Callbetter Compliance Statement

Attestation A (Full Authentication): Callbetter achieves the highest level of STIR/SHAKEN attestation by cryptographically signing all outbound calls with our direct carrier certificates. This ensures:

• Verified caller ID display to prevent "Scam Likely" labels
• TRACED Act compliance (Telephone Robocall Abuse Criminal Enforcement and Deterrence Act of 2019)
• Real-time call reputation monitoring
• Automatic certificate validation and renewal
• SIP 603+ transparency for network-blocked calls (effective March 25, 2026)

Know Your Customer (KYC) Verification: All Callbetter customers complete mandatory identity verification during onboarding to enable Attestation A and prevent number hijacking or spoofing.

For complete details, see our STIR/SHAKEN Compliance Page.

Campaign Registry (TCR) Registration: Callbetter automatically registers all customer brands and SMS campaigns with The Campaign Registry to ensure carrier-approved messaging and maximum deliverability.

• Automated brand vetting and EIN verification with TCR
• Campaign-specific approval for marketing, notifications, 2FA, and more
• Real-time compliance monitoring and carrier feedback tracking
• Support for high-throughput messaging (60-200+ messages/second)
• 95%+ SMS delivery rates for registered campaigns

One-to-One Consent Rule (Effective April 11, 2026): Per carrier requirements and our Acceptable Use Policy, all SMS recipients must provide direct, explicit consent to receive messages from your specific business. Purchased lists, co-registration, and third-party lead generation are strictly prohibited.

For complete details, see our A2P 10DLC Compliance Page.

Callbetter provides comprehensive tools to support TCPA compliance:

• Consent management and documentation systems for automated calls and text messages
• Built-in opt-out handling with automatic STOP keyword processing
• Do Not Call (DNC) list integration capabilities (users maintain their own DNC compliance)
• Call time restrictions to honor "quiet hours" (9 AM - 8 PM local time recommended)
• Detailed call and message logs for regulatory audits

User Responsibility: While Callbetter provides tools to facilitate TCPA compliance, users are solely responsible for obtaining proper consent, maintaining Do Not Call lists, and adhering to all applicable telemarketing regulations.

Callbetter maintains full compliance with FCC rules governing Voice over Internet Protocol (VoIP) services:

• E911 Services: Enhanced 911 emergency calling with automatic location information. Users must maintain accurate registered addresses. E911 Service Fee covers carrier compliance costs.
• CALEA Compliance: Communications Assistance for Law Enforcement Act-compliant systems allow lawful intercept when properly requested by authorized law enforcement agencies.
• CPNI Protection: Customer Proprietary Network Information is protected in accordance with FCC rules, with appropriate safeguards and customer consent mechanisms.
• Regulatory Recovery Fee: Transparent pass-through of regulatory compliance costs including USF, TRS, and state-level telecommunications fees. See Regulatory Recovery Fee details.

Anti-Spoofing Protection: Callbetter prevents illegal caller ID spoofing through:

• Number ownership verification via Local Routing Number (LRN) database
• KYC verification to prevent unauthorized use of phone numbers
• STIR/SHAKEN signing to authenticate legitimate caller ID
• Prohibition on displaying misleading or inaccurate caller ID information with intent to defraud

Penalties: Violations carry fines up to $10,000 per violation and potential criminal prosecution. Callbetter enforces strict anti-spoofing policies and will terminate accounts found in violation.

Our data protection practices comply with applicable laws including:

• California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA): California residents have rights to access, delete, and opt out of the sale of personal information. See our Privacy Policy.
• General Data Protection Regulation (GDPR): For European users, we provide data portability, right to be forgotten, and consent management.
• HIPAA Considerations: While Callbetter is not a HIPAA-covered entity, healthcare customers remain responsible for their own HIPAA compliance. We provide encryption and access controls to support customer compliance efforts.
• SOC 2 Type II: Our infrastructure undergoes regular security audits to ensure data protection best practices.

Callbetter maintains PCI DSS compliance for all payment processing:

• Encrypted transmission and storage of payment card information
• Tokenization through third-party payment processors (Stripe)
• Regular vulnerability scans and penetration testing
• Restricted access to cardholder data on a need-to-know basis
• Annual PCI compliance validation

Callbetter monitors and complies with state-level requirements including:

• California: CPUC registration, CCPA/CPRA compliance, California 911 fee collection
• New York: PSC VoIP registration, state Universal Service Fund contributions
• Texas: PUCT certification, state regulatory fee assessment
• All States: Varying state USF, 911 fees, and telecommunications surcharges as applicable

State-specific fees are itemized on customer invoices and covered under our Regulatory Recovery Fee.

Callbetter services are not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.

While Callbetter maintains platform-level compliance with telecommunications regulations, users remain solely responsible for ensuring their use of Callbetter services complies with all applicable laws, including but not limited to:

• Obtaining and documenting proper consent for calls and text messages
• Maintaining and honoring Do Not Call (DNC) lists at national and state levels
• Complying with TCPA, TSR (Telemarketing Sales Rule), and state telemarketing laws
• Adhering to industry-specific regulations (HIPAA, GLBA, FINRA, etc.)
• Following A2P 10DLC One-to-One Consent requirements for SMS
• Ensuring caller ID accuracy and preventing spoofing
• Complying with recording consent laws in applicable jurisdictions
• Maintaining records for regulatory audits and investigations

Prohibited Activities: Users found in violation of applicable laws or Callbetter's Acceptable Use Policy will have their services suspended or terminated. See our Terms of Service for complete user obligations.

Callbetter maintains a proactive compliance program including:

• Quarterly legal and regulatory reviews to identify new requirements
• Regular staff training on telecommunications compliance
• Automated monitoring of STIR/SHAKEN attestation and A2P 10DLC campaign status
• Engagement with legal counsel specializing in telecommunications law
• Participation in industry working groups (US Telecom ITG traceback consortium, ATIS IP-NNI Task Force)
• Annual third-party security and compliance audits (SOC 2, penetration testing)
• Carrier relationship management for compliance coordination