Waboom AI
AI Training
AI Automation
AI Voice Agents
Case Studies
Resources
Contact
09 888 0402
Back to BlogSecurity

A Caller Reads Her Card Number Aloud in 40 Seconds. AI Voice Agent PII Redaction Keeps It Off Your Transcript.

Leonardo Garcia-Curtis02/07/2026
TL;DR

We built our platform so card numbers, bank details, and addresses get masked at the moment a transcript is written, not hours later. We tested it on real payment calls at 80 cents a minute and zero raw card numbers reached the stored record. The masked transcripts sit on our Sydney servers while live audio is processed offshore, and we can delete a record in 10 minutes. If you take payments or addresses by phone, redaction is the difference between a small incident and a notifiable breach.

A Caller Reads Her Card Number Aloud in 40 Seconds. AI Voice Agent PII Redaction Keeps It Off Your Transcript.

A caller rings your business. She gives her name. Twenty seconds later she reads out a 16-digit card number. Then her home address. Three sensitive things in under a minute, all captured by the agent answering the phone. The question is what happens to those words next.

AI voice agent PII redaction strips that personal information out of the saved call record before anyone on your team can read it. The agent still hears the caller in real time to do its job. But the stored transcript hides the secrets behind masked tokens. Here is exactly what gets removed, where the masked transcript lives, and why it matters under the NZ Privacy Act 2020 and the Australian Privacy Principles.

Timeline of a 40 second call showing name, card number and address being masked in the saved transcript

A 40 second call captures three sensitive items; redaction removes them before the transcript is saved.

What is PII redaction on an AI voice call?

PII redaction is the act of stripping personal information out of a call record before anyone reads it. The agent still hears the caller in real time. But the saved transcript hides names, card numbers, bank details, and addresses behind masked tokens. The raw words never sit in plain text where your team can browse them.

Think of a real 40-second call. A caller says her name. Then she reads out a 16-digit card number. Then her home address. Three sensitive things in under a minute. Without redaction, all three land in your call log forever. With our platform, the saved transcript shows the shape of the conversation, not the secrets inside it.

This matters because a transcript is a permanent record. A live call ends in 30 seconds. A stored transcript can sit in a database for years. The longer sensitive data lives, the more chances it has to leak. Redaction shrinks that window to almost nothing.

We disclose on every call that the caller is speaking with an AI. That is a hard rule. The caller knows what they are talking to before they share anything.

Why does a caller reading out card or bank details create a risk?

Spoken card and bank details are risky because the caller cannot see where the words go. They trust the number lands somewhere safe. If that number sits in a plain transcript, anyone with login access can read it months later. That is the exposure.

Picture a plumbing business taking 60 calls a day. Roughly one in ten callers reads out a card to pay a deposit. That is six card numbers a day. Forty-two a week. Over two thousand a year sitting in a call log if nobody masks them. One stolen login and that whole list is gone.

The NZ Privacy Act 2020 and the Australian Privacy Principles both push the same idea. You should only hold personal information you actually need. A card number you captured by accident is information you did not need to keep. Holding it is a liability, not an asset.

Sensitive data you never meant to keep is still your problem.

See how we lock down call records on our AI voice agent security hub.

What information does our platform mask, and when?

Our platform masks card numbers, bank account numbers, government ID numbers, full names where flagged, and street addresses. The masking happens as the transcript is written, not hours later. By the time the record is saved, the sensitive spans are already replaced with tokens like CARD or ADDRESS.

Here is the sequence on a live call. The caller speaks. The agent understands the meaning to do its job, such as reading back the last four digits to confirm. The transcript is then written with the full number removed. What you see later is a clean summary. The agent took payment. The agent confirmed the address. The exact digits are gone.

We tested this on a batch of real payment calls. A typical transaction call runs 1 to 2 minutes and costs about $1 to $2 at our 80 cents a minute, billed by the second. Every one of those calls produced a masked record. Zero raw card numbers reached the stored transcript.

