When Privacy Is Non-Negotiable, This Is the Setup We Deploy

A law firm in Auckland rang us last year. Mid-size, 40 staff, handling family court matters. They wanted AI voice agents for appointment reminders and intake calls. One condition: "Not a single byte of patient data stays on your servers."

Fair enough. When you're dealing with custody disputes and protection orders, data leaking isn't a PR problem. It's a career-ending liability.

We built them a zero-retention deployment in 3 days. Here's exactly how it works.

Why "Delete It Later" Isn't Good Enough

Most AI voice platforms store everything by default. Call recordings. Transcripts. Caller IDs.

They'll tell you it's "encrypted at rest." Sure. But encrypted data sitting on someone else's server for 90 days is still data on someone else's server.

When the Privacy Commissioner comes asking questions, "we encrypted it" doesn't cut it. You know what satisfies regulators? "We didn't need to keep it."

Retention is risk. Every day data sits in a database, it's a target. A breach waiting for the right vulnerability.

Data flows through, then disappears. No storage, no breach risk.

What Retell AI Stores by Default

Before you configure anything, Retell's platform keeps:

For most businesses, that's fine. For regulated industries? A compliance nightmare waiting to happen.

It also stores knowledge base retrievals and dynamic variables. Everything your webhooks pass in gets logged.

The Three-Layer Privacy Architecture We Deploy

Layer 1: Opt-Out of Sensitive Data Storage

Retell lets you disable persistent storage entirely. Call recordings, transcriptions, logs, caller IDs — all processed during the call, then wiped within 10 minutes.

Ten minutes. Not 30 days. Not "upon request." Automatically.

That Auckland law firm? Their intake calls process in real time. The AI agent asks screening questions and captures appointment preferences.

Routes urgent matters to the right lawyer. And 10 minutes after the call ends, Retell's servers have zero record of it.

Layer 2: PII Redaction for What You Do Keep

Sometimes you need the transcript but not the sensitive details. Retell's PII redaction engine automatically detects and strips:

You configure it per agent in the Security & Fallback Settings. Tick the boxes for what you want redacted.

Every transcript replaces "My name is Sarah Thompson, I live at 42 Queen Street" with "[REDACTED]." Your team still gets the conversation context. Nobody gets the personal details.

Layer 3: Webhook-Based Streaming

Here's where it gets clever. We configure webhooks that stream call data directly to your systems during the call. No intermediate storage on Retell's servers.

CRM needs the transcript? Pushed there in real time. Case management system needs the call outcome? Webhook fires the moment the call ends.

Recording URLs expire in 10 minutes. If your team needs to review a call, they do it immediately. Or your webhook stores it in your own secure archive.

The result: Retell processes the call. Your systems store what you need. Retell keeps nothing.

Three layers: opt-out, redaction, and webhooks. Your data, your servers.

The Compliance Stack Behind It

Retell's platform carries certifications that actually matter:

The BAA piece matters most for healthcare. If your voice agent handles Protected Health Information — appointment details, medication names, symptoms — you need a BAA with your AI provider.

Retell offers self-service signing at their compliance portal. No 6-week procurement process. No legal department back-and-forth.

For GDPR, they offer a DPA (Data Processing Addendum) the same way. Self-service. Signed in minutes.

Have you tried getting a DPA from your current platform? Exactly.

Deployment Options for the Truly Paranoid

Not everyone's comfortable with cloud. We get it. Retell offers three deployment models:

Cloud (SaaS) — fully managed, automatic updates, fastest to deploy. This is what 90% of our clients use. Military-grade encryption in transit and at rest.

VPC (Virtual Private Cloud) — your own isolated cloud instance. No shared infrastructure. If you're in financial services and need to prove data isolation to auditors, this is your option.

On-Premises — complete data sovereignty. Air-gapped capability. The data never leaves your building.

We've deployed on-prem for one government-adjacent client in Wellington. They couldn't have voice data crossing international boundaries. Each option carries the same certifications — the difference is how much control you want.

Who Actually Needs This?

Not everyone does. If you're a real estate agency calling warm leads, the default Retell setup with standard encryption is plenty. Don't over-engineer your compliance posture.

