Security Policy at Wildix
This document provides information on built-in security features of the Wildix system, ISO compliance and GDPR.
Related documentation: Wildix Security Standards and Products Overview
Created: April 2018
Updated: November 2025
Permalink: https://wildix.atlassian.net/wiki/x/pQvOAQ
Introduction
Security is a top priority for Wildix and all the security features are built-in inside the product, which means the Wildix System is Secure By Design and security is not delegated to third party devices.
Secure By Design means that each customer's system is hosted in the AWS Cloud as a dedicated, single-tenant PBX instance, fully isolated from other environments. This architectural model ensures that any incident affecting one system cannot impact others. Every customer receives their own independent PBX environment — isolated, secure and fully configurable, combining the flexibility of a private Cloud with the efficiency and simplicity of centralized Cloud management.
All Wildix products are regularly controlled for security breaches and upgrades are made available whenever any breaches are discovered in Wildix services or in third party libraries used by the system.
Check our Trust Center https://trust.wildix.com/ to learn more about our security controls.
Security measures in place
We support the following security and encryption protocols and reporting tools:
Single Sign-On with Active Directory, Google, Microsoft Office 365
2 Factor Authentication when using Google, Microsoft Office 365 Single Sign-On
SHA-512 hashing + salt, for storing user passwords securely
TLS encryption of HTTPS traffic to the PBX, screen sharing sessions, Wizyconf conferences
SIP TLS - SIP signalling over TLS
SRTP - SDES-AES 128 encryption of voice / audio, including Wizyconf conferences
DTLS-SRTP - TLS encryption of voice / audio, including Wizyconf conferences
VPN AES encrypted traffic between PBXs
LDAP via TLS
SMTP / IMAP / POP3 connections over TLS
SSH console access
Intrusion detection over all services managed by the PBX (SIP / RTP / DNS proxy / NTP / Web)
DoS protection over all services managed by the PBX (SIP / RTP / DNS proxy / NTP / Web)
SIP SBC built in
Protection against cross-site request forgery (CSRF) attacks
Requirement for secure passwords
Support for Zabbix monitoring
Report of intrusion attempts detected within the System
All these security measures are enabled by default on all Wildix Phones and Media Gateways connected to the system. All Wildix Phones and Media Gateways cannot be accessed by using Master Passwords.
Check of certificates
PBX certificates and licenses are checked daily. The PBX TLS certificates are generated automatically and updated every two months if the PBX is reachable via the internet via https. In case the PBX is not reachable via internet, a certificate must be loaded manually and then updated before its expiration. The daily check makes sure that:
the system is running with valid certificates (this means that all the customers are communicating without the risk of their communications being intercepted)
the system has not been duplicated (this prevents the risk of a man-in-the-middle attack)
the software version running on the system is not known for security issues, otherwise an alert informs the system administrator that the system must be upgraded (failing to do so can lead to the system to disable certain features that were detected as the ones that could expose the system to risk)
the system is running within acceptable performance parameters (memory and CPU), otherwise an alert informs the system administrator that the underlying HW or Virtual environment must be improved
Technical details:
The check is executed daily at a random time, this can be modified to run at a regular time or day of the week
The connection is made to the server api.wildix.com; optionally via an http proxy
The protocol used is based on HTTPS with high level encryption, no incoming connection is needed for the system check to work; the protocol can also work through a customer’s web proxy
The average data size exchanged on the connection is 2 Kb daily
The system ignores a failed connection attempt for up to 14 days; it is possible to keep the system offline and reconnect it to the Internet at least once every two weeks
After 14 days offline the system limits available features to guarantee the customer safety. An alert is given to the users of the system. To restore a full operational system it is sufficient to permit the outbound connection and sync licenses in WMS (Refresh via Internet option on the page Activation / Licenses)
2FA and location-based MFA security methods
Two-factor (2FA) and multi-factor authentications (MFA) are security mechanisms that require users to provide two or more means of identification before accessing a system or application. At Wildix, we support methods that include authentication via email, SMS, external applications, and location-based authentication:
Email and SMS-based 2FA involve sending a unique code to user's email or mobile device. After receiving the code, users need to enter it for access to Collaboration
External applications, such as Google Authenticator or Windows Phone Authenticator, generate a time-based one-time password (TOTP) that users enter to authenticate for access to Collaboration
Location-based MFA works by using users' location to confirm their identity. This method relies on their physical location, determined by their IP address. If the IP address appears to be from an unfamiliar location, users need to confirm the IP address via email
The main difference between location-based MFA and other forms of 2FA is that the former is implemented at the system level, meaning it is enabled for the entire PBX. This means that all users who access the system are required to complete the location-based MFA process. 2FA via email, SMS, or external application is typically enabled by individual users on their own accounts. This means that users can choose to enable 2FA on their own accounts as an additional layer of security, and, if required, it can also be enforced by an admin via WMS.
