Data Security Modes

Data security can be broken down into two categories: Job Data and Logs.

Caution

For test calls (with TestJob: true), we always disable encryption and redaction, to help us with debugging! Therefore, do not use test jobs with PII-sensitive contacts.

Job Data Modes

Job data can be put into two modes, clear is used by default.

clear mode

All data is kept in cleartext. This allows us to include analysis in analytics events to enable our aggregate analysis features for call content.

encrypted mode

All sensitive Job data is encrypted before being inserted into the database.

Job metadata will still be added to analytics events, but call analysis will strip the data (custom analysis schema) which prevents it from being used with our analytics capabilities.

Currently, if you wish to perform aggregate analysis of a campaign with encrypted mode, you will need to pull the data yourself.

After you perform PII deletion, we remove the encrypted sensitive data and also delete the encryption key.

Note that database data, S3 storage, etc. all uses standard cloud-provider encryption at rest, independently of the Job Data mode.

Log Modes

Logs can be processed in the following modes, clear is used by default.

clear mode

No modifications, maximum visibility into behavior.

redacted mode

All logs will be processed through an LLM redaction pipeline before being logged.

There is no guarantee that all sensitive info is redacted, but it’s highly likely.

Information is redacted with self-closing XML tags like <Redacted type="credit card number" />.

This may invoke additional billable usage as logs are quite verbose.

drop mode

All logs from the call are dropped.

Guarantees no sensitive data is logged, but removes visibility into call behavior.