I am planning to build an enterprise AI voice agent for a healthcare company and want to store logs and recordings while staying HIPAA compliant (the enterprise will have permission to manage private user data). I see in the docs you can enable HIPAA mode, but that at the end of the call the only callback data returned will be the call result. Is there a way to transfer the recordings over the API to send back to my application in my secure private cloud so that I can maintain my own observability while still using Vapi's platform?

When you turn on HIPAA mode, set up S3 or Azure Blob Storage credentials and enable the server message. After the call ends, we will send you the complete transcript and the recording link (stored on your blob storage service). To understand HIPAA compliance in-depth, you can read this [documentation](https://docs.vapi.ai/security-and-privacy/hipaa#enabling-hipaa-compliance). Please read about Server URLs and server events, which will provide a better understanding of what the end-of-call report is and the other [server events](https://docs.vapi.ai/server-url) we have in this.