SureConnect stores call records, dispositions, and metadata in its database. Call recordings are stored in your Twilio account. This article explains what is stored, where, and how long it is retained.
What SureConnect stores
| Data type | Storage location | Retention |
|---|---|---|
| Call records | SureConnect database | Indefinite (soft-deleted, never hard deleted) |
| Dispositions & notes | SureConnect database | Indefinite |
| Call recordings (audio) | Your Twilio account | Per your Twilio settings |
| Transcriptions | SureConnect database | Indefinite |
| Agent data | SureConnect database | Indefinite (soft-deleted when removed) |
| Visitor sessions | SureConnect database | Indefinite |
| API credentials | SureConnect database (encrypted) | Until disconnected |
Call recording storage
Call recordings are stored in your Twilio account, not in SureConnect. SureConnect stores a reference URL to the Twilio recording. Recording storage costs and retention policies are managed through your Twilio account settings.
To configure recording retention in Twilio, go to your Twilio Console and review the recording storage settings. You can set automatic deletion after a certain period.
Encryption
Sensitive credentials (Meta CAPI access tokens, ElevenLabs API keys) are encrypted using AES-256-GCM before being stored in the database. Encryption keys are managed as environment variables and are never stored in the database.
Soft deletion
SureConnect uses soft deletion for all records. When you delete a campaign, agent, or other entity, it is marked with a deletedAt timestamp but not permanently removed. This allows for recovery if needed and maintains audit trail integrity.