Data handling and compliance controls
Use this page to align OXVO usage with internal security and privacy policy.
Where to find it
Use Settings → Security for authentication controls and Session Replay → Replay Settings for privacy controls.
When to use it
Use this guide before production launch, during security reviews, and when adding new integrations or data fields.
Data classes in OXVO
- Conversation content and metadata
- Contact and company attributes
- Session replay data and events
- Integration payloads and webhook deliveries
Configure control areas
Encryption And Secrets
- Configure encryption keys for sensitive application features.
- Store secrets in secure runtime configuration, not source code.
Access Control
- Use least-privilege custom roles where available.
- Restrict Sessions and live assist access.
- Review admin grants on a fixed schedule.
Privacy In Sessions
- Configure masking before rollout.
- Limit metadata to operationally necessary fields.
- Apply retention policy based on legal and business requirements.
Integrations And Webhooks
- Minimize payload fields sent to external tools.
- Enforce HTTPS and receiver-side validation.
- Track failure/retry behavior in logs.
Tips and edge cases
When unsure whether a field should be stored, treat it as sensitive and exclude it until policy approval is documented.
Internal compliance runbook inputs
Document these for audits:
- Role matrix and review cadence
- Data retention schedule
- Incident response process
- Third-party integration inventory
Note: Compliance obligations depend on your jurisdiction and policy framework; map this guidance to your legal requirements.