Since its early development, XCALLY has adopted an approach focused on privacy, transparency and security, ensuring the protection of personal data of its customers and users in accordance with international regulations.

These principles are fully aligned with the requirements of the General Data Protection Regulation (GDPR), in force in the European Union since May 25, 2018, but now extended as a global gold standard in many other jurisdictions (e.g. Brazil – LGPD, California – CCPA, India – DPDP Act). XCALLY is committed to comply with the provisions of the GDPR and equivalent regulations globally.

Privacy by design: the heart of XCALLY Motion

Over the years, the team XCALLY has updated procedures, software architecture, and internal policies to ensure that each new version is fully GDPR compliant. With the introduction of XCALLY Motion V3, the commitment has been further strengthened: data protection is now an integral part of every stage of development (“privacy by design“) and daily use of the system.

This means that every function of the system is designed to minimize the processing of personal data, protect access to sensitive information, and ensure that every operation is traceable and documentable.

Advanced security for data protection

To ensure the highest level of data protection, XCALLY incorporates a number of multilevel security measures, all designed to ensure compliance with GDPR and other similar regulations around the world:

  • Periodic, multilevel intrusion detection tests to monitor potential vulnerabilities;
  • Encryption of voice files of recordings, secured by advanced 256-bit AES algorithms;
  • Secure SSL/TLS protocols for all external communications;
  • Support for WSS and HTTPS protocols through the use of WebRTC technology;
  • Transition to secure SIPS and SRTP TLS protocols for Phonebar, reducing the risks associated with using SIP/RTP in the clear;
  • Constant security patch updates, including basic components such as Asterisk, firewall, and operating system.

Password management and encryption: the Security Suite

As of XCALLY Motion version V2.0.52 and later, the Security Suite, an essential module for strengthening internal security and complying with GDPR requirements on passwords, accounts and access:

  • Advanced password management rules (90-day expiration, complexity criteria, blocking failed attempts);
  • Advanced password complexity criteria (minimum length, special characters, upper/lower case);
  • Automatic encryption of voice recordings containing personal data, disableableable only for authorized access via Motion interface.
  • Detailed audit logs to monitor suspicious activities and respond promptly to Data Breaches.

We recommend that you enable all security settings available in the General Settings section > Security to ensure full GDPR compliance and improve resilience against breaches or unauthorized access.

Concrete support for your GDPR compliance

XCALLY is not only GDPR compliant, but is designed to help companies meet their data protection obligations.

Support for DPO and IT teams

The XCALLY platform includes features designed to facilitate the work of the Data Protection Officer (DPO) and the IT department. Among the most appreciated features:

  • Complete audit trails of agent and administrator activities;

  • Export of personal data at the request of the data subject (Art. 15 GDPR);

  • Data lifecycle management, with options for automatic deletion or controlled retention;

  • Automatic notifications in case of critical security events or anomalies.

Frequently asked questions about GDPR compliance with XCALLY

Is XCALLY fully compliant with the GDPR?
Yes. XCALLY Motion is designed according to GDPR principles, with advanced tools to ensure data protection, traceability and security.

Can I use XCALLY in an international context?
Absolutely. XCALLY supports environments regulated by different regulations, with customizable functions for local adaptation.

Are voice recordings secure?
Yes, recordings are automatically encrypted. Only authorized users can access them through the Motion interface.

Can I configure custom security policies?
Yes. The Security Suite allows you to define specific rules for passwords, access, and data retention according to internal policies or regulations.

Conclusioni

In an environment where data protection is central to corporate reputation and compliance, XCALLY represents a secure, up-to-date solution designed with GDPR in mind..
Whether an SME or a multinational corporation, XCALLY helps organizations manage their interactions with customers and end users in a compliant, secure and efficient manner.

To learn more about the GDPR regulation you can consult the full text of the regulation:
EU Regulation 2016/679 – GDPR