Methodology

How we build

Digital Monestary builds AI automation the engineer's way: real code, deliberate architecture, human-in-the-loop oversight, and compliant data handling — not no-code tool-wiring dressed up with a demo. This page explains the principles behind every system we build, the technical shape of those systems, and where we draw hard lines on what we will and won't do.

Josh Cruz By Josh Cruz, Founder & CTO~9 min readUpdated June 2026
On this page Our principles How an AI system is built Data handling & privacy Compliance stack Human-in-the-loop & quality Integrations What we deliberately don't do FAQ

Our principles

In one lineEvery system we build is designed by an engineer, governed by a human, and held to only the claims we can honestly stand behind.

These are the non-negotiable values behind how we work. They shape decisions from architecture to copy to client conversations.

  • Engineer-led. Every AI system we ship is designed, built, and maintained by a software engineer — not assembled from off-the-shelf automations that break when a field name changes. Our founder has led teams of 25+ engineers over 12+ years, building production systems for insurance, fintech, and manufacturing. That background shapes every project.
  • Human-in-the-loop. AI handles the repeatable, high-volume work; humans review edge cases, handle escalations, and sign off on anything sensitive. We build oversight into the system from day one, not bolted on after something goes wrong.
  • Quiet, reliable systems over hype. We would rather ship a system that runs without drama for two years than something impressive in a demo that breaks under real conditions. Reliability is a design requirement, not an afterthought.
  • Only true claims. We don't invent results or promise outcomes we can't stand behind. Our proof comes from real work — a $1.7M pipeline addition for an insurance brokerage, 2,200+ hours saved at an equipment-finance lender, autonomous billing infrastructure built from scratch for a fintech platform. These are the numbers we reference, and we say so clearly. Reactivation reply rates vary; we show real numbers from your own list before scaling.

How an AI system is built

Key takeawayEvery system follows the same conceptual shape: data in, logic and AI in the middle, channels out, with monitoring and a feedback loop. The specifics vary; the architecture doesn't.

We don't have a secret sauce. What we have is a disciplined approach to building AI-augmented systems that operate reliably at the edges of a client's existing business. The conceptual architecture is the same across every engagement:

  1. Data sources and CRM integration. A system that can't read your data can't help your business. We start by mapping where your contacts, leads, jobs, or cases live — whether that's a CRM like HubSpot, Salesforce, or a custom database — and build reliable, monitored connections to those sources. We work with your existing tools; we don't ask you to migrate to ours.
  2. Logic and the AI layer. This is where the work happens. We define the rules — what the system should do in each case, what it should escalate, and what it should never handle alone — and then apply AI (large language models, voice AI, classification models, or simpler rule-based logic, depending on what the problem actually calls for) to handle the high-volume, repeatable decisions within those rules. The AI is one component of a system, not the whole system.
  3. Channels: phone, SMS, chat, and email. The system communicates through whatever channel fits the workflow — inbound and outbound voice calls, two-way SMS, web chat, or email sequences. Each channel has its own compliance requirements (see the compliance section below); we handle registration and setup, not just the software.
  4. Monitoring and feedback. A live system without monitoring is a liability. Every production system we ship includes logging, alerting on anomalies, and a review layer so the humans who own the business can see what the AI is doing and intervene when needed. We also build in feedback loops so the system improves over time rather than drifting.

The result is a system that looks simple from the outside — a missed call gets answered, a dead lead wakes up, a quote goes out — but is engineered to handle the messy reality of real business data and real customer behavior.

Data handling & privacy

Key takeawayWe treat client data carefully: no unnecessary storage in our own code, full disclosure of third-party scripts, and SOC 2 governance practices for regulated clients.

