Security

Built secure-first. Not retrofitted.

Voice infrastructure carries some of your most sensitive data — customer calls, recordings, authentication codes. We treat it that way from day one, not after the first incident.

Status: all systems operational

Encryption everywhere

✓

SIP signaling

Mandatory TLS 1.2+ over WSS. Plain UDP/TCP SIP is refused at the registrar.

✓

Media (voice & video)

SRTP with DTLS-SRTP key exchange. AES-128/256-GCM. No fallback to RTP-plain.

✓

Conferencing

WebRTC E2E DTLS — every participant has a unique SRTP key, derived per session.

✓

Storage at rest

Recordings, voicemails and AI transcripts encrypted on disk (LUKS at the volume + per-tenant keys at the app level).

✓

Database

TLS to Postgres/MySQL. Per-tenant row-level isolation enforced at the API layer.

Identity & access

✓

Per-device JWT

Each browser/iOS/Android device gets its own RFC 4122 UUID instance and JWT. No shared credentials, no replay across devices.

✓

Argon2id passwords

Modern memory-hard hashing. Brute-force-resistant by construction; tunable cost factor.

✓

Email verification

Required at signup. No active account before the address is proven.

✓

Role-based permissions

SuperAdmin / TenantAdmin / Manager / Operator / Viewer. Per-menu read/write/delete granularity.

✓

Audit log

Every admin action and tenant-scoped state change recorded with actor, IP, user-agent and timestamp.

Network & infra

✓

HTTPS everywhere

HSTS preload, HTTP/2, modern TLS suites only (1.3 + 1.2 PFS). Auto-renewing Let’s Encrypt.

✓

Strict CSP

Content-Security-Policy locks scripts and form-actions to known origins. Frame-ancestors prevents clickjacking.

✓

Fail2ban + rate limits

SIP REGISTER brute-force, login bursts and email-verification spam blocked at the network edge.

✓

DDoS protection

Cloudflare proxy fronts the public sites; SIP/RTP traffic peers through the carrier-grade SBC.

✓

Tenant isolation

PBX configs, call recordings, contacts and conferences scoped by client_id at the database AND API level. Defense-in-depth.

Operational hygiene

✓

Monitored 24/7

Synthetic SIP REGISTER + INVITE every 30s. Recording integrity checks, mailer probes, conf-room health.

✓

Patched weekly

Rolling Rocky Linux 9 with auto-applied security advisories. Asterisk + sip.js bumped on every CVE.

✓

Hardware encrypted

LUKS on every datastore volume. Stolen disk == useless disk.

✓

Backups encrypted

Off-site, encrypted with a key kept off the production network. Tested restoration monthly.

✓

Privacy by default

Self-hosted fonts (no Google CDN), no third-party trackers, no analytics until you explicitly enable it.

Compliance

✓

GDPR

EU data residency option. Per-tenant data export + deletion APIs. Sub-processor list published.

✓

STIR/SHAKEN

Outbound caller-ID attestation for US-bound traffic.

✓

DNC compliance

Per-tenant Do-Not-Call lists + global TPS/FCC sync (US). Pre-call scrubbing for outbound campaigns.

✓

Recording consent

Per-call announcement / per-tenant policy. Recordings tagged with consent flags.

Found a vulnerability?

We pay for responsibly disclosed bugs. Email security@pyfone.com with a PoC and we'll respond within 24 hours.

Disclosure policy