You decide what gets masked. A medical clinic can mask names and addresses. A trades business can stick to card and bank details only. The rule set is yours, set once, applied to every call after that.

Diagram showing spoken card number entering the agent and a masked CARD token leaving in the saved transcript

Sensitive spans are replaced with tokens at the moment the transcript is written.

Where does the masked transcript actually live?

The masked transcript, the structured call record, and your portal all sit on our servers in Sydney. The live audio of the call is processed offshore while the call is happening. The portal stores only a signed link to any recording, not the audio file itself. That is the honest split.

We say this plainly because vague claims fail under scrutiny. We do not tell you all your data stays in Australia, because the live audio does not. We meet cross-border accountability requirements through documented arrangements with our voice infrastructure partner. The records your team reads day to day, the transcripts and call summaries, sit in Sydney.

The recording itself is reachable through a signed link that expires. The audio is not copied into your portal. So when you delete a call, you remove the structured record and revoke the link. We can action a delete request in 10 minutes.

For the full picture on where call data lives, read our guide on what happens to your AI voice agent call data and our piece on zero-retention secure data for AI voice agents.

Honest data residency split with Sydney portal and transcripts on one side and offshore live audio on the other

The honest split: transcripts and records in Sydney, live audio processed offshore, only a signed link stored.

How does redaction help you meet the Privacy Act and APPs?

Redaction directly supports two duties under both laws. Collect only what you need. Hold it only as long as you need. By masking card and bank details at write time, you stop collecting data you never wanted in the first place. That shrinks your obligations and your risk.

Under the NZ Privacy Act 2020, principle one says you should not collect personal information you do not need. The Office of the Privacy Commissioner is clear on this. A masked transcript means a card number a caller volunteered does not become a record you now have to protect.

The Australian Privacy Principles run the same way. APP 3 covers collection. APP 11 covers security and destruction. The OAIC expects you to destroy or de-identify personal information you no longer need. Redaction does the de-identifying for you, at the moment of capture, on every call.

There is also the Notifiable Data Breaches scheme in Australia. If you suffer a breach likely to cause serious harm, you must notify. A leaked transcript full of card numbers is exactly that kind of breach. A masked transcript with no card numbers is a far smaller event. Redaction lowers the blast radius before anything goes wrong.

For a fuller walkthrough, see our guide to NZ Privacy Act 2020 compliance for AI voice agents and our overview of voice AI privacy across NZ and Australia.

Who on your team can see the unmasked detail?

By default, nobody on your team browses unmasked card or bank numbers in the portal. Your staff see masked transcripts. Access to any underlying recording runs through a signed link with an expiry, and those requests are logged. The sensitive detail is not sitting open for casual viewing.

This is the point most buyers miss. The danger is rarely a dramatic hack. It is the everyday reality of ten staff with login access, any of whom could scroll old transcripts. Masking removes that temptation entirely. There is nothing sensitive there to scroll.

When you do need to act on a payment, you confirm the last four digits, not the full number. That is enough to match a transaction without holding the whole card. Your team gets what it needs to do the job. Nothing more.

What should you ask a vendor about redaction?

Ask five direct questions. Does masking happen at write time or later. What exact fields get masked. Where does the stored transcript live. Who can reach the unmasked detail. How fast can you delete a record on request. Vague answers are a warning sign.

A good vendor answers in plain numbers. Our masking happens as the transcript is written. The stored record sits in Sydney. Live audio is processed offshore. A delete request is actioned in 10 minutes. If a vendor cannot tell you where the data lives, assume the worst.

You should also ask about disclosure. Every caller should be told they are speaking with an AI before they share anything. If a vendor dodges that, walk away. Honesty on the call is the foundation everything else sits on.

Get redaction set up the right way.

Talk through a setup for your business on our AI voice agents overview, or dig into the detail on our security hub.

Frequently Asked Questions

Does the AI still hear the card number during the call?

Yes. The agent understands the caller in real time so it can do its job, like confirming the last four digits of a card. The masking applies to the saved transcript. The full number is removed before the record is written, so it never sits in plain text where your team can read it later.

