Measure swarm · Offline-attribution-intelligence agent · Call- tracking-integration skill · Build pillar · Published July 11, 2026

How to build multi-vendor call-tracking integration for franchise offline attribution

Start with a Tier 1 AI Readiness Assessment Tier 3 Fractional CMO with AI Swarm Take the 3-question quiz

The 4-skill bundle on the offline-attribution-intelligence agent

Ingest

Per-vendor webhook endpoint with HMAC-SHA-256 signature verification + idempotency key + dedup window + replay + retry (exponential backoff + circuit breaker + DLQ). Per- vendor event-shape normalization to canonical call record + UTC timestamp + phone E.164 canonicalization. Cross-vendor deduplication via composite natural key + SHA-256 content hash. Out-of-order + late-arrival handling. Streaming emit via Kafka + AWS Kinesis + Google Pub/Sub + Azure Event Hubs + RabbitMQ + Redpanda. Per-call DNI assignment + per-source allocation across 13 call-source classes + per-keyword + per- campaign + per-ad-group + per-keyword-fingerprint + DNI rotation + grace period + recycling policy.

Transcribe

9-vendor transcription pipeline (Whisper OpenAI + Deepgram + AssemblyAI + Google Speech-to-Text + Amazon Transcribe + Microsoft Azure Speech + Rev.ai + Speechmatics + Vatis Tech) with BAA-eligibility selection per call (Azure OpenAI Whisper + Deepgram Healthcare + Amazon Transcribe Medical for healthcare; standard tier for non-PHI). Per-call transcription confidence + speaker diarization. PII redaction (SSN + EIN + credit card + phone + email + passport + driver license + account number) + PHI redaction per HIPAA Safe Harbor 18-identifier + PCI redaction (4-digit + 6-digit + CVV + expiry on card-capture calls). Vocabulary tuning per vertical. Multi-LLM naturalization. Intent classification across 10 standing classes via multi-LLM ensemble (OpenAI + Anthropic + Google + Mistral + Cohere under per-vendor zero- retention) with confidence tier + explainability + self- consistency + chain-of-thought. Sentiment + crisis detection.

Gate

Five anchors before commit. HIPAA 45 CFR 164.502 / 504 BAA with transcription vendor (BAA-eligible distinction enforced per call) + 164.514 de-identification + 164.308 + 164.312 + PCI DSS v4.0 Requirement 3.4.1 pause-resume + CCPA / CPRA sensitive personal information (audio recordings + biometric voice prints) + Illinois BIPA + Texas CUBI + Washington biometric + COPPA. 14-state two-party recording consent + STIR / SHAKEN + TCPA + FCC 24-18 + 10DLC + CTIA + CASL + Federal DNC + state DNC. Per-state telemedicine + DEA + FINRA Rule 2210 + 3110 + SEC 17 CFR 240.17a-4 + FDA DTC fair balance. FCRA + ECOA + Fair Housing + GLBA + FDD Item 12 + 15-state franchise + FDD Item 17 + 19 + CFPB UDAAP. GDPR Article 6 + 7 + 17 + 22 + LGPD + DPDP + PIPEDA + Quebec Law 25 + EU AI Act Article 22 + 26 + 50 + Article 13 + 14 + 15 + Digital Services Act + NIST AI RMF + ISO 42001 + per-vendor LLM zero-retention. Policy-as-code via OPA Rego + AWS Cedar + Casbin + Cerbos + Oso + Styra DAS + Permit.io.

Audit

Per-call WORM record + per-location attribution join. Storage: AWS S3 Object Lock + Azure Blob immutable + Google Cloud Storage Bucket Lock + Wasabi WORM. Retention stacks (longest applicable): 7-year IRS + 7-year FTC + 7-year HIPAA medical record + 7-year state-bar + 6-year SEC + 3- year FINRA 4511 + 3-year FINRA Rule 3110 + per-state two- party recording + 36-month CASL + 3-year Illinois BIPA biometric retention + GDPR Article 30 + EU AI Act Article 12 + SOC 2 CC7 / CC8. End-to-end replay rewinds every stage.

The real vendor ecosystem this sits above

Call-tracking vendors

CallRail + Invoca + DialogTech (Marchex) + CallTrackingMetrics + WhatConverts + Convirza + ResponseTap + RingDNA + Phonewagon + CallSource + Marchex + Mediahawk + Adinton + AvidTrak + Phonexa + Retreaver + CallFire. Each vendor ships its own webhook shape + DNI strategy + transcription pipeline + per- call attribution model.

