Protecting you and your customer’s data

illustrated financial chart

Stay compliant with CallRail

At CallRail, we take your privacy and data security very seriously. Our Privacy and Information Security Management Program is designed to reduce business and operational risk by preserving the privacy, confidentiality, integrity, and availability of customer information. These controls are designed and implemented to meet the requirements of HIPAA, SOC 2, GDPR, and CCPA.


Protect patient information with HIPAA

We take HIPAA compliance seriously; that’s why we’ve not only created an end-to-end solution for health care providers. We also sign a business associate agreement (BAA) with each of our HIPAA clients.

Our Call Tracking plans help covered entities (and the marketing agencies serving them) to maintain compliance with regulations set forth by HIPAA and HITECH.

Keep payment information secure with PCI

When you’re transcribing phone conversations, it’s important to provide as much protection as possible for Personal Credit Information (PCI).

Our PII Redaction feature removes customer billing information and financial information from your call transcriptions and call recordings like:

  • Credit card numbers
  • CVV digits
  • Billing zip codes

The result? Enhanced security for your CallRail account and peace of mind for your customers.

Your data is in your hands with GDPR

To our friends across the pond, you rule your data with the right to be informed about our practices regarding the collection, use, disclosure, and sale of personal information.

You have the right and ability to access your data, port your data out, and request that your data be erased.

Reserve your rights, California, with CCPA

We got you, Cali. California residents have a right to be informed about our practices regarding the collection, use, disclosure, and sale of personal information.

Just like our friends across the pond, you too have the right and ability to access your data, port your data out, and request that your data be erased.

How we keep your information safe

Legal Privacy

We ensure privacy and security by design. Through our software development life cycle, we prioritize and enforce security through our development and support process by protecting our application on public networks, keeping our engineering in-house, and rigorously testing our product for continuous improvement. We do this not just because we have, but because it’s the right thing to do.

Encryption Security

We’re committed to preserving the confidentiality, privacy, and integrity of our customer data from unauthorized use and disclosure. To ensure confidentiality and privacy, CallRail uses encryption to help protect sensitive data, either stored or transmitted.

Multi-Factor Authentication

It can be annoying at times, but doubling up on your login security should help you sleep easy. CallRail’s 2FA or two-step verification is an extra layer of security that adds an additional step to your basic CallRail login process. It significantly decreases the risk of a hacker accessing your CallRail account by combining your password with a second factor: your mobile phone.

Spam detection

We can all agree that spam calls and robo-dialers are the worst. They waste your time and hog your business lines. They also interfere with your call data and they try to scam your grandmother. CallRail’s spam-prevention technology ensures clean data in your call tracking reports and keeps your phone lines open to your real customers.

PII/PCI Redaction

Designed to look for and redact personal identifiable information, CallRail’s PII redaction feature removes sensitive items from your call recordings and transcripts. It’s designed to look for and redact personal identifiable information, such as your customers' billing and protected health information. Keep your SSN, credit card information, CVV, age, DOB, religious and political affiliation private.

Logging & Backups

All interactions and communications logged on behalf of our customers through the use of the platform are retained for 25 months, after which they are automatically deleted. This includes phone calls, call recordings, text messages, chat logs, form submissions, web visitor sessions, and other types of data you gather within the CallRail platform. Want to hold onto your data longer? By exporting your data at the account-level, you stay in control and retain the data you need.

Secure Access

We protect your data and how it flows through CallRail’s internal network and how it is accessed on public networks. Through network security and monitoring, firewalls, VPN, and multi-factor authentication, we keep our software and your data protected from accidents and attacks.

Internal Security Measures

Keeping you and your business’ data safe and secure takes more than an excellent product. It’s up to every employee at every level of the organization. We update and train our employees on security best practices so that we’re better equipped to serve you while providing a secure experience.

We've also implemented controls to ensure privacy and security at all levels of the organization. CallRail engaged an independent CPA to examine and report on its control that the AICPA has established, System and Organization Control (SOC) Type II. The independent CPA examined and reported on controls at CallRail relevant to Security, Availability, and Confidentiality. A copy of CallRail’s SOC II Type II report can be requested by contacting the legal team.


Screen Shot 2021-10-12 at 1.53.34 PM