Privacy and compliance

Voice agents handle personal data by nature: people say their name, their number, and sometimes far more. These are the controls.

Redaction

compliance.redact_pii on an agent redacts personal data - emails, phone numbers, card-like numbers - from stored transcripts. What is spoken is unaffected; what is kept is redacted.

Turn it on for any agent that will hear payment or health details.

Recording

Recording is off by default and enabled per agent. Whether you may record, and whether you must announce it, depends on your jurisdiction - in many places you must tell the caller. If you must announce it, put it in the agent's opening line.

Deleting data

An organization's data can be exported and deleted on request. Deleting an agent removes its sessions and their recordings.

Deleting an agent that has call history is blocked by default, because it would destroy the record of those calls. Archive it instead if you only want it out of the way.

Where data goes

Your data lives in your organization's region. Conversation content is sent to the model, transcriber and voice providers you chose for the agent, which process it on their own infrastructure - so which providers you pick is part of your compliance posture, not just a quality decision.

What is yours

Glytos gives you the controls. Consent, calling hours, do-not-call lists, disclosure, and the lawful basis for what you do with what you capture are your responsibility - and they vary by country.

Privacy and compliance · Glytos Docs