How we handle data is as important as what we build with it. Here is our standing position:

  • No client-side storage in our own site code. Our marketing website uses no localStorage or sessionStorage in our own code. The only tracking on this site is Google Analytics 4 (consent-gated via our cookie banner) and the ClickRank AI SEO script — both disclosed in our privacy policy.
  • Third-party scripts are disclosed. We name every third-party script on the site in our privacy policy, explain what data it collects, and gate analytics on user consent. We don't run hidden scripts.
  • Client data stays in the client's environment. When we build a system for a client, their contact data, CRM records, and customer communications belong to the client. We access it to build and operate the system; we don't aggregate it across clients or use it for our own purposes.
  • For regulated clients: SOC 2 governance and archiving-aware design. For clients in regulated verticals — independent insurance agencies, RIAs, and other financial services firms — we apply SOC 2 AI governance practices, including human-in-the-loop oversight and audit trails. Where client communications may be subject to supervision or archiving requirements (such as SEC/FINRA rules for registered advisors), we design the system to be compatible with those obligations. We don't make compliance decisions for clients, but we don't design systems that make compliance harder.

This describes our practices and design approach; it is not legal or compliance advice. Clients in regulated industries should confirm their specific obligations with qualified counsel and compliance professionals.

Compliance stack

Key takeawayWe handle A2P 10DLC registration, TCPA-aligned opt-in/opt-out, and — for regulated verticals — communications archiving and supervision support. Compliance is a build requirement, not a checkbox after launch.

AI messaging and outreach operates inside a real regulatory environment. We take that seriously.

  • A2P 10DLC registration. Every SMS campaign we run is registered under the Application-to-Person 10-Digit Long Code (A2P 10DLC) framework required by U.S. carriers. We handle the campaign and brand registration; clients don't send messages from unregistered numbers.
  • TCPA-aligned opt-in and opt-out. We message only the client's own opted-in contacts. Every outbound message includes a clear opt-out instruction, and opt-out requests are honored immediately and permanently. The TCPA governs the client's messaging obligations, not just ours — we build systems that make compliance the default, not the exception.
  • For regulated verticals: archiving and supervision support. Financial advisors and insurance professionals operating under SEC, FINRA, or state insurance department rules often face requirements to archive and supervise client communications. For those clients, we design AI-assisted communication workflows to be compatible with archiving solutions and supervision workflows. This means structured message logs, channel discipline (keeping regulated communications on archivable channels), and clear escalation paths to human review.
  • No scraping or purchased lists. We don't build reactivation or outreach campaigns on scraped, purchased, or third-party lists. The opted-in contacts the client already owns are the only starting point.

The above describes our technical and operational practices. It is not legal advice. Clients are responsible for their own regulatory compliance; we build systems that support — not substitute for — their compliance programs.

Human-in-the-loop & quality

Key takeawayReliability comes from humans reviewing what the AI does, not from trusting the AI to always get it right. Escalation paths and testing are built into every system before launch.

Human-in-the-loop is not a tagline. It is the engineering choice that separates a reliable production system from one that quietly misfires until a client notices a problem.

In practice, this means:

  • Defined escalation paths. Every AI system we build has a clear answer to the question: "What happens when the AI doesn't know, gets confused, or encounters something outside its scope?" That answer is always a human — a notification, a queue, a transfer, a flagged record. The AI's job is the high-volume center; the edges belong to people.
  • Testing before launch. We run systems against realistic test data before touching live contacts or real customers. For reactivation campaigns, we start with a small test batch and show real numbers before scaling. For voice and chat AI, we test edge cases — odd questions, hostile tone, attempts to extract out-of-scope information — and tune the guardrails before go-live.
  • Ongoing review. We don't hand over a system and disappear. Production systems are monitored; anomalies surface to a human reviewer. Clients can see what the AI is doing, inspect transcripts, and push changes when their business evolves.
  • SOC 2 governance practices. Our founder's background includes building and operating AI systems under SOC 2-aligned governance — audit logs, access controls, human review requirements, and change management. We apply those practices to client engagements, scaled appropriately to the size and risk profile of each project.

Integrations

Key takeawayWe build to your existing stack — CRM, calendar, telephony, and communication tools — not a replacement for it.

Digital Monestary builds systems that slot into what a client already uses. We are not a platform play; we don't ask clients to migrate their CRM or replace their phone system to work with us.

