Security & Compliance
Configure agent-level security and compliance settings.
Synthflow offers security and compliance options at the agent level, allowing you to protect sensitive customer data and meet regulatory requirements.
PII Redaction
When enabled, PII (Personally Identifiable Information) redaction automatically removes sensitive data from:
- Transcripts displayed in the Synthflow platform
- Post-call webhook payloads sent to your systems
- Internal logs stored by Synthflow
This helps you comply with data protection regulations and reduces the risk of exposing sensitive customer information.
Redacted Data Types
The following PII types are automatically detected and redacted:
- Credit card numbers
- Credit card expiration dates
- Credit card CVV
- Social security numbers
- Names
- Email addresses
- Phone numbers
- Physical addresses
Enabling PII Redaction
API
You can also enable PII redaction via the API when creating or updating an agent:
See Create an agent and Update an agent for full API documentation.
Limitations
- Real-time audio is not affected — Redaction applies to text transcripts and logs, not the live audio stream
- Redaction is one-way — Original data cannot be recovered from Synthflow’s systems
- Due to the unstructured nature of voice data, our PII redaction system may not always achieve 100% accuracy in removing PII.
- PII redaction should be part of a broader data protection strategy. Ensure your own systems and integrations also handle sensitive data appropriately.
- PII redaction applies to new calls only. Existing transcripts and logs are not retroactively redacted.
- Information extractors cannot extract redacted PII — If you have information extractors configured to extract PII data such as individual names, they will not be able to extract this data as it has already been redacted by that point in the processing pipeline.
