- Where are recordings stored?
- Where are transcripts stored?
- Can storage region be selected?
- What is the default retention period?
- Are recordings used for model training?
- What subprocessors are involved?
- Is a DPA available?
- Are UK/EU transfer safeguards available?
Hello @powerautomate
1/2. Call recordings and transcripts are stored indefinitely in session history. Customers can disable storage, in which case data is not retained.
-
All data processing and storage happens in the US (AWS US regions).
-
By default, call recordings and transcripts are stored indefinitely in session history. Customers can disable storage, in which case data is not retained. Webhook-delivered recording URLs will expire after processing. Retention settings can also be customized.
-
We do not use customer call data for training or fine-tuning AI models. We rely on pre-trained third-party models. We enforce provider-level training opt-outs.
-
Our DPA restricts data usage strictly to service-related purposes.6. You can review our current sub processor list here: https://trust.retellai.com/subprocessors Clients must approve all sub processors under GDPR Article 28.
-
Our self-sign DPA does not include Standard Contractual Clauses (SCCs). If SCCs are required, you can request a separate DPA.
-
What we do offer for GDPR:
-
GDPR compliance via legal transfer mechanisms — we offer a self-serve Data Processing Addendum (DPA) with Standard Contractual Clauses (SCCs) available at https://click-agreements.retellai.com
-
SOC 2 Type I & II certification and HIPAA compliance — details at our Trust Center https://trust.retellai.com
-
Data encryption in transit and at rest
However, as you correctly identified, SCCs address the legal basis for cross-border data transfers under GDPR — they do not satisfy a physical EU data residency requirement, which is what NIS2-regulated entities typically demand.
Thank You