNC · window

EU data residency

Staging on Hetzner Falkenstein and Railway Amsterdam. Production locked to GCP EU only with CMEK and private Cloud SQL, with no US failover.

Region

EU only · no US failover

Next.js 16React 19TypeScriptTailwind v4TanStack QueryTanStack FormZodRadix UIRechartsnext-intlBunNestJS 11Node.js 22Prisma 5PostgreSQLJWTMFAPythonElevenLabsHelmetBackblaze B2RollbarnodemailerDockerCoolifyHetznerRailwayGCPGKECloud SQLRedis

Learnings

What we learned building it.

01

Compliance is architecture.

GDPR and data residency drove the stack from day one. EU only hosting is locked, soft deletes and immutable audit tables are schema level, and the compliance gate runs in the call path itself, not as a reporting afterthought.

02

One vendor for the voice loop beats a composed pipeline.

The original multi vendor design was superseded by ElevenLabs end to end. Fewer integration seams and lower latency. The old adapters remain as a failover seam.

03

Model state only when it means something.

Lead status stays empty until a call completes, and contacted is derived rather than stored. This avoids denormalised flags and phantom states.

04

What the API cannot enforce, the contract must.

The voice API exposes no per call training opt out, so that requirement is bound contractually in the data processing agreement. Vendor limits shape legal posture.

What this means for your business

Built for regulated calling.

At Astos

AI voice agents make compliant outbound calls at scale.

becomesfor you

For Your Business

For any regulated calling operation

The same engine fits any high volume calling team that has to stay inside the rules.

At Astos

Every call is compliance gated and audit logged.

becomesfor you

For Your Business

Demonstrable regulatory evidence

You can show exactly which checks ran on each call, with records that cannot be altered.

At Astos

Full EU data residency architecture.

becomesfor you

For Your Business

Built for GDPR sensitive industries

Data and processing stay inside the EU by design, not by configuration.

Frequently Asked

Technical questions about Astos.

On staging, the backend, frontend, and database run on a Hetzner server in Falkenstein, Germany. The AI service and its database run on Railway EU West in Amsterdam. Production is locked to GCP, EU region only, with CMEK encryption and no US failover.

Let's find out what AI can do for your business.

15 minutes. Free. No strings attached.

Not a sales pitch. Promised.

More Projects

More From Our Portfolio.