Call Recording Compliance Checklist (Mobile Apps)

Last updated: 2026-01-30

This checklist is required before enabling call recording in production.

1) Consent & Disclosure

• In-app notice shown before initiating or answering a call.
• Call overlay shows “Recording enabled” when active.
• Explicit consent is captured (tap/checkbox) where required by law.
• Consent is logged with user ID, timestamp, and jurisdiction.

2) Policy Updates

• Privacy Policy updated with call recording purpose, retention, and access.
• Terms & Conditions updated with consent language.
• Accessibility statement includes alternative contact routes.
• Data Security addendum references call recordings.

3) Data Retention & Access

• Recording retention policy defined (e.g., 30/90/180 days).
• Deletion workflow for DSAR/erasure requests.
• Access restricted to support L4/L5 or admins.
• Audit trail for recording access (view/download).

4) Storage & Security

• Storage bucket is private; signed URLs only for playback.
• Encryption at rest (provider default) confirmed.
• Least-privilege access policies applied.
• Monitoring and alerting for unusual access.

5) QA & Operational Readiness

• iOS/Android recording permission prompts verified.
• Failure handling tested (no storage, no permission).
• Cross-region behavior validated.
• Incident response runbook reviewed.

Related Legal Docs

• PRIVACY_POLICY.md
• TERMS_AND_CONDITIONS_GENERAL.md
• DATA_SECURITY_ADDENDUM.md
• EMERGENCY_RESPONSE_PROTOCOLS.md
• ACCESSIBILITY_STATEMENT.md
• INTERNATIONAL_COMPLIANCE_ADDENDUM.md