Starting from WMS 7.01, location-based multi-factor authentication for Collaboration is enabled by default.
WebRTC Security
Wildix Wizyconf videoconference, same as Wildix WebRTC phone in Collaboration use WebRTC for audio and video communications. WebRTC was born as open source project and is still under active development, however security measures were in place from the very beginning. WebRTC offers security "out-of-the-box" and in fact, this is one of the reasons why Wildix opted for WebRTC back in 2012 when we launched the Kite project and then, in 2015, we made it our technological choice, when we released the first WebRTC phone available directly in Collaboration web interface.
Here are several important points about WebRTC security:
WebRTC is not a plugin or a program installed on PC, security of WebRTC is contained directly within the browser (and, by the way, browser vendors take security seriously)
No installation or upgrade of components is required, in case user's PC is infected by a virus or spyware, WebRTC communications are not affected by this
If any security threat is found, it normally gets fixed very quickly and becomes available at once, user doesn't have to wait for it and install it, all WebRTC components are offered as part of a browser and they are updated as soon as the browser is updated (by the way, most modern browsers auto-update themselves)
There is no way some website could use microphone and webcam without user's permission, since WebRTC application requires the user to explicitly give permission to use camera or microphone (in addition, WebRTC applications explicitly show to the user when the microphone or camera are being used)
All media streams sent via WebRTC are encrypted using DTLS and SRTP making wiretapping, tampering and eavesdropping impossible (so-called "handshakes" are performed between the parties who are establishing a communication)
In case servers are used (e.g. TURN), they do not decode the application data layer and do not touch DTLS encryption, they cannot modify or get access to the information that is exchanged between the peers
To learn more about WebRTC security:
download the white paper: https://drive.google.com/drive/folders/10GDeY0myvMlqDd5j9fDaM3NNkVXCBXUD?usp=sharing
read the blog post: https://blog.wildix.com/what-is-webrtc-and-is-it-safe/
Security vulnerabilities report
Vulnerabilities and questions about privacy must be communicated using the following email security@wildix.com, we have a Bug Bounty Program in place. The reward will depend on the importance of the problem found. See Wildix Bug Bounty Program document for more details.
Reasons to contact us at security@wildix.com:
I’m experiencing a security problem with my Wildix account
I want to report a technical security bug in a Wildix product (WMS, Collaboration, WMP, Kite, Wizyconf, WP, iOS / Android Wildix apps)
I have a privacy doubt or a privacy-related question about Wildix products and services
Wildix Cloud and ISO 27001, 22301 compliance
Wildix Cloud services are located in data centers that undergo ISO 27001 and ISO 22301 audits. These data centers share hosted facilities space with the world’s largest Internet companies. The geographic diversity of these locations act as an additional safeguard which minimizes the risk of service interruption due to natural disasters.
SOC 2 Type 1
SOC 2 is a standard developed by the AICPA that defines how service organizations should manage customer data based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.
Wildix has completed a SOC 2 Type 1 audit, verified under ISAE 3000 standards, and received the official assurance report, confirming our commitment to strong security, privacy, and compliance controls.
Privacy and GDPR Security
Note: Article 4 of the EU General Data Protection Regulation defines data controllers and data processors as below:
(7) ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
(8) ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Both Wildix and all the System Integrators (Wildix Business Partners) who process data of customers residing in the European Union (regardless of whether the data processing takes place in the EU or not), are Data processors.
