Compliance & Data Retention¶
Per-org compliance settings for DPDP Act (India), hospital regulations (Telemedicine Guidelines 2020), and hotel guest privacy.
Recording consent modes¶
| Mode | Caller hears | Recording starts | Best for |
|---|---|---|---|
| Announcement | "This call may be recorded" | Automatically after notice | Hotels, general business |
| External Consent | Nothing (consent via form/app) | Immediately, silently | Hotels/hospitals with check-in forms |
| Opt-Out | Notice + "Press 2 to stop recording" | Unless caller presses 2 | Business wanting high recording rate |
| Explicit Opt-In | Notice + "Press 1 to consent" | Only if caller presses 1 | Hospitals (health data = sensitive) |
Industry presets¶
| Setting | Hotel | Hospital | General |
|---|---|---|---|
| Consent mode | Announcement | Explicit Opt-In | Announcement |
| CDR retention | 365 days | 1825 days (5 years) | 365 days |
| Recording retention | 180 days (6 months) | 1095 days (3 years) | 365 days |
| PII masking | Off | On | Off |
Presets are auto-applied when creating an org with an industry selection. All values are editable after creation.
API endpoints¶
GET /api/v1/compliance Read org compliance settings
PUT /api/v1/compliance Update settings
GET /api/v1/audit-log Paginated audit trail
DELETE /api/v1/calls/:id/recording Right-to-erasure
Compliance settings¶
{
"recording_enabled": true,
"recording_consent": "announcement",
"retention_cdr_days": 365,
"retention_recording_days": 180,
"pii_masking": false,
"data_encryption": true
}
Recording master switch¶
Two levels control whether a call is recorded:
- Org-level:
settings.recording_enabled— master switch. If OFF, no DIDs record. - DID-level:
did.recording_enabled— per-number toggle. Both must be ON.
Audit log¶
Every sensitive action is tracked in the audit_log table:
- Recording playback (who listened to which recording)
- Recording deletion (right-to-erasure)
- Compliance settings changes
- User role changes
- User login events
TTS audio files¶
9 Google WaveNet files (en-IN-Wavenet-D, 8kHz WAV) deployed to /var/lib/asterisk/sounds/en/ on both prod and staging:
this-call-may-be-recorded.wavpress-1-to-consent.wavpress-2-to-opt-out.wavwelcome-thank-you.wavall-agents-busy.wavperson-not-available.wavnumber-not-in-service.wavcall-rejected.wavplease-hold.wav
DPDP Act checklist¶
| Requirement | Status |
|---|---|
| Notice before recording | ✅ 4 consent modes |
| Purpose limitation | ✅ Per-DID recording toggle |
| Data minimization | ✅ Org + DID recording switches |
| Retention limits | ✅ Per-org configurable days |
| Right to erasure | ✅ DELETE recording API + audit |
| Audit trail | ✅ audit_log table |
| Encryption at rest | ⚠️ GCS default only |
| Data breach notification | ❌ Template needed |
| Data processing agreement | ❌ Legal doc needed |
Database¶
CREATE TABLE org_compliance (
org_id CHAR(36) PRIMARY KEY,
recording_enabled BOOLEAN DEFAULT TRUE,
recording_consent ENUM('announcement','explicit_opt_in','opt_out','external_consent'),
retention_cdr_days INT DEFAULT 365,
retention_recording_days INT DEFAULT 180,
pii_masking BOOLEAN DEFAULT FALSE,
data_encryption BOOLEAN DEFAULT TRUE
);
CREATE TABLE audit_log (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
org_id CHAR(36) NOT NULL,
user_email VARCHAR(255),
action VARCHAR(50) NOT NULL,
resource VARCHAR(50) NOT NULL,
resource_id VARCHAR(255),
details JSON,
ip_address VARCHAR(45),
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
);