Security, Compliance, and Data Governance

This chapter outlines the security and governance practices recommended for running MiaRec Conversation Analytics as a multi-tenant platform.

Because deployments vary (partner-hosted vs SaaS), treat this section as a framework and fill in the exact controls supported by MiaRec.

Security goals (operator)

Ensure strict tenant isolation
Protect sensitive data (audio, transcripts, message threads)
Control and audit administrative changes (tasks, fields, engines, overrides)
Meet regulatory requirements (retention, privacy, residency) where applicable

Data classification (recommended)

Identify and document: - content types stored: - audio recordings (voice) - transcripts / threads - AI outputs (custom fields, explanations) - sensitive fields: - personally identifiable information (PII) - payment data (PCI) - health data (HIPAA) (if applicable) - where data flows externally (transcription providers, LLM providers)

Access control model

Recommended role categories: - Platform operator / system admin - Tenant admin - Supervisor / analyst - Agent / standard user - Read-only auditor (optional)

Best practices: - least privilege for each role - separate operator accounts from tenant accounts - MFA/SSO enforcement for admin roles - API keys scoped by tenant and purpose

Audit logging (must-have)

Log and retain changes to: - AI Engines configuration - Global AI Tasks and Custom Fields - Tenant activation of tasks - Tenant overrides (prompt/filter) - Retention settings - User/role changes

Include: - who changed it - what changed (before/after) - when it changed - which tenant(s) are impacted

Data retention and deletion

Document: - retention defaults (audio, transcripts, threads, AI outputs) - configurable per-tenant retention (if supported) - deletion workflows and evidence (audit records) - legal hold and export mechanisms (if applicable)

Data residency and third-party processing

If you use external providers: - document what data is sent (full transcript? metadata? both?) - document provider regions and data handling guarantees - document how to select region-specific engines (if supported)

PII handling and redaction (common patterns)

Depending on product capabilities: - Pre-ingestion redaction (redact before MiaRec receives data) - Post-transcription redaction (redact in transcripts) - Prompt-level redaction (remove sensitive data before sending to LLM) - Storage-level controls (encrypt fields, restrict visibility)

Governance for AI configuration

Because AI Tasks can materially change outputs: - establish a policy for global task changes (review + test + staged rollout) - track tenant overrides as “configuration drift” - document how model changes affect comparability over time

Implementation notes

Provide a "Data Flow" diagram for voice and text channels showing all external processors
Require audit logs for task/prompt overrides (high value for enterprise customers)
Provide default retention settings that partners can tune per tenant
Document what data is sent to LLM providers (typically: transcript content with optional metadata)
Contact MiaRec for details on specific compliance certifications and data handling practices

EDITOR NOTE: fill in with product specifics

Purpose of this section

Provide operators a security checklist and clarify data processing boundaries (especially for external LLM providers).

Missing / unclear (confirm with Security/Engineering)

Tenant isolation mechanism
A) Shared DB with tenant_id enforcement
B) Separate DB/schema per tenant
C) Hybrid
Encryption
At rest: A) Yes B) No C) Depends on storage
In transit: A) TLS everywhere B) Partial
Audit logs
A) Full config audit log exists in product
B) Partial (only some actions)
C) External logging only
PII redaction
A) Built-in redaction exists (configurable)
B) Must be handled upstream
C) Mixed
LLM data sending
A) Full transcript is sent to provider
B) Transcript + metadata
C) Redacted transcript only
D) Configurable
Compliance targets
A) SOC 2
B) GDPR
C) HIPAA
D) PCI
E) Other