When using CallRail, it's important to keep your account, billing details, customer information, and logins secure. To assist in ensuring security for your account and your callers, we have several features in place.
CallRail offers Two-Factor Authentication to keep your login safe. Each CallRail account includes an unlimited number of users, so you never have to share your login. Each user is able to set up Two-Factor Authentication for each unique login they have for CallRail.
When you set up Two-Factor Authentication for your login, you can choose to receive a text message or use an authentication app of your choice to log into CallRail. Two-factor Authentication is available for all CallRail customers, at no additional charge.
Sign in With Google
CallRail offers the ability to use SSO to sign in with Google. Keep in mind you can't turn on Two-Factor Authentication within CallRail after signing in with Google. Instead, use Google's instructions for Two-Factor Authentication to add an extra layer of security to your account.
If you’ve signed in to CallRail using your Google credentials and need to revoke CallRail’s access to your Google account for security purposes, use Google’s instructions to stop signing in with Google.
If you’re using webhooks to send customer data to a third-party system, we recommend keeping track of what you're storing and where it is being stored. We also recommend ensuring your webhook endpoints are configured to use encrypted transmission via HTTPS.
CallRail’s call tracking solution is GDPR compliant without any additional configurations.
For CallRail, there are two key identities to define under GDPR:
Data controllers: Defined as, “A natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.” Most CallRail customers are data controllers.
Data processors: Defined as, “A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.” CallRail is a data processor with relation to your customer’s personal data, and a controller with relation to the account holder’s data.
GDPR places the way a controller handles personal data under the microscope. Under GDPR, EU citizens have a set of rights related to how their data is handled, which we outlined this CallRail blog post.
As a business handling personal data, the onus lies with you to clearly communicate what data you’re collecting on your customers and the purpose for which you’re collecting that data. As a tool, CallRail is GDPR compliant, because it legally transmits personal data to its customers — the controllers.
CallRail helps Covered Entities and the marketing agencies that serve them to maintain compliance with the regulations set forth by HIPAA and HITECH.