We require compliance with GDPR Article 17 regarding data minimization. When exporting Conversation Reports via the API endpoint /api/v2/analytics/conversations/export, the payload contains full telephone numbers in the ‘caller’ field. We are unable to mask these fields within the standard report definitions. This creates a risk for data storage outside our secure environment. Has anyone implemented a workaround using Data Actions to strip PII before reporting?
Standard export settings do not strip phone numbers automatically. You must handle this at the flow level. Use the Set Conversation Data block to store a masked version of the number instead of the raw value. For example: conversation.data.maskedPhone = regexReplace(conversation.caller.phoneNumber, /.{2}/, ‘***’). This allows reporting on the sanitized field while retaining call metrics.
This is frustrating because the documentation states PII is handled automatically in EU regions, yet the export endpoint returns raw data regardless. It appears the organization setting for Data Privacy does not apply to exported CSV files. Spent three days debugging a similar issue last month. You must use the /api/v2/analytics/conversations/export endpoint with specific query parameters to filter columns, but even then, the backend keeps the raw value in memory. Check your Region settings in Organization > Security.