Privacy Policy

Effective Date: April 4, 2026 | Last Updated: April 4, 2026

1. Overview and Data Controller

CallMeter ("we," "us," or "our") is the data controller responsible for your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SIP stress testing and VoIP analytics platform, website at callmeter.io, APIs, and related services (collectively, the "Service").

We are committed to protecting your privacy and processing your personal data in accordance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other applicable data protection laws.

Data Controller Contact:
CallMeter
Privacy Contact
Email: privacy@callmeter.io

2. Information We Collect

We collect the following categories of information:

CategoryData CollectedSource
Account InformationFull name, email address, organization name, job title, password (hashed)You provide
Billing InformationPayment method type, last four digits, billing address, transaction history, invoice recordsYou provide (via LemonSqueezy)
Test Configuration DataSIP server addresses, SIP credentials (encrypted at rest), codec preferences, test parameters, endpoint configurationsYou provide
Call Test DataCall quality metrics (MOS, jitter, packet loss, latency, R-Factor), SIP signaling metadata, RTP/RTCP statistics, test results, call duration dataGenerated by Service
Usage DataFeature usage patterns, test frequency, API call logs, credit consumption, login historyCollected automatically
Device and Browser DataIP address, browser type and version, operating system, device type, screen resolution, referring URL, access timestampsCollected automatically

Important: CallMeter does NOT record or store the actual audio or video content of your test calls. We collect only call quality metrics and signaling metadata unless you explicitly enable a recording feature.

3. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To provide, operate, and maintain the Service, including executing SIP tests, generating analytics, and delivering reports
  • Account Management: To create and manage your account, authenticate your identity, and provide customer support
  • Billing and Payments: To process transactions, send invoices, manage subscriptions, and handle credit purchases
  • Communications: To send technical notices, security alerts, service updates, billing notifications, and respond to your support requests
  • Service Improvement: To monitor, analyze, and improve the Service, including performance optimization and feature development
  • Security: To detect, prevent, and address fraud, unauthorized access, and other security issues
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests
  • Marketing: To send promotional communications about CallMeter products and features (only with your consent, and you may opt out at any time)

4. Legal Basis for Processing (GDPR Article 6)

For individuals in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data based on the following legal grounds:

Legal BasisGDPR ArticleProcessing Activities
Contract PerformanceArt. 6(1)(b)Account creation, service delivery, billing, test execution, customer support
Legitimate InterestsArt. 6(1)(f)Service improvement, analytics, fraud prevention, security monitoring, product development, bot detection (reCAPTCHA)
Legal ObligationArt. 6(1)(c)Tax compliance, financial record keeping, response to lawful government requests
ConsentArt. 6(1)(a)Marketing communications, newsletter subscriptions

5. Data Sharing and Third Parties

We do not sell your personal information to third parties. We may share your information with the following categories of recipients:

RecipientPurposeData Shared
LemonSqueezy (Lemon Squeezy, LLC)Payment processing, subscription management, tax complianceBilling information, email, name, transaction details
European Cloud Infrastructure ProviderInfrastructure hosting and data processing within the European UnionAll data stored on the platform (encrypted)
Mailtrap (Railsware Products, Inc.)Transactional email deliveryEmail address, name, email content
Google LLC (reCAPTCHA v3)Bot detection and abuse prevention on login and contact formsIP address, browser/device characteristics, behavioral interaction data, cookies
Law Enforcement / LegalLegal compliance, protection of rightsAs required by valid legal process

We may also share your information in connection with a merger, acquisition, reorganization, or sale of assets, in which case the acquiring entity will be bound by this Privacy Policy with respect to your data.

Anti-Abuse Protection (Google reCAPTCHA)

We use Google reCAPTCHA v3 on certain pages (including login and contact forms) to protect against automated abuse and spam. reCAPTCHA analyzes browser and device information to distinguish humans from bots. Data collected may include IP address, browser type, device characteristics, cookies, and interaction patterns. This processing is based on our legitimate interest in protecting the security of user accounts and the Service (GDPR Article 6(1)(f)). Data is processed by Google LLC in the United States under the EU-US Data Privacy Framework. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

6. International Data Transfers

Your personal data may be transferred to and processed in countries where our service providers operate, including within the European Union. We implement appropriate safeguards for all international data transfers as described below.

For transfers of personal data from the EEA, United Kingdom, or Switzerland, we implement appropriate safeguards including:

  • Standard Contractual Clauses (SCCs): EU Commission-approved clauses incorporated into our data processing agreements
  • Adequacy Decisions: Where the European Commission has determined that the recipient country provides adequate data protection
  • Supplementary Measures: Additional technical and organizational measures as necessary to ensure adequate protection
  • EU-US Data Privacy Framework: Google LLC (reCAPTCHA v3) processes data in the United States under the EU-US Data Privacy Framework

You may request a copy of the applicable transfer safeguards by contacting privacy@callmeter.io.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

Data CategoryRetention PeriodRationale
Account DataUntil account deletion + 30 daysActive service provision; grace period for reactivation
Test Results and Call Metrics90 days (default, configurable per plan)Historical analysis and trend reporting
Billing and Transaction Records7 years after transactionTax and financial compliance obligations
Security and Audit Logs2 yearsSecurity monitoring, incident investigation, compliance
Marketing Consent RecordsDuration of consent + 3 yearsProof of consent for regulatory compliance

When data is no longer required, it is securely deleted or anonymized so that it can no longer be associated with you.

8. Your Rights (GDPR Articles 15-22)

Depending on your location and applicable laws, you may have the following rights regarding your personal data:

  • Right of Access (Art. 15): Request a copy of your personal data and information about how it is processed
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data
  • Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten") when it is no longer necessary for the purposes for which it was collected
  • Right to Restriction (Art. 18): Request that we limit the processing of your personal data in certain circumstances
  • Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV)
  • Right to Object (Art. 21): Object to processing of your personal data based on legitimate interests, including profiling
  • Right to Withdraw Consent (Art. 7): Withdraw your consent at any time for processing activities based on consent, without affecting the lawfulness of prior processing
  • Right Not to be Subject to Automated Decision-Making (Art. 22): Not to be subject to a decision based solely on automated processing that produces legal effects concerning you

Exercising Your Rights

To exercise any of these rights, you may:

  • Use the data export and account deletion features in your account settings
  • Email us at privacy@callmeter.io with your request

We will respond to your request within thirty (30) days. We may ask you to verify your identity before processing your request. If we need additional time, we will inform you of the extension and the reasons for the delay.

EEA/UK Residents: You also have the right to lodge a complaint with your local data protection supervisory authority.

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

We implement security measures appropriate to our operational scale, including encryption in transit (TLS 1.3) and at rest (AES-256), application-level encryption for sensitive credentials, access controls, and regular security assessments.

While we strive to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service. For detailed information about the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.

11. Children's Privacy

The Service is not directed to individuals under the age of sixteen (16). We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@callmeter.io.

If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to promptly delete that information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes:

  • We will notify you by email at least thirty (30) days before the changes take effect
  • We will post a prominent notice on the Service
  • We will update the "Last Updated" date at the top of this page

Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Policy periodically.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have a privacy concern, please contact us:

CallMeter
Privacy Contact
Email: privacy@callmeter.io
General Support: support@callmeter.io
Website: https://callmeter.io

For EEA/UK residents: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU data protection authorities can be found at edpb.europa.eu.