CafeX Security Compliance programs

We believe in honesty and transparency with all our customers. This site has been designed to show how we are protect your data, how it is managed and how we comply with international compliance programs.


Our move to software as a service has driven the need to demonstrate publicly to our customers that we adhere to industry accepted standards for information security. Our goal is to give all our stakeholders confidence that we have world class  IT security policies and procedures across the business.

ISO 27001 is a globally recognised certification, which means wherever our customers are located they can be assured that CafeX adheres to a consistent set of standards approved worldwide.

Our ISO27001:2013 certificate of compliance is available here


To ensure credit card data security we have undergone PCI-DSS compliance by completing the Attestation of Compliance for Self-Assessment Questionnaire A.  As part of our security management system we have a Payment Card Security Policies (1.2 – 2021-01-07) which is reviewed at least annually to attest to credit card security requirements as required by the Payment Card Industry Data Security Standard (PCI DSS) Program.

EU-US Privacy Shield

We operate across the globe and serve customers in the United States and The European Union. CafeX is registered under The Department of Commerce EU-US Privacy Shield for the EU.  Our policy can be found here.


CafeX Communications is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place that complies with existing law and abides by data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of GDPR.

CafeX is dedicated to safeguarding the personal information under our remit and developing a data protection regime that is effective, fit for purpose, demonstrating an understanding of, and appreciation for, the new Regulation. Our preparation and objectives for GDPR compliance have been summarised in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.

For more information please click here

Requests for information on our GDPR compliance status should be directed to the Information Security & Compliance Officer.

HIPAA Through the business associate agreement (BAA)

To comply with the requirements of HIPAA in the US, CafeX Communications executes a Business Associate Agreement (BAA) with HIPAA-covered entities in the healthcare and medical services industry. We sign a HIPAA Business Associate Agreement (BAA) with our healthcare customers, meaning we are responsible for keeping your patient information secure and reporting security breaches involving personal healthcare information.  We do not have access to identifiable health information. We protect and encrypt all chat, audio, video, recordings and screen sharing data.

CafeX understands and has controls in place (implemented with our ISO27001 certification) to meet the standards required by HIPAA surrounding confidentiality, integrity, and availability of all data, including controls surrounding the CafeX workforce.

Last Updated – Neil Ellis – 2021-01-07