To better support our customers, Talkdesk has developed a solution that allows them to store and manage call recordings directly on their own Amazon Web Services (AWS) S3 bucket.
How does it work?
Recordings are transferred directly to the customer’s S3 bucket for storage. This process happens asynchronously for each recording file.
When accessing a recording through the Talkdesk application or third-party Customer Relationship Management (CRM), Talkdesk will create a signed Uniform Resource Locator (URL) to the recording file.
This solution has been designed to maximize data security when working with Talkdesk. Users must be authenticated in order to play the recording, and customers can directly manage access permissions.
Transfer and Storage
Recording files are transferred directly to the customer’s bucket from Twilio, and each file’s date/time is stamped by Talkdesk to adhere to the Talkdesk retention policy set by the customer.
Talkdesk receives storage acknowledgment to confirm that the file arrived at its intended destination, but does not access or store the data within its infrastructure at any point in the process. This happens asynchronously for each recording file, meaning that files are processed individually instead of in batches.
By default, Talkdesk authenticates users before they can play recordings. Once authenticated, Talkdesk redirects the user via a time-bounded signed URL to play the recording.
When a recording file exceeds the defined data retention policy within Talkdesk, it is deleted and becomes inaccessible for playback.
Note: Revoking the deleted permissions in the custom storage bucket does not stop Talkdesk from overwriting recordings. We recommend not removing these delete permissions.
The intended deletion policy must be set in the Talkdesk account Recording Retention Policy settings.
Amazon-based S3 custom storage solution
Talkdesk only accesses the customer’s Amazon Web Services (AWS) resources using temporary security credentials instead of long-term credentials. Talkdesk can provide an AWS policy template that contains the proper permissions to work correctly with our recording service.
Note: Learn how to configure a Custom AWS S3 Storage solution by checking this article.
Talkdesk partners with Twilio to power real-time communications with end customers according to Twilio’s standard Terms of Service. Since the recording files are created by Twilio, they are stored within Twilio’s infrastructure (albeit temporarily).
Talkdesk initiates the transfer immediately after being notified by Twilio that a recording file is available. Once confirmed that the recording has been successfully transferred to the customer’s server, Talkdesk requests the deletion of that file from Twilio.
For more details about Twilio’s security practices, please check Twilio’s Security Whitepaper.
If a customer switches from using a Talkdesk-provided S3 bucket to a different customer-provided (custom) S3 bucket, this will apply to new recordings being made from that point forward. Previously existing recordings will not be copied to the new custom storage bucket, but will remain accessible in the Talkdesk bucket for playback purposes.
All workflows and logic tied to Talkdesk bucket recordings (access permissions, deletion policy) remain the same in the custom storage bucket, as stated in the customer's Talkdesk account Recording Retention Policy settings.