CXEX Privacy Policy

Protecting personal information with industry-leading security practices

Quick Navigation

Policy Statement

CXEX Pty Ltd (“CXEX”) is committed to protecting the privacy and security of the personal information we process on behalf of our clients.

CXEX operates a speech analytics platform called AutoInsights, which processes recorded customer interactions to deliver insights through artificial intelligence (AI), natural language processing (NLP), and machine learning (ML) technologies.

CXEX acts as a Data Processor, providing services to organizations in industries such as:

Finance
Insurance
Retail
Utilities
Public services

These organizations (our clients) act as Data Controllers, defining the purposes and legal bases for processing personal data.

Regulatory Compliance

CXEX complies with all applicable data protection laws, including:

Types of Personal Information Collected

CXEX processes personal information primarily through:

Audio call recordings and transcripts
Agent and customer names (as determined by the client)
Call metadata (timestamps, duration, direction, agent ID)
Analytics results from AI tools (summaries, issue detection, sentiment analysis)

Important:

We do not collect sensitive information unless explicitly required by our clients and covered under contractual terms and local law.

Collection and Processing

CXEX only processes personal information under instruction from the Data Controller. Clients are responsible for:

Obtaining necessary consents
Ensuring lawful processing
Determining data retention periods

CXEX may collect data from:

Client systems and call recording platforms
Integration partners (AWS Connect, Genesys, 3CX, etc.)
Direct uploads via our secure client portal

Use and Purpose

Personal data is processed solely for:

Delivering speech analytics and performance reporting
Generating summaries and insights to improve operations and customer experience
Supporting client compliance, training, and quality assurance efforts

Restricted Use:

CXEX does not use personal data for advertising or unrelated purposes.

Data Storage and Regional Hosting

AutoInsights is hosted on AWS infrastructure and is FTR Certified. We deploy regionally to maintain data residency:

USA Clients

AWS U.S. Regions

UK & EU Clients

AWS London or Frankfurt

Australia

AWS Sydney

South Africa

AWS Cape Town

Data Transfer:

No customer call recordings or analytics data are transferred across regions unless contractually agreed.

Security and Certifications

CXEX takes a security-first approach. Our safeguards include:

ISO 27001:2022 certification (audit completed May 2025)
Planned SOC 2 Type II certification (target: January 2026)
Continuous monitoring via Vanta, including automated evidence collection
Penetration testing (Completed May 2025)
Data encryption (AES-256) at rest and in transit
Access controls, MFA, and secure audit trails

Privacy and Ethical AI

CXEX follows privacy-first principles in AI design:

Preprocessing steps may ensure PII redaction (excluding agent names, unless requested)
Human-in-the-Loop (HITL) testing and quarterly reviews ensure fairness and accuracy
Emotion detection tools are optional and only activated by the client

We are aligning our internal practices to ISO 42001 (AI Management Systems), including Responsible AI oversight and auditability.

Rights and Access

We support our clients in fulfilling data subject rights, including:

Access, correction, or deletion of personal data
Objections to processing
Data portability (if applicable)

Important:

Data subject requests should be made to the client (Data Controller). CXEX will assist upon request.

Contact and Complaints

For privacy concerns, please contact:

Privacy Officer

Complaints can also be directed to the Office of the Australian Information Commissioner (OAIC), ICO (UK), or relevant data protection authorities.

Changes to This Policy

This Privacy Policy is reviewed annually and updated as needed to reflect regulatory and operational changes.