Privacy and compliance
Voice agents handle personal data by nature: people say their name, their number, and sometimes far more. These are the controls.
Redaction
compliance.redact_pii on an agent redacts personal data - emails, phone numbers,
card-like numbers - from stored transcripts. What is spoken is unaffected; what is
kept is redacted.
Turn it on for any agent that will hear payment or health details.
Recording
Recording is off by default and enabled per agent. Whether you may record, and whether you must announce it, depends on your jurisdiction - in many places you must tell the caller. If you must announce it, put it in the agent's opening line.
Deleting data
An organization's data can be exported and deleted on request. Deleting an agent removes its sessions and their recordings.
Deleting an agent that has call history is blocked by default, because it would destroy the record of those calls. Archive it instead if you only want it out of the way.
Where data goes
Your data lives in your organization's region. Conversation content is sent to the model, transcriber and voice providers you chose for the agent, which process it on their own infrastructure - so which providers you pick is part of your compliance posture, not just a quality decision.
What is yours
Glytos gives you the controls. Consent, calling hours, do-not-call lists, disclosure, and the lawful basis for what you do with what you capture are your responsibility - and they vary by country.