Data handling and compliance controls
Use this page to align OXVO usage with internal security and privacy policy.
Where to find it
Use Settings → Security for authentication controls and Session Replay settings for privacy controls.
When to use it
Use this guide before production launch, during security reviews, and when adding new integrations or data fields.
Data classes in OXVO
- Conversation content and metadata
- Contact and company attributes
- Session replay data and events
- Integration payloads and webhook deliveries
Configure control areas
Encryption And Secrets
- Configure encryption keys for sensitive application features.
- Store secrets in secure runtime configuration, not source code.
Access Control
- Use least-privilege custom roles where available.
- Restrict Sessions and live assist access.
- Review admin grants on a fixed schedule.
Privacy In Sessions
- Configure masking before rollout.
- Limit metadata to operationally necessary fields.
- Apply retention policy based on legal and business requirements.
Integrations And Webhooks
- Minimize payload fields sent to external tools.
- Enforce HTTPS and receiver-side validation.
- Track failure/retry behavior in logs.
Tips and edge cases
When unsure whether a field should be stored, treat it as sensitive and exclude it until policy approval is documented.
Internal compliance runbook inputs
Document these for audits:
- Role matrix and review cadence
- Data retention schedule
- Incident response process
- Third-party integration inventory
Note: Compliance obligations depend on your jurisdiction and policy framework; map this guidance to your legal requirements.