Managing Caller ID Data

Encryption, Retention, and Compliance

Overview

The following outlines the policies and processes for managing caller identification (caller ID) data to ensure privacy, security, and compliance with GDPR and other data protection regulations. It covers the creation of unique identifiers, identification of returning callers, data retention policies, and privacy considerations in line with GDPR standards.

Identifier Definitions and Usage

callid (Call Identifier)

  • Assignment: Automatically assigned upon entry into Parloa's Voice Gateway.

  • Purpose: Facilitates the tracking of specific individual calls for thorough analysis or efficient debugging.

  • Special Characteristics: No persistent storage; changes with each new call to ensure privacy and security.

callerid (Caller Identifier)

  • Assignment: Derived from the incoming call’s telephone number or a unique user ID.

  • Form: Telephone number or a unique alphanumeric string.

  • Purpose: Enables the identification of the caller, supporting personalized interactions and analytics.

  • Special Characteristics: Anonymity Handling - Implements robust procedures for managing anonymous or blocked numbers to uphold privacy while ensuring high service quality.

sessionid (Session Identifier)

  • Assignment: Generated upon the first contact of a caller with a specific release, persisting indefinitely within our system.

  • Form: A one-way hashed string combining the hashed (SHA256 + HMAC) callerid and the instanceId of the release.

  • Purpose: Ensures a consistent and secure session management across different calls and interactions.

  • Special Characteristics: Parallel Call Handling - Maintains a consistent sessionid for simultaneous interactions from the same number, while uniquely managing each call with its callid.

conversationid (Conversation Identifier)

  • Assignment: Allocated for each unique conversation initiated within the system.

  • Purpose: Provides a reliable method to retrieve all state information related to a single conversation through the Conversation History API.

  • Special Characteristics: Essential for aggregating and analyzing conversation data, facilitating improvements in conversational AI performance and user experience.

Session ID Creation and Lifetime

Initialization

A unique session ID, also referred to as the "user lifetime" context by some, is generated upon the first contact from a particular caller with a specific release. This ID is persistently stored in our system and maintained as long as any data associated with a customer tenant exists."

Parallel Call Handling

For simultaneous calls, it is the callerid that serves as a composite identifier, uniquely managing each interaction by incorporating elements such as the callid. This ensures that every call is distinctly identified, while the sessionid remains consistent throughout the user's lifetime with our system, providing a persistent reference point across multiple interactions, including parallel calls.

Release Connection

In phone 2 releases, the sessionid is a combination of the hashed (SHA256+HMAC) callerId and the release's instanceId.

Caller ID Encoding and Privacy

Encoding Methodology

Caller IDs are transformed into unique identifiers through a two-step cryptographic process involving SHA256 hashing and HMAC, enhancing security and privacy. However, it's important to note that while this process is used to create a session ID from a caller ID, the caller ID that typically appears in the frontend is usually just the phone number.

GDPR Compliance

The encoding process aligns with GDPR standards, ensuring non-reversible data transformation for privacy protection.

Data Management, Retention and Privacy

Session Data Lifecycle

Session data becomes subject to review and cleaning processes after 30 days of inactivity or at the beginning of a new call. However, the session ID itself is not deleted.

Retention Policies

Data are retained in accordance with data protection regulations. Variables set with a 'session' lifetime are deleted after 30 days of inactivity or at the start of a new call. Variables with a 'user' lifetime remain indefinitely unless manually deleted or purged.

Handling Special Cases and Anomalies

Anonymous Calls

Anonymous or blocked numbers are treated similarly to regular calls, with limitations on certain caller ID-dependent functionalities.

Identifying Returning Callers

Caller Recognition

Our system uses encoded caller IDs, also known as session IDs, to recognize returning callers in future interactions.

Data Utilization

Relevant session and user variable data associated with the encoded caller ID are retrieved for personalized service.

Compliance with Data Privacy Regulations

All processes comply with GDPR, ensuring data privacy and security.

PreviousUnderstanding Conversations and TransactionsNextHangup Events and Triggered Analytics

Last updated