Need some troubleshooting help with a compliance conflict within our EU-West BYOC environment regarding the interaction between Architect flow logging and the Organization Data Retention settings. Our security team has mandated strict GDPR adherence, requiring that no personally identifiable information (PII) persists in any Genesys Cloud storage layer beyond the defined retention period, currently set to 30 days for conversation records. However, we are observing that conversation transcripts generated within specific Architect flows are not being purged according to this schedule when the flows utilize the Save Conversation action with custom metadata tags.
The issue appears isolated to flows that route through our IVR self-service menu before transferring to an agent. When a customer interacts with the IVR, the flow captures input via the Get Input block and stores it in a flow variable. This variable is then appended to the conversation transcript. While the standard retention policy seems to apply to agent-recorded audio, the text-based transcript fragments associated with these IVR interactions remain accessible in the Conversation Detail View long after the 30-day window has elapsed. This discrepancy poses a significant compliance risk.
Below is the relevant configuration snippet from our Architect flow JSON definition:
flow_id: f7a2b1c9-4d3e-4f5g-6h7i-8j9k0l1m2n3o
actions:
- type: save_conversation
parameters:
transcript_enabled: true
custom_metadata:
- key: ivr_pii_segment
value: "{{flow.ivr_input}}"
retention_override: false # Expected to inherit org policy
We have verified that the Organization Data Retention settings are correctly applied to the general conversation records. The question is whether the Save Conversation action with custom metadata tags creates a separate data lifecycle that bypasses the standard retention policies. Is there a known limitation or a specific configuration requirement in Architect to ensure that all transcript components, including those generated from flow variables, adhere to the global retention schedule? We require a definitive explanation of how the Performance Dashboard and Conversation Detail View handle data purging for these specific flow-generated elements to ensure full regulatory compliance.