Where does the masked transcript live?

The masked transcript and structured call record sit on our servers in Sydney. Live audio is processed offshore while the call happens. The portal stores only a signed, expiring link to any recording, not the audio file. Your team reads the Sydney-based transcripts day to day.

Can I choose what gets masked?

Yes. You set the rules once and they apply to every call after that. A clinic can mask names and addresses. A trades business can mask card and bank details only. The masking runs automatically on every call, so you never rely on staff to remember.

How fast can you delete a call record?

We can action a delete request in 10 minutes. That removes the structured record and revokes the signed link to any recording. Deleting promptly is part of meeting your duty to hold personal information only as long as you actually need it.

Does redaction help with the Privacy Act and APPs?

Yes. Both the NZ Privacy Act 2020 and the Australian Privacy Principles say collect only what you need and hold it only as long as needed. Masking card and bank details at write time means you stop collecting data you never wanted, which shrinks your obligations and your breach risk.

Is this the same as being HIPAA compliant?

No. HIPAA is United States health law and does not apply to businesses operating in New Zealand or Australia. The relevant rules here are the NZ Privacy Act 2020, the Australian Privacy Principles, and the Notifiable Data Breaches scheme. Redaction supports all three.

LG

Leonardo Garcia-Curtis

Founder & CEO at Waboom AI. Building voice AI agents that convert.

Ready to Build Your AI Voice Agent?

Let's discuss how Waboom AI can help automate your customer conversations.

Book a Free Demo

Related Pages

AI Voice Agents

The complete guide to AI voice agents for New Zealand and Australian businesses.

AI Receptionist Australia

24/7 inbound call answering with Australian accent.

AI Sales Agent Australia

Outbound dialling, qualification, meeting booking. Live in hours.

Related Articles

A Caller Leaves Their Voice and You Don't Know Where It Goes. The Honest AI Voice Agent Data Residency Split.

A Caller Leaves Their Voice and You Don't Know Where It Goes. The Honest AI Voice Agent Data Residency Split.

A Caller Just Read Out Their Card Number. Where Does It Go?

A Caller Just Read Out Their Card Number. Where Does It Go?

Your Voice AI Bill Jumped to $15,000 Overnight. That Is Toll Fraud.

Your Voice AI Bill Jumped to $15,000 Overnight. That Is Toll Fraud.

Waboom AI

Empowering New Zealand and Australian businesses with AI voice agents and automation that deliver real, measurable value.

info@waboom.ai+64 9 888 0402
Level 8, 139 Quay Street
Auckland CBD, New Zealand

Voice Agents

  • AI Voice Agents
  • AI Phone Answering
  • AI Virtual Receptionist
  • AI Receptionist Pay As You Go
  • Waboom Concierge
  • Medical Answering Service
  • Answering Service Australia
  • AI Sales Agent
  • Voice Agent Pricing
  • Listen to Voices
  • Real Estate Guide

By Industry

  • Real Estate
  • Mortgage Brokers
  • Insurance Brokers
  • Property Managers
  • Medical Clinics
  • Dentists
  • Vets
  • Childcare + ECE
  • Car Dealerships
  • Construction + Builders
  • Electricians
  • Plumbers
  • HVAC
  • Accountants
  • Law Firms
  • All industries and regions

Workshops

  • AI Team Training
  • AI Strategy Workshop
  • AI Champion Workshop
  • Claude Team Training
  • Claude Code Workshop
  • Lovable Workshop
  • Free AI Workshop

Automation

  • AI Automation
  • Microsoft Copilot Agents
  • Integrations

Company

  • About Us
  • Contact
  • Partners
  • Pipedrive Partner
  • Resources
  • Blog
  • AI Agency NZ
  • AI Agency Australia

Powered by leading AI technologies

VAPIRetell AIOpenAIZapierMakeStripe

© 2026 Waboom.ai. All rights reserved.

PrivacyTermsSecurity