But these industries need the full stack:

Healthcare and Telemedicine — Patient intake, appointment reminders, medication adherence calls. HIPAA requires you to account for every piece of PHI. Zero retention means there's nothing to account for.

A GP practice in Hamilton we work with processes 200 appointment reminder calls daily. Zero data stored on external servers.

Financial Services — Loan application pre-screening, KYC verification calls, account servicing. Your compliance officer wants to know exactly where customer financial data lives. Answer: only on your servers.

Legal Services — Client intake, appointment scheduling, matter triage. Legal privilege means client communications stay protected. An AI agent that stores conversations on a third-party server? That's a privilege waiver waiting to happen.

Enterprise B2B Sales — Calling across NZ, Australia, and Asia-Pacific means juggling the Privacy Act, the Australian Privacy Act, and GDPR. Minimising your data footprint simplifies the whole mess.

Real Numbers From Real Deployments

That Auckland law firm? Here's what changed:

The operational gains surprised even us. You'd expect time savings — but 22 hours per week off manual intake? Zero privacy complaints in 11 months?

The Hamilton GP practice tells a similar story:

These aren't vanity metrics. They're the numbers that let your compliance team sleep at night. For more on how we handle privacy regulations specific to NZ and Australia, we've written a detailed guide.

Webhook Security: The Details That Matter

Pushing data via webhooks only works if the infrastructure is locked down. Here's what we configure for every deployment:

Webhook signature verification — every payload gets cryptographically signed. Your receiving system validates the signature before processing. Spoofed webhooks get rejected.

IP allow-listing — only Retell's known IP ranges can hit your webhook endpoints. Everything else gets blocked at the firewall.

TLS encryption — all webhook payloads travel over HTTPS. No exceptions.

Retry logic with expiry — if your endpoint goes down temporarily, Retell retries with exponential backoff. After the retry window, the data gets purged. No indefinite queuing.

This matters because the webhook is your data pipeline. If it's not secured, you've moved the vulnerability from Retell's storage to your API endpoint.

We've seen competitors skip this step. Don't be them.

Curious about related attack vectors? Read how we handle prompt injection attacks against AI agents. Most platforms ignore it entirely.

The Bottom Line

Zero retention isn't about paranoia. It's about designing a system where there's nothing to breach. Nothing to subpoena. Nothing to explain to a regulator.

Your customers get the same quality AI voice experience. Your legal team gets a clean audit trail leading to your own systems.

Your compliance officer ticks the box and moves on.

The technology exists today. Retell's platform supports it natively. We've deployed it across law firms, healthcare providers, and financial services in New Zealand and Australia.

The only question is whether your current platform can say the same.

Frequently Asked Questions

What exactly does "zero retention" mean for AI voice calls?

Retell's servers process your call data in real time — speech recognition, AI responses, knowledge base lookups. But they store nothing after the call ends.

All recordings, transcripts, and metadata get automatically purged within 10 minutes. Your own systems receive what they need via webhooks during the call.

Can I still access call recordings and transcripts with zero retention enabled?

Yes, but you capture them in real time. We configure webhooks that stream transcripts and recording URLs to your own systems during or immediately after each call.

Recording URLs expire within 10 minutes. Your team either reviews them immediately or your webhook stores them in your own secure archive.

Which compliance certifications does Retell AI hold?

Retell holds SOC 2 Type II, HIPAA, PCI-DSS, GDPR, and ISO 27001 certifications. They offer self-service BAA signing for healthcare clients and DPA signing for GDPR compliance.

All certificates get independently verified through their Compliance Trust Center.

Is zero retention suitable for all businesses, or just regulated industries?

Most businesses don't need full zero retention. If you're running outbound campaigns for real estate or retail, Retell's standard encryption and security controls work fine.

Zero retention suits organisations handling genuinely sensitive data: healthcare providers, law firms, financial services, and businesses with strict data sovereignty requirements.

How does PII redaction work alongside zero retention?

They're complementary layers. PII redaction strips sensitive identifiers from transcripts before storage. Zero retention prevents storage entirely.

Use PII redaction alone if you need transcripts for QA but can't retain personal details. Or combine both: webhook-streamed transcripts with PII already redacted, stored on your own servers.