Transcription + LLM + event bus

Whisper (OpenAI) + Deepgram + AssemblyAI + Google Speech-to- Text + Amazon Transcribe + Microsoft Azure Speech + Rev.ai + Speechmatics + Vatis Tech transcription vendors with BAA- eligibility distinction (Azure OpenAI Whisper + Deepgram Healthcare + Amazon Transcribe Medical for HIPAA). OpenAI + Anthropic + Google + Mistral + Cohere LLM providers under per-vendor zero-retention back intent + sentiment + crisis classification. LangSmith + Weights & Biases + Arize + WhyLabs + Helicone + Langfuse + PromptLayer + Galileo observability. Kafka + AWS Kinesis + Google Pub/Sub + Azure Event Hubs + RabbitMQ + Redpanda event bus.

Policy-as-code + WORM + sibling skills

OPA Rego + AWS Cedar + Casbin + Cerbos + Oso + Styra DAS + Permit.io policy-as-code expresses HIPAA BAA + PCI DSS + Illinois BIPA + 14-state recording + STIR / SHAKEN + TCPA + FDD Item 12 + FINRA gates. AWS S3 Object Lock + Azure Blob immutable + Google Cloud Storage Bucket Lock + Wasabi compliance WORM. Siblings: call-analytics (parent); cross- vendor missed-call event normalization; callback software; missed-call recovery; missed-call text-back; contact-center FCR + AHT scorecards; agent-assist software; per-location missed-call CRM creation + callback workflow (#549); per- location auto-text SMS followup (#553); per-location callback scheduling (#544).

The 6-workstream reporting cycle

Numeric uplift commitments are not made up-front. The engagement ships a pre-engagement baseline across six workstreams; the cycle tracks delta against that baseline. Reporting is the substrate, not the promise.

Ingest coverage. Per-vendor webhook adapter coverage across the 17+ call-tracking vendors; HMAC-SHA-256 signature verification rate; cross-vendor dedup accuracy; out- of-order + late-arrival handling rate; DNI allocation coverage across 13 source classes.
Transcribe quality. Per-vendor transcription confidence; BAA-eligibility selection accuracy; PII / PHI / PCI redaction precision + recall; intent classification accuracy across 10 standing classes; sentiment + crisis detection rate; per-vendor LLM zero-retention verification per call.
Gate quality. Per-anchor evaluation completeness (HIPAA + transcription-vendor BAA + PCI DSS v4.0 + biometric voice-print + Illinois BIPA + 14-state recording consent + STIR / SHAKEN + TCPA + FCC 24-18 + 10DLC + FDD Item 12 + FINRA + EU AI Act); per-anchor pass / fail / route-to-counsel distribution; HIPAA BAA coverage across healthcare voice; PCI DSS pause-resume adherence on card- capture calls.
Audit quality. Per-call WORM record completeness; retention-window coverage (longest of 7-year IRS + 7-year FTC + 7-year HIPAA + 7-year state-bar + 6-year SEC + 3-year FINRA 4511 + 3-year FINRA Rule 3110 + per-state two-party recording + 36-month CASL + 3-year Illinois BIPA + GDPR Article 30 + EU AI Act Article 12 + SOC 2 CC7 / CC8); end-to-end replay success rate.
Compliance posture. Transcription-vendor BAA coverage matrix; PCI DSS v4.0 Requirement 3.4.1 adherence on card-capture calls; Illinois BIPA voice-biometric opt-in coverage; 14-state recording-consent disclosure adherence; STIR / SHAKEN attestation posture; TCPA prior-express-written- consent capture rate; FDD Item 12 territorial-protection adherence; EU AI Act Article 50 disclosure coverage when AI- ML classification participated.
Audit-trail completeness. Per-anchor regulatory citation completeness; sibling-handoff pointer completeness into the offline-attribution-intelligence bundle (call-analytics parent + cross-vendor missed-call event normalization + callback software + missed-call recovery + missed-call text-back + contact-center FCR + AHT scorecards + agent-assist software) and into the lost-call-recovery agent (per-location missed-call CRM creation + callback workflow #549 + per-location auto-text SMS followup #553 + per-location callback scheduling #544).

Frequently asked questions

What is multi-vendor call-tracking integration for franchise offline attribution — and why does single-vendor call tracking break at multi-banner franchise scale?

