Twilio Programmable Call Recordings now allows PCI compliant call recordings within the Twilio Programmable Voice environment. By providing a public key to encrypt recordings and enabling PCI Mode in Console, call recordings can be captured in a PCI compliant manner.
Traditionally, call recordings are used to analyze agent and customer interactions. However, they require special handling when capturing credit card information. To continue to record your voice calls and maintain PCI compliance within Twilio, you must have PCI Mode, Voice Recording Encryption and PCI compliance for Voice Recording enabled using Voice Settings Console page.
Once these settings are enabled on a project, Call Recordings will only be stored by Twilio for 72 hours and must be retrieved within this period. Once deleted, these recordings will no longer be recoverable by either Twilio Console or API request.
To learn more about Twilio PCI compliance and to access customer responsibility matrix, please vist https://www.twilio.com/pci-compliance