CallTrackingMetrics & the General Data Protection Regulation (GDPR)


CallTrackingMetrics is Committed to Your Data Protection

GDPR stands for the European Union’s General Data Protection Regulation and replaces the Data Protection Directive. The purpose of GDPR is to ensure appropriate protection of personal data in a digital society. CallTrackingMetrics is implementing processes to help customers prepare for GDPR before its effective date of May 25, 2018.

Customers will receive notifications of new functionality and changes to our policies via email, and we’ll also be updating this page and sharing content over the coming months, so check back often.

While CallTrackingMetrics will be providing information related to GDPR, the most authoritative resources will always be those produced by data protection regulators or the European Union itself. The full text of the GDPR can be found here.

Our Commitment to GDPR Compliance

Protecting Data

Our data protection team is dedicated to ensuring that CallTrackingMetrics is ready through appropriate protection of personal data.

Revised Policies

As you prepare your business for GDPR, we're updating our policies and terms.

Being Proactive

As we develop new systems and product features, we're including a requirement to build in data privacy "by design."

Raising the Bar

We are building features that customers around the globe can leverage to manage their data so that all customers can benefit from GDPR.

Preparing the Product for GDPR

To prepare for the May deadline, CTM will have the following new features available this Spring to help customers prepare for GDPR:

Countdown to GDPR









Data Security & Protection


A secure physical facility with round-the-clock surveillance, multi-factor authentication, redundancy zones, and secure logging are included with all CallTrackingMetrics accounts. Amazon Web Services (AWS), where the platform is hosted, complies with AICPA SysTrust, ISO 27001, and other leading physical security frameworks.


CallTrackingMetrics employs best practices for network security by protecting customer data from application to the platform to thousands of carrier connections around the world. Preventative measures include network firewalls, denial-of-service (DoS) and distributed-DoS prevention, and network posture assessment.


CallTrackingMetrics offers multi-tenancy in tiers. Underlying cloud infrastructure, voice and messaging platform, and CTM-powered applications are isolated and secure when present on the same server instance. Each customer's activity and data is separate and protected using sub-accounts.

Security Audits

CTM regularly scans for security vulnerabilities and performs third-party penetration tests. All access to production clusters is restricted to CTM engineers, and is always logged and audited.

24/7 Incident Response

We strictly follow an incident policy for responding to and reporting of different vulnerability risks. A Security Incident Response Team monitors alerts from upstream vendors, on-call twenty-four hours a day, seven days a week.

Privacy Policies

Strict data privacy policies block access to sensitive data and ensure it is only used to deliver the services configured. All CTM employees are also trained on HIPAA and privacy policies and participate in regular security audits.

Disclaimer: This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we recommend that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. You may not rely on this information as legal advice, nor as a recommendation of any particular legal understanding.