iCallU.online
iCallU Security Model � E2EE & Privacy

Security model

iCallU is designed as a privacy-first communication app. When End-to-End Encryption (E2EE) is enabled, your media is encrypted on your device and decrypted only on the recipient's device.

What E2EE means here

  • Key agreement: devices negotiate encryption keys directly (e.g., X25519). The server cannot derive the same keys.
  • Key derivation: session keys are derived with a KDF (e.g., HKDF-SHA-256) and rotated per session.
  • Authenticated encryption: messages/media use AEAD (e.g., AES-GCM) so tampering is detected.

What the server can and cannot see

  • Can see: connection metadata needed to route signaling (ICE candidates, offer/answer), basic rate limits.
  • Cannot see (with E2EE): call audio/video contents, message contents, encryption keys.

Note: No system can make every metadata signal disappear on the internet. We minimize what we collect and store.

Try a safe public demo

See the cryptographic building blocks in action (no server, no accounts): E2EE Demo