Securing Sensitive User Data with PCI DSS Certification and HIPAA Compliance

Learn how to maintain PCI/HIPAA compliance and protect sensitive user data using the flag privacyMode.

Defining sensitive user data

Applications handling sensitive user data need to take steps to protect that data from potential breaches or leaks. Whether or not data is considered sensitive is sometimes up to the application developer, while other times it's governed by regulatory bodies. Regulated types of sensitive user data include Payment Card Industry (PCI) data, like credit card and account numbers, PINs and passcodes, and Protected Health Information (PHI), which is any individually identifiable piece of health information and is used as a basis for the Health Insurance Portability and Accountability Act (HIPAA).


Maintaining compliance

In order to create secure applications following best practices and maintain compliance with these kinds of regulatory bodies, FreeClimb developers building applications that process sensitive data should:

  1. Rotate API keys every 90 days.
  2. Use the privacyModeflag.

Using privacyMode in your applications

The flag privacyMode is an optional parameter on some PerCL commands, as well as an optional body parameter on the Make a Call API request. The following PerCL commands have privacyMode as an optional parameter:

PerCL CommandDescription
SayThe Say command provides Text-To-Speech (TTS) support.
PlayThe Play command plays an audio file back to the caller.
GetDigitsThe GetDigits command collects DTMF inputs from the caller.
GetSpeechThe GetSpeech command enables the caller to respond to the application using a supported language.
SendDigitsThe SendDigits command plays DTMF tones on a live Call.
OutDialThe OutDial command is used to call a phone number.

When privacyMode=true, the data collected or sent during that command's execution will not be logged by FreeClimb. For example, the requestBody logged for a GetSpeech command looks like this when privacyMode=false:

"requestBody": {
	"accountId": "ACXXXXXXXXXXXXXXXXXXXXXX",
	"callId": "CAXXXXXXXXXXXXXXXXXXXXXX",
	"callStatus": "inProgress",
	"conferenceId": null,
	"confidence": 50,
	"direction": "inbound",
	"from": "+15550001010",
	"parentCallId": null,
	"queueId": null,
	"reason": "recognition",
	"recognitionResult": "Jane Doe",
	"requestType": "getSpeech",
	"to": "+15551001000"
}

We can see the string content of the recognitionResult printed in the requestBody. The same GetSpeech command with privacyMode=true will generate a log like this:

"requestBody": {
	"accountId": "ACXXXXXXXXXXXXXXXXXXXXXX",
	"callId": "CAXXXXXXXXXXXXXXXXXXXXXX",
	"callStatus": "inProgress",
	"conferenceId": null,
	"confidence": 50,
	"direction": "inbound",
	"from": "+15550001010",
	"parentCallId": null,
	"queueId": null,
	"reason": "recognition",
	"recognitionResult": "xxxxx",
	"requestType": "getSpeech",
	"to": "+15551001000"
}

Here we see that the recognitionResult now prints the string 'xxxxx' in place of the actual content.

🚧

privacyMode is set at the command level, meaning it will not be inherited by any nested commands.


Checking that your application is secure

As you design your application, keep in mind the following checklist to ensure that your application is using privacyMode correctly and generally securing user data:

  • All URLs use HTTPS
  • No sensitive data is being posted in a URL itself
  • No sensitive data is being sent in an API request itself, e.g., in a Filter Logs request
  • Any third-party tools you might also be using have been vetted
  • All your PerCL has been tested, as privacyMode won't work if the JSON is malformed
  • Your application doesn't use StartRecordCall for calls that may contain sensitive information, as privacyMode can't redact recorded calls
  • Your application doesn't use RecordUtterance for user speech that may contain sensitive information, as privacyMode can't redact recorded speech
  • privacyMode is set on each command you want it used for