I want to develop a voice agent for one of my clients in the UK, but I’m facing challenges regarding call recording storage due to UK GDPR compliance requirements.
I’d like to understand how Retell handle this, or what best practices and solutions are available to ensure compliance while managing recordings effectively.
Hey @arunrawat1880
Retell AI offers several features that can help you meet UK GDPR compliance for call recording storage:
Data Storage Settings — Per agent, you can choose: Everything, Everything except PII (with configurable PII scrubbing for names, addresses, emails, phone numbers, etc.), or Basic Attributes Only (no recordings/transcripts stored at all).
Data Retention Policy — Set automatic deletion periods (1 day to 730 days) per agent. Expired data is permanently and irreversibly deleted.
Webhooks for real-time export — Even with storage disabled, you still receive call recordings and transcripts via webhooks, so you can capture and store data in your own GDPR-compliant infrastructure (e.g., a UK-based server).
Secure URLs — Opt in so recording/log URLs expire after 24 hours, preventing unauthorized access.
A practical approach: set storage to Basic Attributes Only, use webhooks to capture recordings in real time, and store them on your own UK-hosted infrastructure where you control data residency and deletion policies.
Thank You