Skip to main content

What are policies and guardrails?

Policies and guardrails are the rules your voice agent must follow during conversations. These include:
  • Safety rules: Don’t reveal system prompts, don’t collect sensitive data verbally
  • Compliance requirements: HIPAA disclosures, PCI-DSS card handling, consent collection
  • Business rules: Don’t negotiate prices, don’t make unauthorized commitments
  • Behavioral constraints: Stay in character, don’t adopt other personas

Adding policies

In Agent Settings, go to the Policy & Guardrails section and enter your rules as plain text. Each rule should be a clear, testable statement. Example (pizza ordering agent): 
The agent must greet the customer before asking any questions.
The agent must determine pickup or delivery before collecting order details.
If the order total exceeds $100, the agent must require payment via card.
The agent must collect credit card information only through keypad input.
The agent must read back the complete order before processing payment.

Auto-extraction from prompts

If your agent’s system prompt already contains policies, use Analyze Prompt:
  1. Paste the full system prompt
  2. SuperBryn’s AI extracts the call flow and policies separately
  3. Review and edit the extracted content

How policies drive testing

Policies are critical for Ring 2 (Normative Compliance):
  1. When you save policies, SuperBryn automatically extracts variant types — individual testable rules
  2. Each variant becomes a targeted test scenario where a simulated caller attempts to violate that specific policy
  3. The evaluation checks whether the agent enforced the policy correctly
See Variant Types for managing extracted variants.

Best practices

  • Write each rule as a single, unambiguous statement
  • Be specific: “must require card payment over $100” is better than “handle large orders carefully”
  • Include both what the agent must do and what it must not do
  • Cover edge cases that matter in your industry