Payment Card Industry Programmable Voice workflows

Customers are required to enable PCI Mode in their Twilio Voice settings in the Console per account for Programmable Voice workflows subject to PCI. Enabling PCI Mode on your Account redacts sensitive payment details captured using Twilio Programmable Voice and <Pay>.

If you enable recording as part of your PCI Mode voice workflows, any PCI Voice Recordings captured in that particular account, will be retained for one (1) year from creation, by default. If you want to retain Voice Recordings longer than one (1) year, you must download them using the API or Console before the one-year retention period expires. Voice Recordings will be deleted automatically and permanently on the one-year anniversary of creation. Voice recordings that are deleted using the REST API will be permanently deleted and there will be no recovery.

To transcribe Voice Recordings, customers must use the Voice <Transcription> noun, Native and Marketplace transcriptions are not available when PCI Mode is enabled and as a result Twilio will not transcribe the Voice Recordings.

Once PCI Mode is enabled, it cannot be disabled for that Account. See Twilio's Responsibility Matrix and Programmable Voice Documentation to learn more about your obligations when using Programmable Voice in a PCI workflow.

ConversationRelay supports PCI-compliant Voice workflows when configured with PCI-compliant TTS and transcription providers. Not all TTS providers and transcription providers available for ConversationRelay are guaranteed to be PCI compliant. Refer to Twilio's Responsibility Matrix for further information. Conversational Intelligence is not PCI compliant and must not be enabled in ConversationRelay workflows that are subject to PCI. If PCI Mode is enabled for your account, ConversationRelay transcripts will be rejected by Conversational Intelligence.