All fields are required
Maintaining compliance in today’s rapidly evolving regulatory landscape is essential for businesses of all sizes. At SignalWire, we are committed to providing you with the tools and guidance to navigate industry standards and legal requirements with confidence. Whether you’re handling sensitive customer data, adhering to global privacy laws, or implementing secure communication workflows, our platform is designed to simplify compliance while enhancing your operational efficiency.
This guide outlines best practices to help you leverage SignalWire’s features responsibly and stay aligned with regulatory frameworks like GDPR, HIPAA, and CCPA. From secure data handling to integration strategies, explore actionable steps to build trust, protect your users, and uphold the highest standards of communication compliance.
It's important to ensure sensitive information remains secure. Be mindful when sharing resources such as call flows, API configurations, API tokens or communication scripts to avoid accidental exposure by making them public or sharing them too broadly within your team.
SignalWire also allows you to control the visibility of your projects and sub-projects on a per user basis. Only give permission to a user who needs access to that project, mitigating unnecessary exposure.
Always use the latest version of your browser and any SignalWire-integrated tools to ensure a secure and optimized experience. Keeping your browser up to date ensures you benefit from the latest security patches, feature enhancements, and bug fixes. Additionally, safeguard access to your devices, as some browser features may cache data locally for convenience.
For organizations managing SignalWire at scale, consider leveraging enterprise-level tools to streamline deployments and enhance security across your team. This approach helps ensure consistent updates and adherence to best practices throughout your organization.
Protecting your SignalWire account is essential for ensuring the security of your communications and compliance with organizational standards. Follow these best practices to secure your account and sensitive data:
Use Strong Authentication: Always use a strong, unique password for your account, verify your email address, and enable two-factor authentication (2FA) via your identity provider or authenticator app for an added layer of security.
Set Standards for Team Security: Ensure all users in your SignalWire Spaces adhere to the same security policies as your organization to maintain a consistent and secure environment.
Monitor and Respond to Account Issues: Regularly review your team’s activity. Remove compromised accounts immediately and contact SignalWire support if you suspect a breach. Utilize your team’s audit logs to track account activity.
Handle API Keys Safely: Manage SignalWire API keys securely, restricting access based on roles and ensuring they are rotated periodically to mitigate risk.
By implementing these measures, you can protect your SignalWire account and ensure compliance across your team and organization.
SignalWire provides robust options to securely manage sensitive data, such as API keys, access tokens, and passwords, within your workflows. By following best practices for secure storage and sharing, you can protect critical information and minimize risks.
Use Environment Variables: Store sensitive data as environment variables within your SignalWire configurations. These variables can be securely referenced in scripts and integrations without exposing raw credentials.
Restrict Access: Control who can access sensitive data by using role-based permissions within your SignalWire Space. Ensure only authorized collaborators have access to critical information.
Limit Usage: Specify allowed domains or subdomains for sensitive credentials to restrict where they can be used.
Avoid Sharing Directly: Share sensitive information safely by using SignalWire’s secure sharing features or controlled documentation practices.
By securely storing and managing your sensitive data, you can maintain compliance and ensure a secure, reliable communication environment with SignalWire.
SignalWire enables you to define custom roles for team members to control access to projects within your SignalWire Space. By tailoring roles to the needs of each user, you can enhance security and limit exposure to sensitive information.
Role-Based Access Control: Assign roles that align with each team member's responsibilities, granting access only to the resources they need.
Isolate Sensitive Data: Store sensitive data in isolated projects or spaces, and restrict access to select individuals who require it.
Audit and Adjust: Regularly review role assignments and access levels to ensure compliance with organizational policies.
For detailed guidance on configuring user roles and managing project settings in your SignalWire Space, check out our developer documentation on user management.
When using third-party integrations with SignalWire, it’s essential to take proactive measures to ensure the security and compliance of your data. Agreements between SignalWire and users do not extend to the actions or policies of third-party integration providers.
To safeguard sensitive data:
Review Integration Policies: Verify that the integration provider complies with your organization’s security and regulatory requirements before use.
Establish Agreements: Implement security and compliance agreements with third-party providers to align with your data protection standards.
Monitor Data Flow: Regularly review how data is shared between SignalWire and the integration to prevent unintentional exposure or misuse.
By taking these precautions, you can confidently use integrations while maintaining the integrity of your data and compliance with your organization’s standards.
Leverage SignalWire’s audit logs to monitor your account for unusual activity, such as unexpected changes to settings or unauthorized access attempts. Regularly reviewing audit logs helps ensure that only authorized users are accessing your projects and resources.
Additionally, SignalWire audit logs can be integrated with your organization’s security information and event management (SIEM) tools via APIs, providing a comprehensive view of account activity and strengthening your security posture.
SignalWire will never send emails with attachments or request sensitive information like passwords or API keys. If you receive an email claiming to be from SignalWire that asks you to download attachments or install software, do not open it—it's not legitimate.
Additionally, watch out for phishing attempts from websites pretending to be SignalWire. We will never ask you to sign in to a non-SignalWire website or download software via email. For any concerns or issues with your account, reach out directly to SignalWire Support.
Protect sensitive or regulated data by applying policies that automatically follow your content. When you set guardrails for data collection and retention, you make adhering to governance requirements much easier on your teams.
Proactively Set Guardrails for Data
Protect sensitive or regulated data by applying policies that automatically follow your content. When you set guardrails for data collection and retention, you make adhering to governance requirements much easier on your teams.
| To-Do | SignalWire Data Management Checklist | Details |
|---|---|---|
| Implement a “Big Bucket” Strategy | Group communication records (e.g., call recordings, messages, user logs) into larger categories based on compliance requirements. For example, categorize call logs and recordings under a single retention policy to simplify management and minimize risk. | |
| Self-Governing Communication Data | Ensure retention and security policies follow your data across all SignalWire resources (call flows, IVRs, messages). Automate this process so users don’t have to manage retention manually or rely on disconnected systems. | |
| Classification Cues for Sensitive Data | Automatically classify and label sensitive communication data—such as calls containing payment details (PCI) or health information (HIPAA)—with visual or system-generated cues. Trigger appropriate security measures, including encryption and retention policies. | |
| Defensible Preservation | Preserve communication records (e.g., call recordings or chat logs) when subject to subpoenas or regulatory audits. Implement automated legal holds without interrupting ongoing processes or user productivity. | |
| Retention and Disposition Control | Define appropriate retention periods for all types of communication data. When data is no longer needed, automate disposition processes to ensure secure, compliant deletion.c | |
| Continuous Monitoring and Updates | Regularly assess retention policies, security settings, and regulatory changes to ensure compliance with evolving standards like GDPR, HIPAA, and PCI-DSS. |
Establish a peer review process for critical projects and configurations. Regularly review and approve updates to workflows or scripts, use version control tools to track changes, and incorporating testing steps will help to prevent unintended security risks.
Always make API calls over the internet using Transport Layer Security (TLS). Ensure client-side Secure Sockets Layer (SSL) validations remain enabled when interacting with SignalWire’s APIs. And when testing APIs behind a restricted firewall, use SignalWire’s static IP options to limit access. This is particularly important for private data handling, as it restricts access to critical systems.
If you are a Covered Entity or Business Associate as defined by the Health Insurance Portability and Accountability Act of 1996 (as amended, “HIPAA”), you agree to not use SignalWire’s platform or services for any purpose or in any manner involving Protected Health Information without first entering into a SignalWire Business Associate Agreement. Contact our sales department for more information.
Discover how to integrate SignalWire's secure communication APIs and SDKs into your applications. Access everything you need to build, scale, and innovate today.