Data Handling & Retention

This page describes how Crew handles data throughout its lifecycle—from collection to deletion. Understanding data handling is essential for compliance and privacy planning.

Data Categories

Customer Data

Data you provide directly:

Data Type	Examples	Storage
Account information	Email, name, company	Encrypted database
Configuration	Agent settings, pathways	Encrypted database
Knowledge base	FAQs, documents	Encrypted database
Integrations	API keys, credentials	Encrypted with HSM

End-User Data

Data from people interacting with your agents:

Data Type	Examples	Storage
Phone numbers	Caller ID	Encrypted database
Names	If collected	Encrypted database
Conversation data	Transcripts	Encrypted database
Recordings	Call audio	Encrypted object storage
Collected information	Appointments, preferences	Encrypted database

System Data

Data generated by Crew:

Data Type	Examples	Storage
Logs	API calls, events	Log management system
Analytics	Call metrics, usage	Analytics database
Audit trails	Access logs	Secure audit storage

Data Processing

Conversation Processing

Audio Input → Speech-to-Text → AI Processing → Response Generation → Text-to-Speech
     ↓              ↓                ↓                  ↓
  Encrypted    Transcript      Intent/Entities      Response Text
  Transit      (Optional)        (Metadata)         (Temporary)

AI Processing

Conversations processed by OpenAI for AI capabilities
Audio converted to text for processing
No persistent storage in AI systems beyond request/response
See OpenAI’s data processing terms for details

Telephony Processing

Twilio/RingCentral handle call routing
Media streams processed through their infrastructure
Subject to their respective security practices
Recordings stored in Crew infrastructure (if enabled)

Data Storage

Geographic Location

Plan	Default Region	Options
Starter	US (Virginia)	—
Professional	US (Virginia)	EU available
Enterprise	US (Virginia)	Custom regions

Storage Architecture

Primary Database (Encrypted)
    ├── Account data
    ├── Configuration
    ├── Call metadata
    └── Transcripts

Object Storage (Encrypted)
    ├── Recordings
    ├── Documents
    └── Exports

Backup Storage (Encrypted)
    └── Point-in-time backups

Encryption Details

Layer	Method
Database fields	AES-256-GCM
Object storage	AES-256-GCM
Backups	AES-256-GCM
Key management	AWS KMS / HSM

Data Retention

Default Retention Periods

Data Type	Default Retention	Configurable
Call metadata	12 months	✓
Transcripts	90 days	✓
Recordings	30 days	✓
Analytics	24 months	✓
Audit logs	12 months	Enterprise
Account data	Until deletion	—

Configuring Retention

Adjust retention in workspace settings:

{
  "retention": {
    "transcripts_days": 90,
    "recordings_days": 30,
    "call_metadata_days": 365,
    "analytics_days": 730
  }
}

Automatic Deletion

Data is automatically deleted after retention period
Deletion is permanent and irreversible
Backups follow separate retention (30 days after deletion)

Data Minimization

Collection Principles

We follow data minimization practices:

Collect only what’s needed for the service
Purpose limitation — data used only for stated purposes
Storage limitation — deleted when no longer needed

Optional Data

Configure what’s collected:

{
  "data_collection": {
    "store_transcripts": true,
    "store_recordings": false,
    "collect_caller_names": true,
    "store_full_audio": false
  }
}

PII Handling

{
  "pii_handling": {
    "redact_from_transcripts": true,
    "redact_patterns": ["ssn", "credit_card"],
    "anonymize_after_days": 30
  }
}

Data Access

Customer Access

You can access your data via:

Dashboard — View calls, transcripts, analytics
API — Programmatic access to all data
Export — Bulk export functionality

Export Formats

curl -X POST https://api.usecrew.ai/v1/exports \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d '{
    "type": "calls",
    "date_range": {
      "start": "2024-01-01",
      "end": "2024-01-31"
    },
    "format": "json"
  }'

Supported formats: JSON, CSV

Crew Staff Access

Access requires business justification
All access is logged and audited
Access limited to support and operations roles
Regular access reviews conducted

Data Deletion

User-Initiated Deletion

Delete specific data:

# Delete a call record
curl -X DELETE https://api.usecrew.ai/v1/calls/{call_id} \
  -H "Authorization: Bearer YOUR_API_KEY"

# Delete caller memory
curl -X DELETE https://api.usecrew.ai/v1/memory?caller_id=+14155551234 \
  -H "Authorization: Bearer YOUR_API_KEY"

Account Deletion

Request complete account deletion:

Contact support@usecrew.ai
Verify account ownership
Data deleted within 30 days
Confirmation email sent

For end-user erasure requests:

curl -X POST https://api.usecrew.ai/v1/data-requests \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d '{
    "type": "erasure",
    "identifier": "+14155551234",
    "identifier_type": "phone"
  }'

Data Portability

Export all data in standard formats:

curl -X POST https://api.usecrew.ai/v1/exports/full \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d '{
    "format": "json",
    "include": ["calls", "transcripts", "recordings", "knowledge_base", "configuration"]
  }'

You’ll receive a downloadable archive with all your data.

Service Providers

Data is shared with service providers as necessary:

Provider	Purpose	Data Shared
Twilio	Telephony	Phone numbers, call metadata
OpenAI	AI processing	Conversation text
Supabase	Database	All stored data (encrypted)
Vercel	Application hosting	Application data

No Data Selling

We do not sell customer data or end-user data to third parties.

Law Enforcement

We respond to valid legal requests (subpoenas, court orders) following our law enforcement guidelines. Customers are notified unless legally prohibited.

Backup and Recovery

Backup Schedule

Type	Frequency	Retention
Full backup	Daily	30 days
Incremental	Hourly	7 days
Transaction log	Continuous	7 days

Recovery

Point-in-time recovery available
RTO: 4 hours (Enterprise: 1 hour)
RPO: 1 hour

Audit and Compliance

Audit Logs

All data access is logged:

{
  "timestamp": "2024-01-15T10:30:00Z",
  "actor": "user@company.com",
  "action": "read",
  "resource": "call_abc123",
  "ip_address": "203.0.113.10"
}

Access logs via API:

curl https://api.usecrew.ai/v1/audit-logs \
  -H "Authorization: Bearer YOUR_API_KEY"

Welcome

Core Concepts

Voice & Communication

Integrations

Customization

Developer

Security & Compliance

Enterprise

​Data Handling & Retention

​Data Categories

​Customer Data

​End-User Data

​System Data

​Data Processing

​Conversation Processing

​AI Processing

​Telephony Processing

​Data Storage

​Geographic Location

​Storage Architecture

​Encryption Details

​Data Retention

​Default Retention Periods

​Configuring Retention

​Automatic Deletion

​Data Minimization

​Collection Principles

​Optional Data

​PII Handling

​Data Access

​Customer Access

​Export Formats

​Crew Staff Access

​Data Deletion

​User-Initiated Deletion

​Account Deletion

​Right to Erasure (GDPR)

​Data Portability

​Third-Party Data Sharing

​Service Providers

​No Data Selling

​Law Enforcement

​Backup and Recovery

​Backup Schedule

​Recovery

​Audit and Compliance

​Audit Logs

​Compliance Reports

​Next Steps