Every relationship
starts with trust.

Provide lawful-basis workflows (consent/legitimate interest/legal obligation), inform users of recording, enforce retention/minimization, secure recordings with encryption in transit/at rest, maintain audit trails, support breach response, and enable data-subject requests (access/delete) where appropriate.

IXCloud supports your GDPR compliance by providing secure processing (encryption in transit/at rest), access controls, detailed audit trails, and workflows that help you fulfill data-subject requests and retention policies. GDPR does not provide an EU-wide vendor certification, and Numonix does not claim ‘GDPR certification.’

Specifics: 
IXCloud uses AES-256 encryption, unique per-call keys in Azure Key Vault, digital signatures (hash) for tamper detection; legal hold vs. retention profiles; playback permissions + full playback and shared-link audit logs; GDPR Cancel Recording App and GDPR Delete workflow; shared links with password/time-bound access; stereo/RX-TX separation supports accurate subject-data retrieval.

Operate within an ISMS: risk assessment, access control, encryption, logging/monitoring, incident response/DR, supplier management, key management. Provide evidence that controls are designed/operating.

Numonix operates an ISO/IEC 27001-certified ISMS; IXCloud runs within this security framework, supporting customer compliance needs.

Specifics: 
Encryption and per-call keys/Key Vault; role-based playback permissions; audit logs for playback/sharing; geo-redundant storage (GRS) for resilience; SSO (Entra ID) and AD/SCIM sync; BYOS option for customer-owned Azure Blob (supplier/segregation); dashboard widgets for monitoring capacity/usage.

Enforce access controls, encryption, audit trails, role-based permissions; support authorization/consent and data minimization; maintain BAA-ready controls, incident response, and secure sharing (no uncontrolled downloads of PHI).

IXCloud helps customers meet HIPAA Security/Privacy Rule safeguards—encryption, role-based access, audit logging, and least-privilege playback/sharing—while customers maintain overall HIPAA responsibility. We do not claim HIPAA certification.

Specifics: 
AES-256 encryption in transit/at rest, role-based playback, shared links with password/time limits (no unencrypted downloads), audit logs for access/sharing, PCI muting feature to suppress sensitive segments; SSO and AD Sync for workforce security.

Prevent capture of card data in recordings (mute/redact), or ensure encryption, key management, masking, access controls, logging, retention limits; avoid storing SAD/CVV in any form.

IXCloud supports your PCI DSS obligations with PCI muting/redaction, encryption, strict access controls, and audit trails. IXCloud itself is not a card processor; we do not claim PCI certification unless specifically validated for a defined in‑scope service.

Specifics: 
PCI Muting inserts silence during sensitive entry; encryption + per-call keys; access-controlled playback; audit logs; shared-link controls; retention profiles to limit storage; OpenAPI for governance reporting.

Capture all relevant voice/video/screen-share interactions, timestamp, notify, securely store, tamper-evident signatures, retrieve on demand for regulators; enforce retention 5–7 years; prevent use 
of unrecorded private devices.

IXCloud supports our clients’ MiFID II compliance by capturing regulated voice / video / screen-share, enforcing retention, and providing tamper-evident, auditable access and regulator-ready exports. MiFID II does not certify third-party solutions.

Specifics: 
Audio/Video/VBSS recording; digital signature (hash) per file; GRS storage; legal hold; retention profiles; playback logs/audit trails; Teams/Cisco/Avaya/Zoom integrations; shared links with auditability for regulator access.

Implement and document controls for:

• Security – Access control, encryption, authentication, vulnerability management.
• Availability – Resilience, disaster recovery, monitoring.
• Confidentiality – Data segregation, secure sharing, retention policies.
• Processing Integrity – Accurate, complete, timely recording and retrieval.
• Privacy – Handling of personal data per commitments/regulations.
Provide evidence of control operation over time (audit logs, monitoring reports, penetration tests).

Numonix maintains a SOC 2 Type II attestation covering Security (and selected TSC categories), demonstrating continuous operation of relevant IXCloud controls.

Specifics: 
Security: AES-256 encryption at rest/in transit; unique per-call keys in Azure Key Vault; SSO via Microsoft Entra ID; RBAC playback permissions; SCIM/AD Sync for provisioning.
Availability: Geo-Redundant Storage (GRS) with Azure SLA (16 nines); dashboard widgets for monitoring; BYOS option for customer-owned storage.
Confidentiality: Segregated tenant storage; shared links with password/time-bound access; audit logs for playback and link sharing.
Processing Integrity: Digital signatures (hash) for tamper detection; metadata-rich exports; OpenAPI for automated compliance workflows.
Privacy: GDPR workflows (Cancel Recording, Delete), retention profiles, legal hold, PCI muting for sensitive data.
All features operate continuously and generate auditable logs for SOC 2 Type II evidence.

