Enterprise-grade security and compliance, by default.

Cloudax Connect is built for the buyers who care about how the platform handles data — regulated UK and EU enterprises in legal, insurance, financial services and emergency response. We treat security as a first-class engineering surface, not a procurement checklist.

Certifications and accreditations

• ISO 27001 — independently certified information-security management system, audited annually.
• Cyber Essentials — UK government-backed baseline against the most common internet-borne threats.
• UK GDPR & Data Protection Act 2018 — fully aligned, with a published Data Processing Agreement, ROPA and named DPO contact.
• UK Communications Provider — registered with Ofcom; we operate the telephony layer ourselves rather than re-selling someone else's compliance posture.

Data residency and architecture

Customer data is processed in the UK and EU only, on Microsoft Azure's carbon-negative infrastructure. The reasoning layer can be pinned to UK-only model endpoints for customers with strict residency requirements; transcripts, recordings and audit logs are stored in encrypted, region-scoped storage with full retention controls.

Operational controls

• SSO via SAML/OIDC included on every plan.
• Role-based access control and immutable audit logs.
• End-to-end encryption in transit and at rest (TLS 1.3, AES-256).
• Vulnerability management, dependency scanning and quarterly third-party penetration testing.
• Published subprocessor list and 30-day change notification.

Incident response

24/7 on-call rotation, named technical contact for every enterprise customer, and contractually-agreed RTO/RPO targets. Post-incident reviews are shared with affected customers in writing within five business days.