1. Global Data Protection Compliance

CallX is committed to complying with data protection regulations worldwide:

• GDPR Compliance: We adhere to the European Union's General Data Protection Regulation, ensuring users' rights to access, correct, delete, and port their personal data.
• CCPA Compliance: We comply with the California Consumer Privacy Act, respecting California residents' rights regarding their personal information.
• International Data Transfers: We maintain appropriate safeguards for transferring personal data across borders in compliance with applicable data protection laws.

2. Industry Certifications

CallX maintains industry-standard certifications to demonstrate our commitment to security and compliance:

• SOC 2 Type II: Our systems and operations have been audited for security, availability, and confidentiality by independent third-party auditors.
• ISO 27001: We maintain an Information Security Management System certified against the ISO/IEC 27001 standard.
• Cloud Security Alliance (CSA) STAR: CallX participates in the CSA STAR program, demonstrating compliance with cloud security best practices.

3. Sector-Specific Compliance

For enterprise customers in regulated industries, we offer specific compliance capabilities:

• Healthcare (HIPAA): CallX Enterprise includes features to help healthcare organizations comply with the Health Insurance Portability and Accountability Act.
• Financial Services: We provide solutions to help financial institutions meet their regulatory requirements, including records retention and communication monitoring.
• Government: Our platform includes features to help government agencies meet their compliance obligations, including FedRAMP requirements where applicable.

4. Records Retention and Legal Hold

For enterprise customers who need to maintain records for compliance purposes:

• Configurable Retention Policies: CallX Enterprise allows administrators to set message retention policies to comply with industry-specific regulations.
• Legal Hold: When required for litigation, administrators can place specific conversations or users under legal hold to preserve relevant communications.
• eDiscovery: Our enterprise solution includes tools to search and export communications when required for legal proceedings.

5. Risk Management and Governance

We maintain robust risk management practices:

• Regular Risk Assessments: We conduct regular risk assessments to identify and mitigate potential risks to our platform and users' data.
• Vendor Management: We carefully vet and monitor our vendors to ensure they meet our security and compliance standards.
• Policy Framework: We maintain comprehensive policies and procedures to guide our operations in compliance with applicable laws and regulations.

6. Transparency Reports

We publish regular transparency reports detailing:

• Government Requests: Information about government requests for user data and our response to them.
• Content Moderation: Statistics on content moderation actions taken to enforce our terms of service.
• Service Reliability: Information about service availability and incidents that may have affected user data.

7. Compliance Inquiries

For compliance-related inquiries or to request more information about our compliance program, please visit our Contact page.