BuildConfiguration

Security & Compliance

Configure agent-level security and compliance settings.

The Security & Compliance section of the agent editor gives you agent-level controls for data retention and data protection. These toggles let you decide what gets stored, for how long, and whether sensitive information is redacted from records.

Security & Compliance settings

Save Recordings

When enabled, Synthflow retains the audio recording of every call the agent handles. Disable this toggle if your compliance requirements prohibit storing call audio, or if you simply don’t need recordings and want to minimize stored data.

Save Transcripts

When enabled, Synthflow retains the text transcript of every call. Transcripts are used throughout the platform — in logs, analytics, and post-call webhooks — so disabling this toggle also removes transcript data from those surfaces.

Limit Data Retention to 30 days

Enabling this toggle automatically deletes all transcripts, recordings, and caller IDs after 30 days. This is useful for meeting data-minimization requirements under regulations like GDPR, where you need to avoid indefinite storage of personal data.

Personal Info Redaction (PII)

When enabled, PII redaction automatically strips sensitive data from transcripts displayed in the platform, post-call webhook payloads sent to your systems, and internal logs stored by Synthflow. This helps you comply with data protection regulations and reduces the risk of exposing sensitive customer information.

You can also enable PII redaction via the API when creating or updating an agent:

1{
2  "agent": {
3    "redact_pii": true
4  }
5}

Redacted data types

The following PII types are automatically detected and redacted:

  • Credit card numbers, expiration dates, and CVVs
  • Social security numbers
  • Names
  • Email addresses
  • Phone numbers
  • Physical addresses

Limitations

  • Real-time audio is not affected — redaction applies to text transcripts and logs, not the live audio stream.
  • Redaction is one-way — original data cannot be recovered from Synthflow’s systems.
  • Due to the unstructured nature of voice data, PII redaction may not always achieve 100% accuracy. It should be part of a broader data protection strategy — ensure your own systems and integrations also handle sensitive data appropriately.
  • PII redaction applies to new calls only. Existing transcripts and logs are not retroactively redacted.
  • Information extractors cannot extract redacted PII — if you have extractors configured to capture data such as names, they will not be able to extract it because the data has already been redacted earlier in the processing pipeline.