Security

Security at Telemancer

We treat telephony data — call recordings, transcripts, billing, CDRs — as some of the most sensitive data your business handles. Every architectural choice we make reflects that.

Transport security

• SIP over TLS 1.2+ on port 5061. UDP/TCP plaintext (5060) is available only on operator opt-in for internal subnets.
• SRTP with AES-128/256 keying on every media leg where the trunk policy is required. We never silently downgrade.
• TLS via rustls — no OpenSSL.
• STIR/SHAKEN verification on inbound, signing on outbound (where regulator-required).

Authentication

• SIP Digest authentication with SHA-256 and MD-5, plus nonce replay detection.
• 5 consecutive failed REGISTER attempts from the same IP triggers a 15-minute block.
• Admin UI uses Argon2id password hashing and short-lived JWTs scoped to a single tenant.
• Per-tenant API tokens with role-based access (admin / read-only / integration).

Tenant isolation

• Every API request carries a tenant_id claim in its JWT. Every query is filtered by it at the application layer.
• Sysadmin role lives in a separate route group (/api/sysadmin/*) — customer tokens physically cannot reach it.
• Recordings, voicemail, and CDRs are stored under per-tenant prefixes with separate IAM where applicable.
• Quotas (concurrent calls, extensions) enforced at admission — never after.

Secret management

• All production secrets (JWT signing keys, carrier API credentials, Stripe keys, cluster secret) live in AWS Parameter Store as SecureString.
• Portal refuses to start in production if the JWT key is still the dev default.
• No secrets in source control. Config supports ${ENV_VAR} substitution.
• The default deployment requires OS-level disk encryption (LUKS, BitLocker, FileVault).

Audit

• Append-only audit log with hash chain. Tampering is detectable.
• Webhook deliveries (billing + carrier callbacks) persist raw payload + signature verification result for replay.
• CDRs are immutable once written. Hourly aggregates separately stored.

Disclosures

We welcome security disclosures — please use the contact form and mark your message "security." We'll acknowledge within one business day and coordinate a fix and disclosure timeline with you.