When using CallRail, it's important to keep your account, billing details, customer information, and logins secure. To assist in ensuring security for your account and your callers, we have several features in place.
Use this article to learn more about:
- Keeping your account and login safe
- Using encrypted transmissions for webhooks
- CallRail's GDPR compliance
- CallRail's HIPAA compliant solution
CallRail offers Two-Factor Authentication to keep your login safe. Each CallRail account includes an unlimited number of users, so you never have to share your login. Each user is able to set up Two-Factor Authentication for each unique login they have for CallRail.
When you set up Two-Factor Authentication for your login, you can choose to receive a text message or use an authentication app of your choice to log into CallRail. Two-factor authentication is available for all CallRail customers, at no additional charge.
If you’re using webhooks to send customer data to a third-party system, we recommend keeping track of what you're storing and where it is being stored. We also recommend ensuring your webhook endpoints are configured to use encrypted transmission via HTTPS.
CallRail’s call tracking solution is GDPR compliant without any additional configurations.
For CallRail, there are two key identities to define under GDPR:
- Data controllers: Defined as, “A natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.” Most CallRail customers are data controllers.
- Data processors: Defined as, “A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.” CallRail is a data processor with relation to your customer’s personal data, and a controller with relation to the account holder’s data.
GDPR places the way a controller handles personal data under the microscope. Under GDPR, EU citizens have a set of rights related to how their data is handled, which we outlined this CallRail blog post.
As a business handling personal data, the onus lies with you to clearly communicate what data you’re collecting on your customers and the purpose for which you’re collecting that data. As a tool, CallRail is GDPR compliant, because it legally transmits personal data to its customers –– the controllers.
For a full write-up on how CallRail is GDPR compliant, check out this CallRail blog post.
CallRail's offers a HIPAA compliant solution that helps Covered Entities and the marketing agencies that serve them to maintain compliance with the regulations set forth by HIPAA and HITECH.