Dubber can help you stay compliant

Failing to be fully compliant with regulatory directives can result in costly fines, so keeping up-to-date with an efficient call recording solution is essential.


We manage compliance through regular internal and external audits. Our products meet international and industry compliance standards such as ISO27001, GDPR, HIPAA, PCI DSS and Cisco CASPRx. Our audits include independent penetration testing activities, and external technical and process audits. We coordinate with legal counsel for any legal or compliance obligations.

Safe, secure and reliable storage

All recordings on our platform are protected by market-leading encryption and reliability. Read more about our security in our white paper.

Secure networks: Dedicated secure networks and data-level protection including HTTPS and TLS.

Compliant data centers: The data infrastructure is supported by SOC 1, 2 and 3 compliant data centers.

Perpetual storage: Storage scales alongside an organization to meet requirements of 5 years and beyond.

Access permissions: Teams can be set up to restrict access depending on the role the user has been allocated.

Retrieve the right call in seconds

Advanced search functionality helps to search for calls using information including words spoken during a call.

Immediate access to all calls

Based on user permissions settings, we provide immediate access to all stored recordings via multiple devices, in the case of a request for retrieval.

Detailed, accurate audit trails

All information relating to a call, including call parties, date, and time are accurately stored alongside a recording to demonstrate secure storage.

Compliance requirements around the world

Call recording regulations vary between each directive, but generally it is required that all communication between consumers and businesses is securely stored.

Payment Card Industry Data Security Standard (PCI DSS)

Regulation for retailers that ensures that payment card information is stored securely and that certain information is never collected. The Dubber solution has the ability to pause and resume recording if required for PCI DSS compliance, based on the size of the processor.

Australia Privacy Act (1988)

The Privacy Act 1988 for Australia aims to protect the privacy of the personal information of individuals. The legislation requires organisations to take reasonable steps to protect information that has been collected and data that is no longer required must be deleted. Organisations are also required to give individuals access to their data and correct it if requested.

New Zealand Health Information Privacy Code (1994)

The Health Information Privacy Code 1994 for New Zealand is a collection of rules for the health sector that cover health information of identifiable individuals. The Privacy Code states that reasonable safeguards must be in place to protect data and that information must not be kept for longer than necessary. Individuals also have the right to request access and corrections to their data.

Singapore Personal Data Protection Act (2012)

The Personal Data Protection Act (PDPA) 2012 is the principal data protection legislation in Singapore. It requires organisations to protect personal data and to delete information as soon as the purpose for the collection of the data is no longer served. Data must also stay within Singapore unless standards of protection are maintained. Under the PDPA, individuals have the right to request access to their personal data, request corrections, and withdraw their consent.

General Data Protection Regulation (GDPR)

GDPR is an EU law, designed to protect the Personally Identifiable Information (PII) of European residents. Businesses that collect this information must gain consent to this data being recorded. Any personal information should only be stored for as long as it is required, and should be deleted as soon as it is no longer needed, and all access to data should be monitored to create an audit trail.

Markets in Financial Instruments Directive II (MiFID II)

MiFID II was put in place to regulate financial services organisations. This legislation impacts any company or individual offering financial advice who operate in EU countries. Calls containing financial advice must be recorded and securely stored for 5 or 7 years, depending on the country. Upon request, records and audit trails must be provided.


The Dodd-Frank Act was passed by the United States government to promote financial stability by improving accountability and transparency amongst financial service organizations. Dodd-Frank introduced extensive record-keeping regulations for the US financial services industry, including call recording requirements. Recordings must be stored for the lifetime of a transaction plus 5 years and must be readily accessible at the principal office of an organization. Call metadata, including call parties, date, and time must be accurate.

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

HIPAA is United States legislation that provides data privacy and security provisions for safeguarding medical information, including protected health information. HIPAA distinguishes between two types of organizations: covered entities (physicians, hospitals and pharmacies), and business associates (claims processors, contact centers and third-party billing companies), both of which are required to comply with data protection regulations. Any recordings containing medical information must be kept secure and encrypted and should be securely stored for 6 years and beyond. Recordings need to be kept private with no unauthorized third-party access but must be available to replay at any time.

Contact us to learn more about how we help organizations comply with regulations in their region.

Talk to us