Secure Communications for Your Business

Providing customers with the tools they need to secure their data

CTM Security image

At CallTrackingMetrics, Call Data Security is Top Priority

Customers benefit from a data center and network architecture built to meet industry-standard encryption and redundancy requirements. Our user-friendly security measures make it easy for customers to spend less time on compliance and more time running their business.

Encrypted Data

CallTrackingMetrics provides a number of options to keep data secure by encrypting its entire call tracking platform using Transport Layer Security (TLS). Data can be at risk even while at rest, and security demands that stored data be encrypted as well. CTM’s platform uses encrypted volumes to safely store recordings, transcriptions, log files, and other call data.


Any time call recordings are accessed or modified, that event is logged in the CallTrackingMetrics platform by user, IP address, and timestamp. Each user’s unique login credentials associate them directly to their activity within accounts. Every call recording playback is logged so that administrators know when a call has been reviewed.

Secure Notifications

Customize notifications so that certain fields containing sensitive information can be removed to prevent the distribution of this information. In addition, URLs linking to audio recordings inside notifications can have multiple layers of security so that only specific people with designated logins and secondary PINs can listen to calls.

Secure Access

Individuals have their own login to access the platform, and all of CTM’s plans allow for an unlimited number of users and a variety of access levels. Additional layers of protection, such as two-factor authentication and automatic timeouts, can be enabled. Administrators can also restrict which call data fields each user group can see, ensuring that sensitive data is only accessed when necessary.

Dedicated Servers

To maintain compliance, CTM uses dedicated servers to protect sensitive information. Dedicated servers are exclusive to CallTrackingMetrics and not shared with outside companies, eliminating the risk of sensitive data being distributed to unauthorized sources.

Spam Detective

If a spam caller is detected, you can select from a range of options to block or manage those calls internally. CTM also continuously reports suspicious patterns to carriers to prevent these dialers from getting through.


FormReactor® gives you the ability to add consent language and checkboxes into your forms and track that consent or opt-in with each online form submission. You can also trigger workflows based on a form field disposition or another activity indicator that places the contact (phone number) on an account-wide “do not text” and/or “do not call” list.


CTM provides the ability to either manually or automatically redact any personally identifiable information from call, text, and form records. Secure call transcriptions allow the system to detect when credit card information, social security information, or phone numbers are spoken during a call, tag the call appropriately, and redact that information from your call transcriptions and associated call recording.

PCI compliant badge
CCPA compliant badge
HITECH compliant badge
HIPAA compliant badge
GDPR compliant badge
PIPEDA compliant badge


CallTrackingMetrics offers features to allow providers to leverage call tracking while being HIPAA-compliant. As part of our HIPAA Compliance Program, CallTrackingMetrics will put in place Business Associate Agreements (BAAs) with customers to document the requirements of the relationship as it relates to HIPAA.


CallTrackingMetrics provides a number of configurations to help customers manage the personal data they are collecting. Through CTM, controllers have the tools they need to edit, update, delete, and transport data while also taking advantage of detailed logging and secure access to customer information.

Trusted by Customers One set of quotation marks.

Small Business Administrator

“A great tool that helps marketers do their job while providing security to their customers.”

Bryan D, Senior Marketing Strategist

“I have full confidence in Call Tracking Metrics that the integrations are secure.”

Data Security & Protection


A secure physical facility with round-the-clock surveillance, multi-factor authentication, redundancy zones, and secure logging are included with all CallTrackingMetrics accounts. Amazon Web Services (AWS), where the platform is hosted, complies with AICPA SysTrust, ISO 27001, and other leading physical security frameworks.


CallTrackingMetrics employs best practices for network security by protecting customer data from application to the platform to thousands of carrier connections around the world. Preventative measures include network firewalls, denial-of-service (DoS) and distributed-DoS prevention, and network posture assessment.


CallTrackingMetrics offers multi-tenancy in tiers. Underlying cloud infrastructure, voice and messaging platform, and CTM-powered applications are isolated and secure when present on the same server instance. Each customer’s activity and data is separate and protected using sub-accounts.

Security Audits

CTM regularly scans for security vulnerabilities and performs third-party penetration tests. All access to production clusters is restricted to CTM engineers, and is always logged and audited.

24/7 Incident Response

We strictly follow an incident policy for responding to and reporting different vulnerability risks. A Security Incident Response Team monitors alerts from upstream vendors. They are on-call 24 hours a day, seven days a week.

Privacy Policies

Strict data privacy policies block access to sensitive data and ensure it is only used to deliver the services configured. All CTM employees are also trained on HIPAA and privacy policies and participate in regular security audits.

SOC 2 Compliance

CallTrackingMetrics is SOC 2 compliant. Service Organization Control 2 (SOC 2) is a security framework that specifies how organizations should manage, process, and store customer data. CallTrackingMetrics’ SOC 2 Attestation is an independent third-party examination report that demonstrates how CallTrackingMetrics achieves key compliance controls and objectives.

Telecom Regulatory Updates

The telecommunications industry has implemented regulatory changes which CallTrackingMetrics is committed to supporting as part of a global effort to combat fraudulent spam calls and text messages. The two changes, the Application to Person messaging service, also known as A2P 10DLC, and STIR/SHAKEN, require businesses to obtain an attestation trust score by creating a business profile.

Read on for more information on what you can expect from these changes and how your business can maintain compliance.


Talk to a member of our team, and get a chance to experience the world’s only combined call tracking and contact center automation platform.