Account Security Tips

When using CallRail, it's important to keep your account, billing details, customer information, and logins secure. To assist in ensuring security for your account and your callers, we have several features in place. 

Use this article to learn more about:

  • Keeping your account and login safe
  • Using encrypted transmissions for webhooks
  • CallRail's GDPR compliance
  • CallRail's HIPAA compliant solution

Two-Factor Authentication

CallRail offers Two-Factor Authentication to keep your login safe. Each CallRail account includes an unlimited number of users, so you never have to share your login. Each user is able to set up Two-Factor Authentication for each unique login they have for CallRail.

When you set up Two-Factor Authentication for your login, you can choose to receive a text message or use an authentication app of your choice to log into CallRail. Two-factor authentication is available for all CallRail customers, at no additional charge.

Read this article for step-by-step instructions on setting up Two-Factor Authentication.

Encrypted Webhooks

If you’re using webhooks to send customer data to a third-party system, we recommend keeping track of what you're storing and where it is being stored. We also recommend ensuring your webhook endpoints are configured to use encrypted transmission via HTTPS.

For more information on webhooks, check out our webhooks and API docs.

GDPR Compliance

CallRail’s call tracking solution is GDPR compliant without any additional configurations.
For CallRail, there are two key identities to define under GDPR:

  • Data controllers: Defined as, “A natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.” Most CallRail customers are data controllers.

  • Data processors: Defined as, “A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.” CallRail is a data processor with relation to your customer’s personal data, and a controller with relation to the account holder’s data. 

GDPR places the way a controller handles personal data under the microscope. Under GDPR, EU citizens have a set of rights related to how their data is handled, which we outlined this CallRail blog post.

As a business handling personal data, the onus lies with you to clearly communicate what data you’re collecting on your customers and the purpose for which you’re collecting that data. As a tool, CallRail is GDPR compliant, because it legally transmits personal data to its customers –– the controllers.

For a full write-up on how CallRail is GDPR compliant, check out this CallRail blog post

HIPAA Compliance

CallRail's offers a HIPAA compliant solution that helps Covered Entities and the marketing agencies that serve them to maintain compliance with the regulations set forth by HIPAA and HITECH. 

Read this article to learn more about upgrading to a HIPAA CallRail account.

You likely need to mention your collection of call data and use of cookies in your own privacy policy and document your use of personal data under the intended lawful interest. You should consult your own legal counsel to determine how this may apply to your situation. This article is not intended to be used as legal advice. 

Have more questions? Submit a request

Comments

Need additional help? Ask our Community!