GDPR, data storage, and call recordings
Where your call data is stored, how long we keep it, and your rights as a data controller under GDPR.
Where your data lives
All Aria call data — transcripts, summaries, and audio recordings — is stored exclusively on EU-based infrastructure. There is no transfer of personal data outside the EU/EEA.
What we store
For every call we keep:
- Caller phone number (where available from CLI).
- Full transcript of the conversation.
- An AI-generated summary and detected outcome (e.g. appointment booked, information request).
- Optional audio recording (you control whether this is enabled).
- Timestamp and call duration.
Retention
By default, transcripts and summaries are retained for 12 months, after which they are automatically deleted. Audio recordings, if enabled, are retained for 30 days by default. You can shorten or extend these periods in Settings → Data Retention.
Your role under GDPR
You are the data controller for your callers' personal data. We act as your data processor. The Data Processing Agreement (DPA) you accepted at sign-up — available under Settings → Legal — governs this relationship and is GDPR Article 28 compliant.
Caller rights
When a caller asks you to exercise their GDPR rights, you can search and view all calls from a phone number, export the data as JSON or CSV, or delete specific calls or all data for a given phone number with one click.
Disclosing AI to callers
Under the EU AI Act (Article 50), Aria identifies itself as an AI at the start of every call. This is enabled by default and cannot be disabled silently — it's a compliance requirement.
Sensitive incidents
For breach notifications, regulator inquiries, or anything sensitive, contact your account manager directly — see Contacting your account manager.
Need more help?
Contact our team →