recording url accessible publicly
# supportu
2_mb2
09/19/2024, 7:19 AMHi, I have some questions regarding the recording URLs included in the end-of-call reports generated by VAPI. These URLs are currently accessible publicly, which poses a significant security risk. How can we restrict access to these recordings and ensure they are not publicly available? Additionally, what is the procedure for deleting these recordings? I want to confirm my understanding as this is a critical security concern.
v
Vapi
09/19/2024, 7:20 AMmessage has been deleted
Vapi
09/19/2024, 7:20 AM@2_mb2
Hello! I understand your concerns about the security of call recordings and the importance of ensuring they are not publicly accessible. To address this:
1. **Restricting Access**: We can configure the recording settings to ensure that the URLs are not publicly accessible. This typically involves setting up access controls or generating URLs that require authentication.
2. **Deletion Procedure**: For deleting the recordings, there is a specific process that you can follow. This usually involves sending a request to delete the recording associated with a particular URL or call identifier.
Since you've mentioned the criticality of security, I would also recommend enabling HIPAA compliance on our platform if you haven't already done so. This will ensure that all data handling adheres to the necessary privacy standards.
Would you like me to guide you through the steps to restrict access and delete recordings, or would you prefer to enable HIPAA compliance settings for enhanced security?
Vapi
09/19/2024, 7:20 AMYou can continue this conversation by mentioning me in the message.
u
2_mb2
09/19/2024, 8:22 AMYes...explain me how do I restrict access plus deletion
s
Shubham Bajaj
09/19/2024, 8:09 PMyou can store recordings in your s3 buckets, and can limit access according to your requirements.
Shubham Bajaj
09/19/2024, 8:09 PMregarding deletion you have to send call ids to support@vapi.ai
u
2_mb2
09/20/2024, 12:59 AMI am using Azure instead of an S3 bucket. Can the recordings be stored in Azure? Additionally, the phone numbers of the people we are calling are included in plain text in the API request. I wanted to check if it is possible to mask them, as we have a use case where even employees / developer should not be able to view them due to data privacy concerns.
s
Shubham Bajaj
09/20/2024, 4:40 PMAs of now we support aws s3 only, if azure is important for you can raise a custom feature request.
for masking data you can ask in today's office hours.
8 Views