But the client (Cisco software) does the encryption does it not? Therefore it has access to the unencrypted data, therefore can do what it likes with it.
I mean I suppose that's true but that's a terribly weak argument. You could say the same thing about Signal which is considered one of the most secure messaging applications on the market at the moment. It's pretty trivial to monitor network traffic to see that the unencrypted data never leaves your own device