CafeX Security Compliance programs

We believe in honesty and transparency with all our customers, this site has been designed to show how we are protect your data, how it’s managed and how we comply with international compliance programs.


Our move to to software as a service has driven the need to demonstrate publicly to our customers that we adhere to industry accepted standards for information security. Our goal is to give all our stakeholders confidence that we have world class  IT security policies and procedures across the business.

ISO 27001 is a globally recognised certification, which means wherever our customers are located they can be assured that CaféX adheres to a consistent set of standards approved worldwide..

Our ISO27001:2013 certificate of compliance is available here


To ensure credit card data security we have undergone PCI-DSS compliance

Our PCI Certificate is available here

EU-US Privacy Shield

We operate across the globe and serve customers in the United States and The European Union, CaféX is registered under The Department of Commerce EU-US Privacy Shield for the EU.  Our policy can be found here .


CaféX Communications are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR.

CaféX are dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation. Our preparation and objectives for GDPR compliance have been summarised in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.

For more information please click here

Requests for information on our GDPR compliance status should be directed to Information Security & Compliance Officer.

HIPAA Through the business associate agreement (BAA)

To comply with the requirements of HIPAA in the US, CaféX Communications executes a Business Associate Agreement (BAA) with HIPAA-covered entities in the Health and Medical services industry. We sign a HIPAA Business Associate Agreement (BAA) with our healthcare customers meaning we are responsible for keeping your patient information secure and reporting security breaches involving personal healthcare information.  We do not have access to identifiable health information and we protect and encrypt all chat, audio, video, recordings and screen sharing data.

CafeX understands and have controls in place (implemented with our SOC2 and ISO27001 standards) to meet the standards required by HIPPA surrounding confidentiality, integrity, and availability of all data including controls surrounding CafeX workforce.

SSAE 16 SOC2 Type 1

The successful completion of our SOC 2 ® Type I examination audit provides our clients with the
assurance that the controls and safeguards we employ to protect and secure their data are in line industry
standards and best practices

Our Certificate is available here

Our Type 1 report is available subject to NDA, please contact your account manager or email