When using CallRail, it's important to keep your account, billing details, customer information, and logins secure. To assist in ensuring security for your account and your callers, we have several features in place.
Two-Factor Authentication
CallRail offers Two-Factor Authentication to keep your login safe. Each CallRail account includes an unlimited number of users, so you never have to share your login. Each user is able to set up Two-Factor Authentication for each unique login they have for CallRail.
When you set up Two-Factor Authentication for your login, you can choose to receive a text message or use an authentication app of your choice to log into CallRail. Two-factor Authentication is available for all CallRail customers, at no additional charge.
Read this article for instructions on setting up Two-Factor Authentication.
Sign in With Google
CallRail offers the ability to use SSO to sign in with Google. Keep in mind you can't turn on Two-Factor Authentication within CallRail after signing in with Google. Instead, use Google's instructions for Two-Factor Authentication to add an extra layer of security to your account.
If you’ve signed in to CallRail using your Google credentials and need to revoke CallRail’s access to your Google account for security purposes, use Google’s instructions to stop signing in with Google.
Encrypted Webhooks
If you’re using webhooks to send customer data to a third-party system, we recommend keeping track of what you're storing and where it is being stored. We also recommend ensuring your webhook endpoints are configured to use encrypted transmission via HTTPS.
For more information on webhooks, check out our webhooks and API documenation.
GDPR Compliance
CallRail’s call tracking solution is GDPR compliant without any additional configurations.
For CallRail, there are two key identities to define under GDPR:
Data controllers: Defined as, “A natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.” Most CallRail customers are data controllers.
Data processors: Defined as, “A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.” CallRail is a data processor with relation to your customer’s personal data, and a controller with relation to the account holder’s data.
GDPR places the way a controller handles personal data under the microscope. Under GDPR, EU citizens have a set of rights related to how their data is handled, which we outlined this CallRail blog post.
As a business handling personal data, the onus lies with you to clearly communicate what data you’re collecting on your customers and the purpose for which you’re collecting that data. As a tool, CallRail is GDPR compliant, because it legally transmits personal data to its customers — the controllers.
For a full write-up on how CallRail is GDPR compliant, check out this CallRail blog post.
HIPAA Compliance
CallRail helps Covered Entities and the marketing agencies that serve them to maintain compliance with the regulations set forth by HIPAA and HITECH.
Read this article to learn more about upgrading to a CallRail Healthcare account.
Legal Notice
You likely need to mention your collection of call data and use of cookies in your own privacy policy and document your use of personal data under the intended lawful interest. You should consult your own legal counsel to determine how this may apply to your situation. This article is not intended to be used as legal advice.
