Talkdesk has developed a solution that allows customers to store and manage call recordings directly on their own Amazon Web Services (AWS) S3 bucket or Microsoft Azure.
How does it work?
Recordings are transferred directly to the customer’s S3 or Azure bucket for storage. This process happens asynchronously for each recording file.
When accessing a recording through the Talkdesk application or third-party Customer Relationship Management (CRM), Talkdesk will create a signed Uniform Resource Locator (URL) for the recording file.
This solution has been designed to maximize data security when working with Talkdesk. Users must be authenticated in order to play the recording, and customers can directly manage access permissions.
Transfer and Storage
Recording files are transferred directly to the customer’s bucket from Talkdesk Global Communications Network (GNC), and each file’s date/time is stamped by Talkdesk to adhere to the set Talkdesk retention policy.
Talkdesk receives storage acknowledgment to confirm that the file arrived at its intended destination, but does not access or store the data within its infrastructure at any point in the process. This happens asynchronously for each recording file, meaning that files are processed individually instead of in batches.
Access Control
By default, Talkdesk authenticates users before they can play recordings. Once authenticated, Talkdesk redirects the user via a time-bounded signed URL to play the recording.
Data Disposal
When a recording file exceeds the defined data retention policy within Talkdesk, it is deleted and becomes inaccessible for playback.
Note: Revoking the delete permissions in the custom storage bucket does not prevent Talkdesk from overwriting recordings. We recommend not removing these delete permissions.
The deletion policy must be set in the Talkdesk account Recording Retention Policy settings.
Amazon-based S3 Custom Storage Solution
Server Access
Talkdesk only accesses the customer’s Amazon Web Services (AWS) resources using temporary security credentials instead of long-term credentials. Talkdesk can provide an AWS policy template that contains the proper permissions to work correctly with our recording service.
Note: Learn how to configure a Custom AWS S3 Storage solution by checking this article.
Azure-based Custom Storage Solution
Server Access
Talkdesk only accesses the customer’s Azure resources using secure credentials provided by the customer.
Note: Learn how to configure a Custom Azure Storage solution by checking this article.
Partner Information
Talkdesk partners with Talkdesk Global Communications Network (GNC) to power real-time communications with end customers, according to Talkdesk GNC’s standard Terms of Service. Since the recording files are created by Talkdesk GNC, they are stored within Talkdesk GNC’s infrastructure (albeit temporarily).
Talkdesk initiates the transfer immediately after being notified by Talkdesk GNC that a recording file is available. Once confirmed that the recording has been successfully transferred to the customer’s server, Talkdesk requests the deletion of that file from Talkdesk GNC.
For more details about Talkdesk GNC’s security practices, please check Talkdesk GNC’s Security Whitepaper.
If a customer switches from a Talkdesk-provided S3 bucket to a different customer-provided (custom) S3 or Azure bucket, this will apply to new recordings being made from that point forward. Previously existing recordings will not be copied to the new custom storage bucket, but will remain accessible in the Talkdesk bucket for playback purposes. All workflows and logic tied to Talkdesk bucket recordings (access permissions, deletion policy) remain the same in the custom storage bucket, as stated in the customer's Talkdesk account Recording Retention Policy settings.