Call TraceLegal documents
Last updated: 20 June 2026

Data processing addendum

Processing terms for customer content, call recordings, transcripts, scripts, and analysis results handled by Call Trace on behalf of customer organizations.

1. Scope

This Data Processing Addendum applies when Call Trace processes personal data on behalf of a customer organization in connection with the service.

The customer is the controller or business, and Call Trace is the processor or service provider for customer content unless a separate written agreement states otherwise.

2. Processing instructions

Call Trace will process customer personal data only to provide, secure, support, and improve the service according to the customer's documented instructions, these public terms, and applicable law.

3. Categories of data

  • Call recordings, transcripts, speaker information, phone or account metadata, call timestamps, scripts, checklists, comments, scores, and analysis results.
  • Account and user data for customer personnel, including names, emails, roles, teams, audit logs, and authentication/session data.
  • Support, diagnostic, and usage data needed to operate the service.

4. Categories of data subjects

  • Customer employees, agents, supervisors, QA specialists, administrators, and contractors.
  • Call participants, leads, customers, prospects, or end users whose calls are submitted by the customer.

5. Security measures

Call Trace uses reasonable technical and organizational measures designed to protect customer personal data, including access controls, session security, infrastructure security, limited internal access, and operational monitoring.

6. Confidentiality

Personnel authorized to process customer personal data are expected to protect it and access it only as needed to provide or support the service.

7. Subprocessors

Call Trace may use subprocessors for hosting, database, object storage, email delivery, monitoring, security, and support. Current infrastructure may include Vercel, Neon, Cloudflare R2, and SMTP providers.

Call Trace remains responsible for subprocessors to the extent required by applicable data protection law.

8. Data subject requests

Where Call Trace receives a request from a data subject relating to customer personal data, Call Trace will direct the request to the customer where appropriate. Customers are responsible for responding to data subject requests unless applicable law requires otherwise.

9. Security incidents

Call Trace will notify affected customers without undue delay after becoming aware of a confirmed security incident involving customer personal data, as required by applicable law.

10. Deletion and return

Upon account closure, verified deletion request, or expiry of a pilot or agreement, customer personal data will be deleted or anonymized within a reasonable period unless retention is required by law, security, backup, or legitimate operational needs.

11. International transfers

Customer personal data may be processed outside the customer's country. Where required, Call Trace and its subprocessors rely on appropriate safeguards for international transfers.

12. Contact

Data processing questions can be sent to support@call-trace.com.