The Voicify "Competitor A or Competitor B" dental AI deal that dies the worst death is not the one that loses on feature parity or on the live demo. It is the one that sails through discovery, wins the demo on its merits, gets a verbal commit from the office manager — and then dies four days later when the practice's IT contractor opens the vendor security questionnaire and the rep cannot answer half of it. The security and trust review battlecard is the rep-facing card built for that specific failure mode. Twelve to fifteen questions, three columns — Voicify, Competitor A, Competitor B — every answer sourced to a document in the evidence library, every claim refreshed on the shortest cadence of any card in the library because security claims rot faster than any other competitive intel.
TL;DR
Twelve to fifteen questions. Three columns. The shortest refresh cycle in the library. The Voicify "Competitor A or B" security and trust battlecard captures every question an IT lead, compliance officer, or DSO security committee asks in a dental AI evaluation — BAA terms, SOC 2 status, PHI handling, encryption, residency, subprocessors, retention, deletion, recording consent, audit rights, breach SLAs, cyber liability limits. Each row has a Voicify answer, a Competitor A answer, a Competitor B answer, and a source URL in the evidence library. Default row expirations are thirty days for subprocessor lists, sixty days for trust page items, ninety days for audit certifications, because security claims rot fastest and a wrong security claim costs the deal plus a legal letter. The card runs upstream of the IT integration due diligence battlecard — security is the gate, integration is the work after the gate opens.
Why Security Reviews Kill Dental AI Deals After the Demo
Three years ago, dental AI deals lost on the feature demo. The receptionist tested the call flow on her own number, hated the way the bot handled a hygiene reschedule, and the deal died on the spot. Today, that demo failure is rare — Voicify and its serious competitors have all hit a baseline of call quality where the practice is willing to move forward after a live demo. The death has migrated downstream. The deals that die now die at the questionnaire — fifty questions long, two business days of turnaround expected, sent to the rep by the practice's IT contractor or by the DSO's compliance lead, full of language the rep has never seen written down anywhere in the company's sales enablement library.
The rep panics, forwards the questionnaire to product marketing, product marketing forwards it to security, security comes back six business days later with answers — and by the time the rep gets back to the practice, the competitor has answered their version of the same questionnaire in two days because they have a security and trust battlecard prepped and the rep can fill in eighty percent of the answers from the card without escalating. The deal is gone. Not on features, not on price, not on the demo. On response speed to a questionnaire the rep should have been able to anticipate.
The Twelve to Fifteen Questions
The standard dental AI security review is more predictable than reps think. The same twelve to fifteen questions appear, with minor rephrasing, on ninety-five percent of practice and DSO questionnaires. The card prepares answers for all of them.
| Question | What the buyer is really asking |
|---|---|
| HIPAA BAA | Will you sign our form or only your own — and what is the indemnification cap |
| SOC 2 audit status | Type II, Type I, or in-progress; what is the audit date and the gap status |
| PHI handling on the call | Where does the audio land in real time and is the transcript stored separately |
| Encryption | In transit and at rest, with named standards (TLS 1.2+, AES-256) |
| Data residency | US-only option available; multi-region default disclosed |
| Breach notification SLA | Hours to first notice, not days; method of notification named |
| Subprocessor list | Published, current, with change-notification mechanism |
| Retention defaults | Days for audio, days for transcripts, configurability per-tenant |
| Deletion on termination | Certified deletion, timeline, exclusions named |
| Recording consent | Pre-call announcement language and state-by-state jurisdiction defaults |
| Audit rights | Practice or DSO right to audit, frequency, cost-bearing party |
| Cyber liability insurance | Limit, named carrier, certificate-of-insurance availability on request |
| Personnel access to PHI | Role-based access, named personnel categories, background checks |
| AI training data use | Whether tenant audio or transcripts ever train cross-tenant models |
| Integration security | OAuth or token, scope of access, revocation flow |
Each question gets three answer cells — Voicify, Competitor A, Competitor B — and each cell traces to a row in the battlecard evidence library with the source URL, capture date, and reviewer initials. The card lives or dies on whether reps trust the cells enough to answer the practice's questionnaire without escalating.
