> ## Documentation Index
> Fetch the complete documentation index at: https://developers.callaro.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Data Processing and Residency

> Understand processed data categories, lifecycle stages, retention decisions, and review controls for enterprise governance.

# Data processing is purpose-bound to call execution and customer workflows.

## Data categories

* **Operational call metadata**: call identifiers, status transitions, timestamps, routing metadata.
* **Conversation artifacts**: recordings (where enabled), transcript objects, extracted structured outcomes.
* **Integration payloads**: webhook payloads, CRM action inputs/outputs, runtime context variables.
* **Administrative metadata**: configuration events, API key metadata, audit-oriented request traces.

## Data lifecycle stages

1. **Ingestion**: request payloads and runtime context enter controlled API/runtime flows.
2. **Processing**: agent runtime executes scripts, knowledge retrieval, and configured actions.
3. **Delivery**: outcomes are exposed via API resources and webhook notifications.
4. **Retention or deletion**: artifacts are retained per policy and can be exported/deleted through supported flows.

## Customer governance checklist

* Define retention policy for recordings and transcripts.
* Validate who can access call artifacts and exports.
* Approve CRM fields that receive extracted data.
* Review cross-region transfer requirements for regulated workloads.
* Confirm deletion workflows (for example GDPR erasure operations).

## Subprocessor and transfer review

Callaro integrations may involve telephony, storage, and customer-selected downstream systems. During enterprise review, document:

* subprocessors involved in your deployment
* data categories shared with each processor
* transfer regions and safeguards
* customer-managed integrations receiving webhook/API exports

## Artifact and evidence requests

Use security/support channels to request review artifacts such as:

* data flow diagrams
* retention policy references
* access-control overview documents

<Warning>
  Always use masked or synthetic data in sandbox and test systems. Never promote test payloads containing real customer PII into non-production workflows.
</Warning>

## What to do next

* Review [`./security`](./security) for key governance and incident handling controls.
* Review [`./compliance`](./compliance) for procurement-review expectations.
* Review [`../getting-started/environments`](../getting-started/environments) before promoting data-handling workflows to production.
