Security and data protection at Icana.AI

CallCoach AI and Chat Analysis are built for Australian regulated environments. This page sets out how we handle data residency, storage, privacy and the compliance frameworks our customers work within.

Data residency and sovereignty

Starter and Team customers can choose the geographic zone where data is stored: Australia, the United States, the European Union, Brazil or Mexico. Business and Enterprise customers have customisable region selection.

Not all Australian-hosted AI is the same. On standard plans, data is stored in the region you select but transmitted via global infrastructure. For organisations that require it, our Enterprise offering keeps data in transit within Australia, so every recording, transcript and insight is processed and transmitted entirely within Australian infrastructure, in transit and at rest.

For organisations operating under APRA, ASIC, or health privacy frameworks, the difference between "stored locally" and "never leaves Australia" is the difference between compliant and exposed. If full data-in-transit residency matters to your review, it is available as an Enterprise feature.

What we store, and what we don't

We value our customers' data security and data residency, and prioritise ensuring the safety of your information. What we retain depends on how calls reach us and which plan you are on.

  • If you upload calls through our upload functionality, your calls and transcripts are stored for 7 days and then automatically deleted. You choose the geographic zone where that data is stored.
  • If you use our integration with your call centre software, we do not store your calls or transcripts at all. CallCoach streams the recordings from your own cloud storage location (AWS S3, Azure Blob or Google Cloud Storage) and analyses them without retaining a copy. The only place recordings are stored at rest is your own cloud storage.
  • Feedback reports (the output of CallCoach's analysis) are stored in our database in Australia, unless you are on a Business or Enterprise plan, in which case the storage region is customisable.

We do not store recordings or transcripts of calls for our CallCoach product, and we do not store personal data from chat conversations analysed by the Chat Analysis extension. CallCoach was designed from the ground up with privacy and personally identifiable information in mind.

We only work with Large Language Model providers that have a strong commitment to privacy and security, and that guarantee data is not used for any purpose other than providing the service to our clients. Our customers' data is not used to train the models.

Privacy

We handle personal information in line with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). Our privacy policy sets out in full how we collect, use and protect personal information.

Call recordings capture live customer conversations, so we treat them accordingly. Our approach to storage, access and retention is designed to keep that exposure as limited as possible.

Compliance framework support

CallCoach supports your team in meeting the frameworks below. It is a quality-monitoring and evidence tool, not a substitute for your own controls.

COPC CX Standard

CallCoach supports operations working to the COPC CX Standard by providing full Transaction Monitoring coverage across every interaction and consistent, attribute-level scoring that can be used as the reference for the calibration sessions the standard expects. This includes Release 8.0, with baseline assessments from May 2026 and all recertifications from January 2027.

PCI DSS

For contact centres handling card payments, CallCoach supports PCI DSS monitoring with regional data hosting options, role-based access and no third-party data sharing. CallCoach complements a PCI-compliant recording platform; it does not replace pause/resume recording controls.

APRA and other regulators

CallCoach is built to support the information security requirements of APRA-regulated customers, and helps APRA-regulated contact centres in banking, insurance and superannuation meet conduct and disclosure obligations. It also supports teams working under ASIC, the OAIC and sector-specific frameworks through configurable scoring criteria.

CallCoach supports your team in meeting these frameworks. Icana.AI is not a certifying body and does not claim COPC or PCI DSS certification on your behalf. Terms such as Transaction Monitoring, CSS and KCRP belong to the COPC CX Standard. Icana.AI is not affiliated with COPC Inc. and does not award certification.

Who we are

Icana.AI is a registered business name of MoreTime Pty Ltd, an Australian company. You can verify our details on the Australian Business Register (ABN 23 656 757 201).

For procurement and AI-governance reviewers

If your legal, compliance or AI-committee review needs specifics beyond what is on this page, we are happy to work through them with you. Tell us about your industry, data-residency requirements and the framework you report against, and we will respond with the detail your review needs.