Security & Compliance
Before you hand us your business number, you should know how we handle call recordings, caller data, consent requirements, and uptime. Everything is on this page.
01 / TCPA & Call Recording
The Telephone Consumer Protection Act (TCPA) requires businesses to inform callers when a call is being recorded. Calling Matrix handles this at the start of every call with a configurable disclosure message — by default, something like: "This call may be recorded for quality and service purposes."
We work with you during onboarding to set the exact language. If your state requires a more explicit consent notice (see two-party consent states below), we configure the disclosure accordingly before your number goes live.
Calling Matrix does not use caller information to send unsolicited marketing messages. Caller data is used exclusively to fulfill the service — booking, routing, and follow-up — on your behalf.
Recording notice plays at the start of every inbound call. Configurable language, set during your onboarding session.
Calling Matrix does not initiate outbound calls to callers without explicit instruction from you. No auto-dialing, no spam.
Names, phone numbers, and addresses collected during calls are yours. We don't share, sell, or use them for any purpose outside your account.
Every call is logged with timestamp, duration, outcome, and recording. Exportable from your dashboard at any time.
02 / Two-Party Consent States
Most U.S. states follow one-party consent — only one person on the call needs to know it's being recorded. Eleven states require all-party (two-party) consent, meaning every caller must be informed before recording begins.
If your business operates in any of the states below, Calling Matrix automatically uses a consent-compliant disclosure. We confirm your service territory during onboarding and configure the appropriate notice — you don't need to manage this yourself.
03 / Data Handling & Encryption
All data transmitted between callers, our infrastructure, and your integrations is encrypted using TLS 1.2 or higher. Call recordings and lead data stored on our servers are encrypted at rest using AES-256.
We do not store payment information. Billing is handled entirely through our payment processor — no card data touches our servers.
All data moving between systems — calls, webhooks, CRM syncs — travels over encrypted connections.
Call recordings, transcripts, and lead data stored on our servers are encrypted at rest.
Billing is processed entirely through our payment provider. No card numbers, bank details, or PCI-scoped data on our servers.
Request full deletion of your account data at any time. We process deletion requests within 30 days.
04 / Data Retention
We retain call recordings, transcripts, and lead data for 90 days by default. You can export or delete this data from your dashboard at any time within that window.
After 90 days, recordings and transcripts are automatically purged from our systems. Lead contact information synced to your CRM or Google Sheets remains in those systems — under your control, governed by those platforms' retention policies.
When you cancel your Calling Matrix account, all call data is deleted within 30 days of account closure. You'll receive an email confirmation when the deletion is complete.
05 / Uptime & SLA
Calling Matrix runs on redundant infrastructure built for high-availability voice workloads. Emergency routing and after-hours coverage are the most uptime-critical parts of what we do — a missed call at 2 AM during a burst pipe costs your customer hundreds of dollars and costs you the job.
After Hours + Starter
99.9% uptime
Less than 9 hours downtime per year. Backed by infrastructure SLA.
Growth
99.9% uptime
Priority routing failover included. Incidents communicated within 15 minutes.
Scale
99.99% uptime
Less than 53 minutes downtime per year. Dedicated infrastructure, custom failover, and contractual SLA available.
SLA credits apply when uptime falls below the guaranteed threshold. See your service agreement for credit calculation details. Scale-tier SLA terms are negotiated as part of the contract.
06 / Certifications & Roadmap
We're a focused team building toward enterprise-grade compliance. Here's an honest picture of our current status and roadmap.
Enabled on all accounts. Configurable per state and use case.
All data encrypted in transit and at rest.
99.99% uptime SLA available in Scale-tier service agreements.
Audit scoping underway. Target: Q4 2026. Report will be available to enterprise customers under NDA on completion.
Live uptime dashboard with incident history. Scheduled for Q3 2026.
Not currently offered. Under evaluation for healthcare-adjacent trades (home health, med-spa, dental HVAC). No timeline yet.
07 / Security Contact
If you have a security question, a compliance requirement we haven't addressed here, or you've found a vulnerability in our systems — reach out directly. We take security reports seriously and respond within one business day.
Security questions, compliance inquiries, and vulnerability reports go to the same inbox — we handle them personally.
Email [email protected]