Multi-banner franchise systems track calls across multiple call-tracking vendors simultaneously — CallRail at one banner, Invoca at another, DialogTech (Marchex) at a third, CallTrackingMetrics at a fourth, plus WhatConverts + Convirza + ResponseTap + RingDNA + Phonewagon + CallSource + Marchex + Mediahawk + Adinton + AvidTrak + Phonexa + Retreaver + CallFire at the long tail. Each vendor ships its own webhook event shape, its own DNI (Dynamic Number Insertion) allocation strategy, its own transcription pipeline, its own intent classification, its own per-call attribution model. Per-vendor primitive works at 1-vendor-1-banner scale. At multi-banner franchise offline-attribution scale operators need cross-vendor call-stream ingestion + cross-vendor event-shape normalization + cross-vendor deduplication + per-call DNI assignment + per-call transcription pipeline + per-call PII / PHI / PCI redaction + per-call intent + sentiment classification + per-call per-location attribution join under FDD Item 12 territorial protection. The four-skill bundle on the offline-attribution-intelligence agent — Ingest, Transcribe, Gate, Audit — sits above the 17+ call-tracking vendor surface and the 9+ transcription vendor surface and writes a per-call canonical record with named regulatory anchors preserved in the audit trail.

Why do CallRail + Invoca + DialogTech + CallTrackingMetrics + WhatConverts + Convirza + ResponseTap + RingDNA + Phonewagon + CallSource + Marchex break at multi-banner franchise offline-attribution scale?

Each call-tracking vendor ships a per-tenant per-tracking-number per-call primitive. None coordinates cross-vendor event-shape normalization across the 17+ vendor surface (CallRail webhook + Invoca webhook + DialogTech / Marchex webhook + CallTrackingMetrics webhook + WhatConverts webhook + Convirza webhook + ResponseTap webhook + RingDNA webhook + Phonewagon webhook + CallSource webhook + Mediahawk webhook + Adinton webhook + AvidTrak webhook + Phonexa webhook + Retreaver webhook + CallFire webhook) with HMAC-SHA-256 signature verification + idempotency keys + dedup window + replay + retry + DLQ + UTC timestamp canonicalization + phone E.164 canonicalization + out-of-order handling + late-arrival handling. None composes DNI allocation across the 13 standing call-source classes (organic search + paid search + paid social + direct + referral + affiliate + organic social + email + SMS + display + DOOH + podcast + TV) with per-keyword + per-campaign + per-ad-group + per-keyword-fingerprint + DNI rotation + grace period + recycling policy. None coordinates the transcription pipeline across the 9 standing transcription vendors (Whisper OpenAI + Deepgram + AssemblyAI + Google Speech-to-Text + Amazon Transcribe + Microsoft Azure Speech + Rev.ai + Speechmatics + Vatis Tech) with per-vendor BAA-eligibility distinction for HIPAA + per-vendor PCI scope for card data + per-vendor biometric extraction policy. None enforces 14-state two-party recording consent + STIR / SHAKEN attestation + FDD Item 12 territorial protection. The four-skill bundle Ingest + Transcribe + Gate + Audit sits above the vendor surface — it does not replace it.

What does Ingest do — 17-vendor webhook normalization + HMAC verification + DNI allocation + cross-vendor dedup?

Ingest runs three coordinated subsystems. Per-vendor webhook endpoint with HMAC-SHA-256 signature verification + per-vendor idempotency key + per-vendor webhook deduplication window + per-vendor webhook replay + per-vendor webhook retry (exponential backoff + circuit breaker + dead-letter queue). Per-vendor event-shape normalization to canonical call record (per-vendor + per-call ID + per-tracking number + per-caller number + per-callee number + per-call start timestamp + per-call end timestamp + per-call duration + per-call status + per-call direction + per-call recording URL + per-call transcription URL) with UTC timestamp canonicalization + phone E.164 canonicalization. Cross-vendor deduplication on composite natural key (per-tenant + per-banner + per-location + per-caller-number + per-direction + per-rounded-timestamp + SHA-256 content hash). Out-of-order + late-arrival handling. Streaming emit via Kafka + AWS Kinesis + Google Pub/Sub + Azure Event Hubs + RabbitMQ + Redpanda. Per-call DNI assignment per-source allocation across the 13 standing call-source classes + per-keyword + per-campaign + per-ad-group + per-keyword-fingerprint + DNI rotation policy + DNI grace period + DNI recycling policy. Per-vendor confidence tier + explainability written into Audit at every ingestion.

What does Transcribe do — 9-vendor transcription pipeline + PII / PHI / PCI redaction + speaker diarization + intent + sentiment classification?

