Security
How we protect your data, your tenants, and your calls.
Tenant isolation
Per-tenant DB scoping, R2 prefixes, scoped API tokens. Cross-tenant access is impossible by design.
Authentication
Auth.js (NextAuth v5) with bcrypt password hashing, configurable MFA, JWT sessions.
RBAC
Atomic permissions: resource:action:scope. Built-in roles + custom roles per tenant.
Infrastructure
TLS for SIP (TLS+SRTP), WSS for WebRTC. Self-hostable. No data leaves your infrastructure.
Fraud detection
Anomaly rules with kill-switch actions. Per-tenant CPS and concurrent limits.
Audit log
Every privileged action is logged with user, IP, timestamp. Immutable retention.
Responsible disclosure
Found a security issue? Email security@your-domain.com. We respond within 24h.