In regards to GDPR that comes in force in 25 May 2018, Wildix provides many features which are automatically active or that can be activated to make sure the services provided by Wildix and Wildix Business Partners comply with GDPR requirements:
SIP Proxy logging: information about new SIP registrations (from user, from name, user agent) is now logged with default debug level (WMS-4295)
Collaboration / WMS connections logging: information about connections is now written to syslog (remote IP, port, username, auth method, login / logout / login failed) (WMS-3986)
Added the possibility to use Remote syslog (Rsyslog) in addition to local syslog (WMS-3987)
Records containing personal data must be treated with caution, by introducing a remote syslog you make sure that in the event your system has been hacked, 1) a hacker doesn’t get access to the syslog 2) a hacker does not delete the syslog
All conference recordings and files are automatically deleted after 6 months (WMS-4347)
GDPR - Right to be forgotten
Added an option to auto-delete CDR, chats / Kite chats, voicemails and call recordings in WMS Settings -> PBX -> Call and chat history after a period of time (WMS-4090; WMS-4084)
GDPR - Right to be forgotten
Added the possibility to delete all contacts from the phonebook in WMS -> Users -> Phonebooks (WMS-3901)
GDPR - Right to be forgotten
Files shared via the system are automatically deleted after 6 months
GDPR - Right to be forgotten
Contacts imported from Outlook / Google are automatically deleted
GDPR - Right to be forgotten
Contacts, previously imported from an external database / backend via WMS are automatically deleted, if not received during the cron job (existed always, to implement - check the box “Remove existing contacts which are not received from the backend” in WMS - Users - Phonebooks - Import)
GDPR - Right to be forgotten
Added CSRF attack protection via domain whitelist added in WMS Settings - PBX - Security: any WebAPI / PBX API integration will stop working if the domain is not added to the list (WMS-3985)
AI Features Security
Wildix products offer a number of AI-powered features, e.g. transcriptions, Voice automation agents, Sales Intelligence for enhanced productivity and improved customer service. To ensure secure usage of the AI features and data privacy, Wildix has entered into a Data Processing Addendum (DPA) with the following providers used within Wildix services:
Name | Purpose | Data Shared with Subprocessor |
|---|---|---|
Amazon Web Services |
|
|
OpenAI |
|
|
Google Cloud Platform |
|
|
ElevenLabs |
|
|
This ensures that all data handling practices align with the requirements of the General Data Protection Regulation (GDPR). By establishing a compliant framework with OpenAI and other providers, Wildix safeguards user data while leveraging advanced AI capabilities with full respect for user privacy.
Importantly, any data processed through the AI services is not used to train or improve OpenAI and other models, further ensuring the confidentiality of customer information.
Sales Intelligence Security
In the table below, you can find an overview of Sales Intelligence, including its purpose, intended use, data flows, security safeguards, etc.
Section | Description |
|---|---|
Purpose and tasks of the system
| Analysis of calls and video conferences for insights. Key features: automatic transcription, summaries, highlights, CSAT and sentiment analysis. |
Intended use | Used by sales managers and teams to:
|
Providers / Dependencies | External GPAI or services used:
|
Limitations / AUP | Restrictions and prohibited uses:
|
Data inputs | Data processed:
|
Data outputs | System outputs:
|
Data flow |
|
Security measures |
|
Transparency to users |
|
Compliance contacts | Contact points for compliance inquiries: privacy@wildix.com, security@wildix.com |
Multi and Single-tenant model
At Wildix, system components are deployed using a combination of single-tenant and multi-tenant architectures. This model is designed to meet requirements for security, performance and scalability across diverse deployment environments.
Single-tenant
Wildix PBX system operates on a single-tenant model, meaning that each customer is provided with a dedicated PBX instance hosted in the Wildix Cloud on AWS. This ensures full isolation of resources, configurations and customer data.
Features:
Each customer has its own independent PBX environment
Users, extensions, call routing, ACLs (Access Control Lists) and other WMS settings are fully isolated from other customers
The customer can independently manage updates, configurations, within security and operational guidelines
Advantages:
Security and data isolation: No risk of data overlap or cross-tenant access
Customization and flexibility: Easier to adapt the PBX to specific customer requirements (e.g., custom Dialplans, integrations, security policies)
Dedicated performance: Resources are reserved per customer, eliminating resource contention risks
Regulatory compliance: Simplifies adherence to data protection and privacy regulations (e.g., GDPR), as customer data remains within an isolated instance
Virtualization and Private Cloud Deployments
Wildix PBX is designed to adapt to different security and infrastructure needs. In addition to being hosted in the Wildix Cloud on AWS, a PBX instance can be deployed as a virtual appliance on a customer's own infrastructure or datacenter. This flexibility allows customers with strict data sovereignty, compliance, or network policies to retain full control over their communications environment while benefiting from Wildix's unified architecture and continuous security updates.
