Hello, some clients are asking about privacy issues. We'd like to know the following: - How long are recordings kept? - Are conversations and model requests (GPT for example, but other models too) used for training the model? If yes, can we opt out of that? - We see the HIPAA compliance to be a paid add-on, what about other compliances like GDPR, CCPA, SOC 2? Thank you!

@radu Hello! I'm glad to address your concerns about privacy: - The duration for which recordings are kept can vary based on the settings you choose. If you opt for HIPAA compliance, we ensure that recordings are handled in a manner that meets the regulatory requirements, which typically means limiting the retention period and ensuring secure storage and transmission. - Conversations and model requests are generally used to improve the performance and accuracy of the models. However, for clients who prioritize privacy, such as those requiring HIPAA compliance, there is an option to opt out of this data usage to ensure that conversations are not used for training purposes. - Regarding other compliances like GDPR, CCPA, SOC 2, etc., we are committed to providing a high level of data protection and privacy. These compliances may also be available, and some might be included in the base package or available as add-ons, similar to HIPAA. The specifics can vary, so I would recommend checking with our support team for the most accurate and up-to-date information on each compliance standard. If you need further assistance or have more questions, please feel free to ask!

Without HIPAA compliance, is it possible to opt out of using the conversations for training?

@radu 1. As of know recordings are kept until the owner of the recordings deletes them. 2. No conversations are not used to train models. 3. You can check about other compliance information in detailed from here https://security.vapi.ai Let me know, if you have more questions/doubts.

Hi, thank you for your answers. 1. We’ve noticed that some older recordings (from a few weeks ago) are no longer available. We haven’t deleted them, however. Do you know what could cause this? 2. This is really important for some of our clients, do you have this written somewhere public? We need to be able to assure our clients about this. 3. Thank you!

1. Can you share the call ids so i can take a look? 2. Written over the https://securtiy.vapi.ai

I found this in your terms and services: Alternatively, if “hipaaEnabled” option set to “False”, call data persistence is enabled, and we would have access to all audio data, transcripts, and data injected into the Platform via the Dashboard / API until deleted as per retention policy or manually by you. In this case, you grant us a right to use persisted call data on model training for either VAPI proprietary model or on-premise hosted models for call improvement features, including but not limited to end-of-turn and interruption detection.

Do let me know the call ids, I will take a look into the logs.

So the calls ARE used for training the models. Can we stop this without getting hipaa?

No you cannot stop models training without enabling HIPAA.

It would be great to have this option, for those of us that do not need full HIPAA compliance.