Record oral comms that lead to execution (phone/voicemail/IM/etc.), capture timestamps/UTC, preserve terms, maintain searchability, store securely (often WORM-like), and provide auditability; manage location/retention per CFR.

IXCloud supports our clients’ Dodd-Frank/CFTC 23.202 recordkeeping by capturing and preserving pre-execution communications with integrity checks, timestamps, and auditability for rapid reconstruction.

Specifics: 
Audio/VBSS/Video capture across platforms; metadata/timestamps; searchable by user/time; digital signatures; secure playback (no unencrypted downloads); shared-link audit; retention/legal-hold controls for evidentiary preservation.

Support policy-driven call handling (time-of-day, frequency controls), disclosure prompts, recordings with audit trails to demonstrate compliance; secure storage and restricted access to sensitive consumer data.

IXCloud supports Reg F-aligned call handling and evidence creation—profile-based recording, access controls, and complete audit trails—while your policies govern contact practices.

Specifics: 
Recording profiles per group (collections) to enforce policies; audit logs for playback/sharing; PCI muting to suppress payment data; retention aligned to business/regulatory needs; SSO/RBAC to prevent unauthorized access.

Provide controls for availability/resilience, incident handling, supplier oversight, secure storage, and long-term retention where applicable (incl. sanctions/OFAC record changes). [occ.gov]

IXCloud supports FFIEC-aligned resilience with encrypted storage, geo-redundancy, access logging, and export controls that integrate with our clients’ control framework.

Specifics: 
GRS storage (resilience), BYOS (customer-owned storage for chain-of-custody), encryption/digital signatures, audit logs, OpenAPI for integration with governance tools; legal hold/retention profiles for record-keeping.

Capture/retain business communications, enable supervisory review, tamper-evident storage, and prompt retrieval; prevent use of unmonitored channels/devices.

IXCloud supports FINRA supervision and books-and-records controls via multi-platform capture, governed retention/legal hold, access control, and logging that facilitate supervisory reviews.

Specifics: 
IXCloud’s multi-platform capture (Teams / Cisco / Avaya / Zoom), digital signatures, audit logs, retention/legal hold, RBAC playback, and shared-link retrieval align with supervisory and evidentiary obligations.

Enable consent/notice mechanisms, data minimization, secure processing (encryption/access control), audits/logging, retention/deletion workflows, and data-subject request handling; ensure lawful interception per RICA exceptions.

IXCloud supports POPIA compliance through encryption, RBAC, audit logs, retention and deletion workflows, and authenticated access/sharing.

Specifics: 
Encryption, RBAC playback, audit logs, retention profiles + GDPR Delete workflows applicable to POPIA requests; shared links with password/time bounds; BYOS for custody; OpenAPI for request tracking/reporting.

Record advice calls; store securely; retrieve within set time; keep records ≥5 years; restrict disclosure unless lawful/consented.

IXCloud supports FAIS recordkeeping by preserving advice/communications with governed retention, searchability, and auditable retrieval.

Specifics: 
Audio recording across platforms; encryption/digital signatures; retention profiles (≥5 years); audit logs; shared links with access controls for retrieval; RBAC to enforce confidentiality.

Maintain secure records of client interactions relevant to KYC/AML; retain ≥5 years; access-controlled storage; auditability; integrate with institutional RMCP.

IXCloud supports FICA recordkeeping via metadata-rich capture, retention profiles, legal hold, and export for AML case systems.

Specifics: 
Retention profiles and legal hold; audit logs and metadata; encryption/Key Vault; BYOS for custody alignment; OpenAPI to feed AML/KYC case systems.

Ensure tamper-evident storage (hash/signature), controlled import/transfer, metadata capture, retention/redaction/disposal procedures, audit trails, and authenticated output; maintain chain 
of custody.

IXCloud provides tamper-evident 
storage, digital signatures/hashes, and authenticated outputs that support customers seeking BS 10008 compliance or certification.

Specifics: 
Digital signature (hash) per recording, audit logs for access/sharing, controlled exports (WAV/MP4 with metadata), shared links with centralized management, retention/legal hold policies, and BYOS for provenance.