Features:
Deployable on major hypervisors: VMware, Microsoft Hyper-V, Proxmox VE, KVM and other virtualization platforms
Multi-tenant
x-bees, Collaboration 7 and x-hoppers apps operate on a multi-tenant architecture. In this model, multiple customers share the same system infrastructure, while logical partitioning ensures data and configuration separation.
Features:
Customer environments are hosted within a centralized Wildix service cluster, but data, access and configurations are strictly isolated through enforced logical separation
A single software version is centrally managed and maintained by Wildix
Security controls, authentication and encryption apply per tenant to maintain confidentiality and integrity
Advantages:
Simplified maintenance: Centralized updates, backups or security patches are applied consistently across all tenants, reducing operational risk
Consistent security posture: All tenants benefit from uniform security updates, monitoring, and compliance controls
Frequently Asked Questions
High-level details
Questions | Answers |
|---|---|
What are the information flows within the system and between it and other services? |
|
What are the principle methods of transporting information? |
Note: 80 and 443 ports can be changed. |
Are the data shared with any other third parties? | No. |
What firewalls or network control measures are used to protect the system/data? | SIP firewall in PBX and high security by design with passwords and 2factors protection. Data firewall remains important on remote site. |
Is the system ISO 27001 compliant? | Yes. See this chapter. |
Access Control
Questions | Answers |
|---|---|
Which access methods are available to access the system? |
Note: Details can be found in WMS Start Guide. |
What system enforced password settings are active for users?
|
|
What additional measures are in place to secure administrator accounts. (e.g. stronger passwords or crypto keys required to access systems) |
|
Is two-factor auth mandatory? | It can be mandatory, managed by ACL rules. |
How does the system hand out the necessary privileges for users to gain the correct access to information? How does it prevent access to the wrong material? | Admin can limit/ allow access to certain PBX services and features by ACL rules. |
How can unauthorised access be detected? |
|
What logs are kept of successful/ unsuccessful usage attempts? | System logs (including all attempts). |
Disaster recovery and backups
Questions | Answers |
|---|---|
What method is used to secure archive historic material and data? | Automatic backups configuration. Note: Consult WMS Start Guide for details. |
How the system is restored (either from backup or a rebuild from scratch) to a known working state? |
|
What is the backup retention period? | Two weeks for a snapshot, the snapshots are scheduled weekly on Sunday evenings. PBX configuration backups can be taken daily / weekly / monthly from the PBX’s WMS interface. |
Is there a testing processed for backups? How often do you test the restoration process? | Configuration backups can be restored through the WMS interface, these are tested regularly. A snapshot backup can also be restored through a request in critical instances via our SRE team. |
How do you secure against:
| Wildix advices to activate warranty.
|
Data Privacy
Questions | Answers |
|---|---|
What data does the system store? | Chat history and calls stats in CDR-View 2.0. |
What User Generated Content does the system collect and/ or host? |
Note: Chat, calls or phonebooks modification can be forbidden by ACL rules. |
What security measures are in place to protect the data? | Encryption at rest is implemented with a separate key for each single tenant. It encrypts Block Object Storage. This means data could not be used in the case of someone having access to the Storage with elevated permissions. |
What are the data retention time limits implemented by Wildix with regards to personal data at stake? | The maximum retention period of any client system operational activity data that may contain personal information is 2 months. At the same time, we make every reasonable effort to clean up the data we are storing. An exception is financial/billing data stored in a period according to the legal issues of the company's residential country. |
How is the data archived and where? | As the retention period of operational data is only 2 months, we don't archive it, using sharding to ensure integrity and fault tolerance. |
How the data is destroyed when no longer needed and what data retention periods are observed? |
|
Do you have any modus operandi? | No, but we use OWASP procedures as an approach to describe threat agents in threat modeling and risk rating procedures. There are these procedures: |