Contact person: Business Client

Phone:Show

Email:Show

Location: Cologne, Germany

Budget: Recommended by industry experts

Time to start: As soon as possible

Project description:
"Project: GDPR-Compliant Multi-Tenant Voicebot for Pharmacies (“ApoVoice”)
1) Summary
We need to build an EU-hosted, GDPR-compliant voicebot for pharmacies. The bot answers calls in German and English, captures orders/prescriptions, logs caller name/phone/intent, and delivers those records to each pharmacy via secure Webhook/SFTP/Portal. The platform must be multi-tenant (many pharmacies, clean data separation), with data minimization, 30-day retention for personal data, and anonymous analytics (no way back to a person).
You will deliver an MVP ready to onboard 1–2 pilot pharmacies, with a clear path to scale to dozens.
2) Scope of Work
Core features
• Telephony: Receive inbound calls (EU VoIP, SIP-TLS/SRTP). Basic IVR + “human-like” dialogue.
• Speech-to-Text: On-prem/self-hosted (e.g., Whisper) for DE/EN; latency budget for phone calls.
• Text-to-Speech: On-prem (e.g., Coqui TTS) or EU cloud TTS. Natural voice, DE/EN.
• NLP/Flow: Intent detection for Prescription, Order, General info (hours, services, etc.).
• Order capture: Structured items (e.g., PZN/ATC, name, quantity), notes, pickup time.
• Contact capture: Caller name (optional), phone (mandatory); optional email.
• Consent flow: Short spoken notice + opt-in flags (voice processing; optional recording).
• Delivery to pharmacy (per tenant, configurable):
• Signed Webhook (mTLS + HMAC) or SFTP (CSV/JSON), or secure Portal export.
• Admin portal (multi-tenant):
• Tenant config (opening hours, services, delivery method, consent text, phone numbers).
• Role-based access, audit trail, exports (CSV/PDF).
• Analytics (anonymous only):
• Aggregates per hour/day, article code, qty, channel.
• k-anonymity threshold (e.g., k≥10) before writing/visualizing any metric.

Non-functional
• Multi-tenant isolation: Prefer DB-per-tenant (or separate schema) + key-per-tenant.
• EU hosting only (e.g., Hetzner/IONOS/Scaleway). No US data transfer.
• Security: TLS 1.3, SIP-TLS/SRTP, at-rest encryption (AES-256), RBAC + MFA, IP allowlists.
• Reliability: Idempotent deliveries, retries, dead-letter queue, observability (metrics/logs).
• Retention: Personal data auto-delete after 30 days (configurable).
• Docs: Architecture, runbooks, deployment scripts, handover guide.
3) Compliance Requirements (must-have)
• GDPR Art. 9 safeguards (health context).
• Data Processing Agreement (DPA/AV) templates for each pharmacy; list of subprocessors.
• TOMs documented (access control, crypto, backups, incident response).
• DPIA/DSFA template for our use.
• No direct US SaaS for PHI/PII. If any external AI/TTS is used, it must be EU-hosted; otherwise self-host.


Lets us know , what do you thing about the project . How long do you need ? And how much it will cost ?" (client-provided description)