DataStoragePolicy

Version 9 (Adrian Georgescu, 06/04/2013 01:21 pm)

1 5 Adrian Georgescu
h1. SIP2SIP Data Privacy and Storage Policy
2 1 Adrian Georgescu
3 7 Adrian Georgescu
SIP2SIP server infrastructure relays and stores information provided by end users. If you are concerned about privacy of your own data and how it is used inside the platform, read below.
4 1 Adrian Georgescu
5 1 Adrian Georgescu
h2. SIP Accounts
6 1 Adrian Georgescu
7 8 Adrian Georgescu
Accounts information is stored in the platform database. SIP account and SIP Settings web page passwords are stored in encrypted form in the database. There is a salt involved but in case of database being compromised the salt can be also retrieved. It is advisable to use strong passwords that cannot be guessed by dictionary brute force attacks.
8 1 Adrian Georgescu
9 9 Adrian Georgescu
h2. SIP Signaling
10 2 Adrian Georgescu
11 2 Adrian Georgescu
Signaling can be done in clear text using UDP and TCP protocols. You may use TLS for encrypting data between the end points and platform SIP servers. There is no guarantee that encryption will work end-to-end, the SIP signaling part of the platform provides only hop-by-hop signaling security.
12 2 Adrian Georgescu
13 9 Adrian Georgescu
h3. Sessions
14 1 Adrian Georgescu
15 9 Adrian Georgescu
All SIP signaling for session establishment relayed by the platform SIP servers is stored in cleartext for the last 30 days in platform databases. Both end-users and platform operator has access to this information for troubleshooting purposes.
16 1 Adrian Georgescu
17 9 Adrian Georgescu
h3. Registration
18 9 Adrian Georgescu
19 9 Adrian Georgescu
No information is stored in the platform.
20 9 Adrian Georgescu
21 9 Adrian Georgescu
h3. Presence
22 9 Adrian Georgescu
23 9 Adrian Georgescu
Subscribe/Notify dialogs and related presence payloads are not stored in the server databases.
24 9 Adrian Georgescu
25 1 Adrian Georgescu
h2. Call Detail Records
26 1 Adrian Georgescu
27 2 Adrian Georgescu
Call Details Records are stored for up to six months in clear text format in platform databases.
28 1 Adrian Georgescu
29 1 Adrian Georgescu
h2. Offline Short Messaging
30 1 Adrian Georgescu
31 2 Adrian Georgescu
Messages sent using SIP MESSAGE method that cannot be delivered to local users of the platform are stored for later delivery in cleartext format in the platform database.
32 1 Adrian Georgescu
33 9 Adrian Georgescu
h2. RTP Media
34 1 Adrian Georgescu
35 1 Adrian Georgescu
RTP streams are relayed by platform media relays. Actual data is not stored or copied anywhere. You may encrypt your data using sRTP but the encryption key is available in the signaling. Whomever has access to the signaling can potentially be able to decrypt any sRTP encrypted stream. If your end-points supports zRTP, the key is known only by the clients.
36 2 Adrian Georgescu
37 9 Adrian Georgescu
h2. MSRP Media
38 1 Adrian Georgescu
39 9 Adrian Georgescu
h3. Chat Messages
40 9 Adrian Georgescu
41 2 Adrian Georgescu
MSRP chat sessions are done over TLS connections via the platform MSRP relay servers. The content of the messages is not logged or stored anywhere.
42 2 Adrian Georgescu
43 2 Adrian Georgescu
Blink users can replicate the chat messages between multiple instances configured with the same account. The replicated chat messages are stored for 60 days in encrypted form in platform databases. The encryption key is not known by the server, only Blink clients posses the encryption and decryption key. If you are concerned about privacy you may disable chat replication in Blink.
44 2 Adrian Georgescu
45 9 Adrian Georgescu
h3. File Transfers
46 2 Adrian Georgescu
47 2 Adrian Georgescu
MSRP file transfer sessions are done over TLS connections via the platform MSRP relay servers. The content of the files is not logged or stored anywhere.
48 2 Adrian Georgescu
49 6 Adrian Georgescu
h2. XMPP Gateway
50 1 Adrian Georgescu
51 6 Adrian Georgescu
All chat messages and presence payloads are relayed through the SIP/XMPP gateway. Message content is not stored anywhere. 
52 6 Adrian Georgescu
53 6 Adrian Georgescu
h2. Protecting Privacy
54 6 Adrian Georgescu
55 1 Adrian Georgescu
To protect your data against being exposed over the Internet, do the following:
56 2 Adrian Georgescu
57 2 Adrian Georgescu
 * Use TLS for SIP signaling
58 6 Adrian Georgescu
 * Use zRTP for audio and video media if your end-points support it otherwise use sRTP
59 2 Adrian Georgescu
 * Use TLS for MSRP media