Secure Communications for
Providing customers with the tools they need to secure their data
At CallTrackingMetrics, Call Data Security is Top Priority
Customers benefit from a data center and network architecture built to meet industry-standard encryption and redundancy requirements. Our user-friendly security measures make it easy for customers to spend less time on compliance and more time running their business.
CallTrackingMetrics provides a number of options to keep data secure by encrypting its entire call tracking platform using Transport Layer Security (TLS). Data can be at risk even while at rest, and security demands that stored data be encrypted as well. CTM’s platform uses encrypted volumes to safely store recordings, transcriptions, log files, and other call data.
Any time call recordings are accessed or modified, that event is logged in the CallTrackingMetrics platform by user, IP address, and timestamp. Each user’s unique login credentials associate them directly to their activity within accounts. Every call recording playback is logged so that administrators know when a call has been reviewed.
Customize notifications so that certain fields containing sensitive information can be removed to prevent the distribution of this information. In addition, URLs linking to audio recordings inside notifications can have multiple layers of security so that only specific people with designated logins and secondary PINs can listen to calls.
Individuals have their own login to access the platform, and all of CTM’s plans allow for an unlimited number of users and a variety of access levels. Additional layers of protection, such as two-factor authentication and automatic timeouts, can be enabled. Administrators can also restrict which call data fields each user group can see, ensuring that sensitive data is only accessed when necessary.
To maintain compliance, CTM uses dedicated servers to protect sensitive information. Dedicated servers are exclusive to CallTrackingMetrics and not shared with outside companies, eliminating the risk of sensitive data being distributed to unauthorized sources.
If a spam caller is detected, you can select from a range of options to block or manage those calls internally. CTM also continuously reports suspicious patterns to carriers to prevent these dialers from getting through.
FormReactor® gives you the ability to add consent language and checkboxes into your forms and track that consent or opt-in with each online form submission. You can also trigger workflows based on a form field disposition or another activity indicator that places the contact (phone number) on an account-wide “do not text” and/or “do not call” list.
CTM provides the ability to either manually or automatically redact any personally identifiable information from call, text, and form records. Secure call transcriptions allow the system to detect when credit card information, social security information, or phone numbers are spoken during a call, tag the call appropriately, and redact that information from your call transcriptions and associated call recording.
CallTrackingMetrics offers features to allow providers to leverage call tracking while being HIPAA-compliant. As part of our HIPAA Compliance Program, CallTrackingMetrics will put in place Business Associate Agreements (BAAs) with customers to document the requirements of the relationship as it relates to HIPAA.
CallTrackingMetrics provides a number of configurations to help customers manage the personal data they are collecting. Through CTM, controllers have the tools they need to edit, update, delete, and transport data while also taking advantage of detailed logging and secure access to customer information.
Trusted by Customers
Small Business Administrator
“A great tool that helps marketers do their job while providing security to their customers.”
Bryan D, Senior Marketing Strategist
“I have full confidence in Call Tracking Metrics that the integrations are secure.”
Data Security & Protection
A secure physical facility with round-the-clock surveillance, multi-factor authentication, redundancy zones, and secure logging are included with all CallTrackingMetrics accounts. Amazon Web Services (AWS), where the platform is hosted, complies with AICPA SysTrust, ISO 27001, and other leading physical security frameworks.
CallTrackingMetrics employs best practices for network security by protecting customer data from application to the platform to thousands of carrier connections around the world. Preventative measures include network firewalls, denial-of-service (DoS) and distributed-DoS prevention, and network posture assessment.
CallTrackingMetrics offers multi-tenancy in tiers. Underlying cloud infrastructure, voice and messaging platform, and CTM-powered applications are isolated and secure when present on the same server instance. Each customer’s activity and data is separate and protected using sub-accounts.
CTM regularly scans for security vulnerabilities and performs third-party penetration tests. All access to production clusters is restricted to CTM engineers, and is always logged and audited.
24/7 Incident Response
We strictly follow an incident policy for responding to and reporting different vulnerability risks. A Security Incident Response Team monitors alerts from upstream vendors. They are on-call 24 hours a day, seven days a week.
Strict data privacy policies block access to sensitive data and ensure it is only used to deliver the services configured. All CTM employees are also trained on HIPAA and privacy policies and participate in regular security audits.
SOC 2 Compliance
CallTrackingMetrics is SOC 2 compliant. Service Organization Control 2 (SOC 2) is a security framework that specifies how organizations should manage, process, and store customer data. CallTrackingMetrics’ SOC 2 Attestation is an independent third-party examination report that demonstrates how CallTrackingMetrics achieves key compliance controls and objectives.