Security FAQ

Can iCallU.online read my calls?

With optional end-to-end encryption (E2EE) enabled, call media is encrypted end-to-end between participants, so servers cannot decrypt it. Servers relay signaling and (when needed) encrypted packets for routing. Verify related docs in the Security Hub and Logging policy.

Do you record calls?

No - iCallU.online does not store call audio/video content. Definitions, scope, and retention (if any) for operational logs are documented. See Logging policy.

What metadata exists?

All internet communication exposes some metadata (for example: IP routing, timing, and connection diagnostics). iCallU aims to minimize what it collects and avoid third-party analytics where possible. See Logging policy and Privacy policy for details.

What if your servers are compromised?

If E2EE is enabled, a server compromise is less valuable because content keys live on user devices, not the server. Attackers could still target operational data (like logs/config), which is why data minimization and documented retention matter. See Security Hub and Logging policy.

Why is TURN used sometimes?

TURN is used when direct peer-to-peer paths fail due to strict NAT/firewalls, so media is relayed to ensure the call connects. TURN relays encrypted RTP packets for connectivity; it does not decrypt E2EE content. See Security Hub.

Where can I verify these claims?

Start with the Security Hub for an overview, then read the Logging policy for concrete definitions and retention. The Privacy policy documents data handling commitments. If you publish whitepapers or crypto demos, link them here as primary references.

How to verify quickly

• Security Hub - overview, threat model, and security controls
• Logging policy - definitions, scope, retention, exceptions
• Privacy policy - data handling commitments
• Whitepapers - deeper technical references (if applicable)
• Crypto demos - demonstrations and educational references (if applicable)