The BAA Cell Is the Highest-Stakes Cell on the Card
The HIPAA business associate agreement question is the single most common kill-shot on competitive dental AI deals, and the BAA cell is the highest-stakes cell on the entire card. Three pieces of information have to be visible to the rep at a glance. First, yes-or-no on whether the vendor signs a BAA at all — yes for every serious dental AI vendor including Voicify and its main competitors, no for fringe entrants, and a no is the cleanest disqualifier the rep gets in the deal cycle. Second, a flag on whether the BAA is the vendor's standard form or a form the practice can modify — modified BAAs add weeks to procurement and reps need to know going into the questionnaire whether the practice should expect to redline. Third, the indemnification cap and the subcontractor flow-down language in the BAA, because DSO legal teams read both before signing and a low cap or a missing flow-down is a deal-slipping objection the rep needs to surface and address before the legal review meeting rather than during it.
For mid-market DSO deals especially, the cap question matters more than the rep realizes. A one-million-dollar cap on a contract that processes PHI for thirty offices reads as inadequate to a DSO general counsel who has previously been burned on a breach disclosure cost five times that. The cell on the card should include the cap and the standard exceptions, so the rep walks into the legal conversation with the answer rather than fumbling for it.
Security Card Sits Upstream of the Integration Card
The security and trust battlecard sits upstream of the IT integration due diligence battlecard in the deal cycle. The security card answers the vendor-level questions — BAA, SOC 2, encryption, residency, subprocessors — that the practice's IT lead or DSO security committee asks before integration questions are even on the table. The integration card answers the wiring questions — which PMS the vendor connects to, what API surface area exists, what data flows where, what fails open versus fails closed during an outage.
Reps run the security card first because if the answer to BAA is no or the answer to SOC 2 is in-progress-but-not-complete, the integration questions never get asked. The security card is the gate. The integration card is the work that happens after the gate opens, which is why the battlecard trigger map fires the security card on any deal with an IT contractor on the buying committee and fires the integration card only after the security card has been validated against the practice's specific requirements.
Refresh Cadence Is the Tightest in the Library
The security and trust battlecard has the shortest refresh cycle of any card in the Voicify A-or-B library. SOC 2 audit dates, subprocessor lists, and trust page updates change quarterly at most vendors and monthly at fast-moving ones. The battlecard governance SOP sets up a sixty-day cron job that re-pulls every vendor's trust page screenshot, diffs it against the prior capture, and flags any change to the competitive intel lead. Default expirations on security-card evidence rows are thirty days for subprocessor lists, sixty days for trust page items, and ninety days for audit certifications.
Security claims rot faster than feature claims and rot more dangerously. A wrong feature claim costs the rep a deal when the buyer catches the gap on a follow-up call. A wrong security claim costs the rep a deal and a letter from the competitor's general counsel to the rep's general counsel. The shortest refresh cadence in the library is the rational response to the highest stakes attached to drift.
Connections Into the Rest of the Cluster
The security and trust battlecard reads from the evidence library like every other card in the cluster, but with the shortest expirations on its rows. It triggers via the trigger map the moment an IT contractor name shows up in the deal record or a DSO compliance lead is added to the buying committee. It feeds the objection handling card with the canonical answers to the four or five security objections that surface in live discovery — "is my data used to train a model," "where does the audio go," "what happens if you get breached" — so reps do not invent fresh phrasing under pressure.
It pairs with the DSO buyer battlecard on enterprise dental AI deals where the compliance committee runs in parallel with the operational evaluation, and with the pricing and procurement battlecard because security and procurement reviews increasingly land in the same workflow at large DSOs. The battlecard QA checklist applies its strictest validation pass to the security card before publication — every cell sourced, every BAA flag checked, every SOC 2 date confirmed against the vendor's current trust page — because a single wrong cell on this card is the cell that costs the deal and triggers the inbound legal correspondence.
The security and trust battlecard is the card reps reach for when the deal moves from operations to procurement, when the IT contractor joins the buying committee, when the office manager forwards the fifty-question questionnaire. It is the card that converts the post-demo death spiral into a two-day response that beats the competitor on speed and authority. The work to build it is real — fifteen questions, three columns, sixty-day refresh, legal sign-off on every cell. The work not to build it is more expensive, because the deal that dies on the questionnaire is the deal the rep already won on the demo, and losing won deals to procedural drift is the most expensive failure mode in dental AI sales.