Transcribe runs the 9-vendor transcription pipeline (Whisper OpenAI + Deepgram + AssemblyAI + Google Speech-to-Text + Amazon Transcribe + Microsoft Azure Speech + Rev.ai + Speechmatics + Vatis Tech) with explicit BAA-eligibility selection per call (BAA-eligible Whisper via Azure OpenAI + BAA-eligible Deepgram Healthcare + BAA-eligible Amazon Transcribe Medical for healthcare calls; standard tier for non-PHI calls). Per-call transcription confidence + speaker diarization. PII redaction (SSN + EIN + credit card + phone E.164 + email + passport + driver license + account number) + PHI redaction per HIPAA Safe Harbor 18-identifier (names + geo subdivisions smaller than state + dates more specific than year + telephone + fax + email + SSN + medical record + health plan + account + license + vehicle + device + URL + IP + biometric + photo + other) + PCI redaction (credit-card 4-digit + 6-digit + CVV + expiry where the call moved to card capture). Vocabulary tuning per vertical. Multi-LLM naturalization of transcript. Intent classification (appointment booking + quote request + product inquiry + service inquiry + location hours + pricing question + complaint + existing-customer question + spam / bot + wrong number) via multi-LLM ensemble (OpenAI GPT-4o + Anthropic Claude Sonnet + Google Gemini Pro + Mistral Large 2 + Cohere Command R+ under per-vendor zero-retention) with confidence tier + explainability + self-consistency cross-check + chain-of-thought extraction. Sentiment classification + crisis detection. Per-call confidence tier + explainability written into Audit.

What does Gate do — HIPAA + transcription-vendor BAA + PCI DSS v4.0 + biometric voice-print + Illinois BIPA + 14-state recording + STIR / SHAKEN + TCPA + FDD Item 12 + FINRA + EU AI Act?

Gate evaluates five operationally distinctive anchors before any per-call record commits. Anchor 1 (the most operationally distinctive — distinctive to multi-vendor call-tracking where transcription is the high-risk surface): HIPAA 45 CFR 164.502 minimum necessary + 164.504 Business Associate Agreement with the transcription vendor (not just the call-tracking vendor) + 164.514 de-identification HIPAA Safe Harbor 18-identifier + 164.308 administrative safeguards + 164.312 technical safeguards. BAA-eligibility distinction (Azure OpenAI Whisper not OpenAI standard; Deepgram Healthcare not Deepgram standard; Amazon Transcribe Medical not Amazon Transcribe standard) is enforced per call. PCI DSS v4.0 Requirement 3.4.1 pause-resume recording prohibits storing CAV2 + CVC2 + CVV2 + CID; audio recording AND transcription must redact card data where the call moved to card capture. CCPA + CPRA classify audio recordings and biometric voice prints as sensitive personal information; opt-out + DSAR + right-to-erasure propagate through the transcription store. Illinois BIPA + Texas CUBI + Washington biometric law apply when biometric voice prints are extracted from recordings (some call-tracking vendors extract voice biometric features by default; per-vendor configuration must disable this where not affirmatively consented). COPPA 15 USC 6501 when transcription contains under-13 voice. Anchor 2: 14-state two-party recording consent (California + Connecticut + Delaware + Florida + Illinois + Maryland + Massachusetts + Michigan + Montana + Nevada + New Hampshire + Pennsylvania + Vermont + Washington) + STIR / SHAKEN caller-ID authentication (FCC mandate effective June 30, 2021 + A / B / C attestation + Robocall Mitigation Database) when caller ID is recorded; TCPA 47 USC 227 + FCC Declaratory Ruling FCC 24-18 March 2024 + 10DLC + CTIA + CASL + Federal DNC + state DNC. Anchor 3 (vertical-specific): per-state telemedicine licensure + DEA controlled substance when healthcare voice; FINRA Rule 2210 supervisory review + Rule 3110 archive + SEC 17 CFR 240.17a-4 retention when financial services; FDA DTC fair balance + 21 CFR Part 202 when FDA-regulated. Anchor 4 (credit + anti-discrimination + franchise): FCRA + ECOA Regulation B disparate-impact when AI-ML intent classification routes based on caller-area-code or demographic proxy; Fair Housing Act; GLBA Safeguards Rule; FDD Item 12 territorial-protection per FTC Franchise Rule 16 CFR 436 + 15-state franchise registration + state franchise relationship laws + FDD Item 17 + 19; CFPB UDAAP. Anchor 5 (privacy + AI-governance): GDPR Article 6 + 7 + 17 + 22 + LGPD + DPDP + PIPEDA + Quebec Law 25; EU AI Act Article 22 + 26 + 50 + Article 13 + 14 + 15 when AI-ML intent + sentiment + crisis classification participates; Digital Services Act; NIST AI Risk Management Framework; ISO 42001; per-vendor LLM zero-retention verified per call. Policy-as-code expression via OPA Rego + AWS Cedar + Casbin + Cerbos + Oso + Styra DAS + Permit.io.