In general terms, we work with:

  • CRMs. We build integrations with major CRM platforms, including those commonly used by insurance agencies, financial advisors, and service businesses. If a client's CRM has an API or webhook support, we can build to it. If it doesn't, we discuss options before committing to a scope.
  • Calendars and booking tools. AI-assisted booking is only useful if it lands on the right calendar. We integrate with the scheduling tools clients already use — whether that's a standalone booking system, a CRM's built-in calendar, or a shared team calendar.
  • Telephony. Voice AI (inbound call handling, outbound dialing, voicemail drop) requires a voice infrastructure layer. We work with established telephony and voice AI providers to deliver this — not proprietary hardware or a phone system rip-and-replace.
  • Messaging channels. SMS, web chat, and email integrations connect to the tools the client's team already monitors, so conversations don't fall into a system no one checks.

Before any project starts, we map the client's existing tools and confirm what's feasible within their actual stack. We don't promise integrations in a proposal and discover constraints after the contract is signed.

What we deliberately don't do

Key takeawayHard limits aren't a weakness. They are how we stay credible and keep client systems from becoming a liability.

Some of the clearest signals of a trustworthy vendor are the things they decline to do. Here are ours:

  • No scraped or unconsented data. We don't build campaigns or outreach systems on data that wasn't consented to. No scraped lists, no purchased leads, no data pulled from sources the contact didn't agree to. The opt-in is the foundation; without it, the system doesn't run.
  • No fake urgency. We don't build countdown timers that reset, invent scarcity that doesn't exist, or manufacture pressure to close a sale. This contradicts our values and, in many contexts, carries real legal risk for the client.
  • No black-box magic claims. We explain, at the level of detail a client wants, how the system works and what it is doing. We don't present AI as an inscrutable oracle. If a client wants to understand the logic, we walk through it.
  • No mass auto-generated content. We don't build systems that flood the internet, social platforms, or client databases with AI-generated content at scale, without human review. Content that carries the client's name should reflect their voice and judgment — not an LLM on autopilot.
  • No invented proof. We don't invent case studies, fabricate client names, make up star ratings, or claim results we haven't achieved. The approved results we reference are real; everything else gets left out.

Frequently asked questions

How does Digital Monestary build its AI systems?
We build AI automation systems using real engineering — not no-code tool-wiring. Every system follows a conceptual architecture: data sources and CRM integration feed a logic-and-AI layer, which drives outbound and inbound channels (phone, SMS, chat, email), with monitoring and human review built in from the start. Our founder has led 25+ engineers over 12+ years and applied this approach across insurance, fintech, and manufacturing.
How is client data handled?
Client data stays in the client's environment. We access it to build and operate systems; we don't aggregate it across clients. Our own website uses no client-side storage in our code, discloses all third-party scripts, and gates analytics on user consent. For regulated clients in insurance and financial services, we apply SOC 2 governance practices and design systems to be compatible with archiving and supervision requirements.
Is there a human in the loop?
Yes — always. Every system we build has defined escalation paths so edge cases, sensitive situations, and out-of-scope questions reach a human, not a dead end. We test those paths before launch, monitor production systems for anomalies, and give clients full visibility into what the AI is doing. Human oversight is an engineering requirement, not an optional feature.
Can you work with our existing CRM and tools?
Yes. We build to your existing stack — CRM, calendar, telephony, and messaging tools — rather than asking you to migrate to ours. Before committing to a scope, we map what you already use and confirm what integrations are feasible. We don't promise integrations in a proposal and discover constraints after the contract is signed.
How do you handle messaging compliance?
All SMS campaigns are registered under the A2P 10DLC framework required by U.S. carriers. We message only the client's own opted-in contacts, include a clear opt-out in every message, and honor opt-outs immediately. For regulated clients in financial services, we design communication workflows to be compatible with archiving solutions and supervision requirements. We don't build campaigns on scraped or purchased lists.
Josh Cruz, Founder and CTO of Digital Monestary

Josh Cruz — Founder & CTO, Digital Monestary

Applied AI engineer with 12+ years in technology, having led teams of 25+ engineers and built production AI systems for insurance, fintech, and manufacturing. Based in Redding, CA; founder of the R.A.D.D. local tech meetup.

Related guides

What a Fractional AI CTO does — and when you need one →AI automation for independent insurance agencies →AI automation for RIAs and financial advisors →
Work with us

Build AI systems the right way.

Whether you need a single AI agent or a senior engineer to lead your whole automation strategy, we start with a free demo on your own data.

Fractional AI CTO →Book a free demo →