CallRail's data retention policy was created according to utilization we see across customer accounts. With our policy, we aim to follow best practices for data retention based on when customers use Personal Information. We'll delete Personal Information stored for our customers to ensure compliance with best practices for privacy regulations, which is subject to our internal retention periods. If at any time you need to preserve data outside of our retention rules, use this support doc to see how to export data from your account.
CallRail has four categories of data which we consider for the purposes of defining data retention policies. Each type of data has unique ownership and retention policies. Use this article to understand how CallRail saves data for compliance and regulatory purposes.
Types of Data CallRail Stores
Marketing Data is data about customers or prospective customers. This includes contact information provided to us on our website or during signup or user account creation, as well as data obtained from other market research activities. CallRail owns and controls this data. Individuals can request that data about themselves be removed from these lists pursuant to GDPR or CCPA requirements by submitting a ticket to our Security team. This data is otherwise retained until it is deemed no longer valuable to the company.
Business Records are data about customer accounts. This includes contact information for the account owner, billing records, and payment information. CallRail owns and controls this data, and is required to retain this data (including some Personally Identifiable Information) for legal and financial control purposes. We will not use this data for marketing or other non-record-keeping purposes. This data is retained as long as our operations and accounting practices require it.
Customer Data is account-level data either configured by the customer or collected through the use of the service. It includes the tracking phone numbers owned by the customer, call flows, lists of authorized users, credentials for third-party integrations, and other similar configuration data. It also includes data about individual third-party consumers either uploaded to the service, or who have contacted a CallRail customer through the service. This consumer data may include Personally Identifiable Information (PII) such as name, phone number, or email address. CallRail’s customer owns and controls this data. CallRail will not use this data for purposes other than as directed unless the data has been anonymized for use in aggregate analysis. This data is retained for as long as the account is active and in good standing, although customers can request that some types of this data be deleted earlier by submitting a ticket to our Security team.
Communication Records are records of interactions and communications logged on behalf of our customers through the use of the platform. This may include phone calls, call recordings, text messages, chat logs, form submissions, web visitor sessions, and other types of data. This data includes Personally Identifiable Information (PII) for third-party consumers, such as names, phone numbers, email addresses, and possibly the contents of the communication. CallRail’s customer owns and controls this data. CallRail will not use this data for purposes other than as directed unless the data has been anonymized for use in aggregate analysis.
Communication Records are retained for 25 months, after which they are automatically deleted. If you need to retain your data for longer than 25 months, you'll want to export your data at the account-level. Your data be deleted sooner than this by submitting a ticket to our Security team, but we're unable to extend the retention period.
Anonymization and Deletion Requests
For most Customer Data, CallRail provides ways for data to be deleted by the user. Deleted data is inaccessible to users, but may be retained in the platform to ensure accurate historical records and to provide undelete capabilities. As long as an account remains active we cannot accommodate deletion requests other or more permanent than what is offered within the platform because it may cause parts of the platform to function unexpectedly.
For Customer Data containing PII, and for all Communication Records, CallRail customers can request that we anonymize data about specific consumers and/or specific communication records. CallRail customers can also submit a request to delete this data entirely once they have been billed for the associated usage. For compliance reasons, all such anonymization or deletion requests involving PII are irreversible. Because CallRail is merely a processor of this data but does not own or control it, we cannot honor deletion requests directly from consumers.
Both Customer Data and Communication Records are automatically deleted 13 months after an account is closed. This data can be deleted earlier upon request from the account owner by submitting a ticket to our Security team. Once data is deleted the account cannot be recovered or reopened.
Users may have access to more than one account. A user’s record and individual preferences are retained until either the user has no remaining access to any accounts, or the user has not signed in for 13 months – whichever comes last.
Backups and Disaster Recovery
Deleted data may exist in backups for up to an additional 30 days. These backups are for platform-wide disaster recovery purposes only, and it is not possible to restore individual records or any individual account’s data. Data is considered deleted once either all feasible references to the data have been removed, or all relevant encryption keys have been destroyed.
Why is data being deleted from a paid account?
We retain Personal Information based on the typical utilization we see across customer accounts and follow best practices for data retention based on when customers use Personal Information. The Personal Information stored for our customers is deleted to ensure compliance with privacy regulations and is subject to our internal retention periods. You’re welcome to export your account data at any time according to your business needs and schedule.
Are my recorded greetings and voicemail greetings subject to deletion?
Recorded greetings and voicemail greetings (the messages callers hear when they call you or before they leave a voicemail) are considered customer data and are retained for as long as your account is open.
Voicemail recordings (ie. voicemail messages that callers have left for you) are considered call recordings and will be deleted after 25 months. To retain voicemail messages for longer than 25 months, use our account data export tool.
Can I extend the retention period for my data to 5 years?
It’s not possible to extend the data retention period. We recommend exporting your account data to maintain the data needed to meet your data retention policy.
Can I request a legal hold on data outside of the 25-month retention period?
We understand there may be circumstances in which you may be requesting data retention outside of our policy. To assist with legal holds, you’ll need to export your account data to maintain the data needed for your data retention policy.
Who should I contact with legal or privacy questions?
You can email any questions you have to firstname.lastname@example.org.