What does Audit do — per-call WORM record + per-location attribution join + end-to-end replay across the offline-attribution-intelligence bundle?

Audit writes a per-call WORM record at every Ingest + Transcribe + Gate decision: per-call ID + per-vendor pointer + per-tracking number + per-DNI allocation record + per-source attribution + per-keyword + per-campaign + per-ad-group + per-keyword-fingerprint + per-transcription pointer + per-transcription-vendor selection (BAA-eligible vs standard tier) + per-transcription confidence + speaker diarization + per-PII redaction record + per-PHI redaction record + per-PCI redaction record + per-vocabulary tuning + per-multi-LLM naturalization + per-intent classification + per-sentiment classification + per-crisis-detection record + per-multi-LLM ensemble snapshot (per-model version + system prompt + temperature + zero-retention verification) + per-call confidence interval (Bayesian posterior + frequentist + bootstrap) + per-call explainability (SHAP + LIME + feature importance + counterfactual + attribution graph + causal DAG + multi-LLM narrative) + per-location attribution join (DID routing + ZIP code territory + IP geo + state territory + radius from store pin + DMA + CBSA + FDD Item 12 territorial-rights attestation + territory-overlap resolution + fallback to corporate) + per-anchor Gate decision with evidence (HIPAA BAA + minimum-necessary PHI check + PCI DSS pause-resume evidence + Illinois BIPA biometric posture + 14-state recording consent + STIR / SHAKEN attestation + TCPA consent state + FDD Item 12 protected-territory check + FINRA Rule 2210 supervisory review + EU AI Act Article 50 disclosure) + per-vendor LLM zero-retention verification + FBC feedback-loop record (per-correction feedback + intent classification tuning + sentiment classification tuning + crisis detection tuning + attribution join tuning + confidence recalibration + DNI rotation policy tuning) + sibling-handoff pointers. Storage on AWS S3 Object Lock + Azure Blob immutable + Google Cloud Storage Bucket Lock + Wasabi compliance WORM. Retention stacks (longest applicable wins): 7-year IRS + 7-year FTC substantiation + 7-year HIPAA medical record + 7-year state-bar record + 6-year SEC + 3-year FINRA 4511 + 3-year FINRA Rule 3110 social-media supervision archive + per-state two-party recording retention + 36-month CASL suppression + 3-year Illinois BIPA biometric retention + GDPR Article 30 records of processing + EU AI Act Article 12 record-keeping + SOC 2 CC7 / CC8. End-to-end replay rewinds Ingest + Transcribe + Gate + per-location attribution join with confidence tier and explainability at every stage. Sibling handoffs flow into the call-analytics parent commercial pillar, cross-vendor missed-call event normalization (sibling), callback software (sibling), missed-call recovery (sibling), missed-call text-back (sibling), contact-center FCR + AHT scorecards (sibling), agent-assist software (sibling), the multi-location missed-call detection sibling build-pillar, the per-location auto-text SMS followup sibling build-pillar (#553), the per-location missed-call CRM creation and callback workflow sibling build-pillar (#549), the per-location callback scheduling sibling build-pillar (#544), the foot-traffic integration sibling build-pillar, the attribution-event-emission sibling, and the per-location attribution-models sibling.

Engage Completions on the offline-attribution-intelligence bundle

The Ingest + Transcribe + Gate + Audit four-skill bundle ships as the orchestration layer above your existing call-tracking + transcription + event-bus + LLM ensemble surface. HIPAA + transcription-vendor BAA + PCI DSS v4.0 pause-resume + Illinois BIPA voice-biometric + 14-state recording consent + STIR / SHAKEN + TCPA + FCC 24-18 + 10DLC + FDD Item 12 + FINRA Rule 2210 + 3110 + EU AI Act anchors are preserved in every per-call audit record. Tier 1 AI Readiness Assessment scopes the bundle in two to three weeks; Tier 3 Fractional CMO with AI Swarm operates the bundle end-to-end.

Tier 1 AI Readiness Assessment Tier 3 Fractional CMO with AI Swarm Take the 3-question quiz