Data Encryption Policies

This article serves to cover the encryption of data at bvoip

Updated at January 16th, 2025

Encryption in Transit

All sensitive data handled by the bvoip team is encrypted in transit using modern TLS standards.

Phone systems, SIP Trunks, and physical devices do not use Secure SIP with TLS by default, as it can cause call quality and latency issues. This also requires additional configuration and can limit some capabilities like automatic device provisioning.

You can reach out to our Support for details on enabling this, but some key notes are below.

  • Our support team needs to enable the Secure SIP protocol on the backend.
  • Enabling secure connections for physical phones requires a Session Border Controller (SBC) local to the network where the phones reside. An SBC is required for every network where a phone will live, however some phones can act as SBCs themselves, though it isn't recommended except for remote user scenarios.
  • Enabling secure connections for SIP Trunks has seen instability or complete lack of support depending on the provider. You may need to move to a different SIP Trunk provider depending on their supported capabilities.
  • It is crucial to note that once it leaves your trunk providers network, there is no guarantee that the call remains encrypted. All calls that transact on the public switched telephone network (PSTN) will be unencrypted.

Encryption at Rest

As part of our 2024 infrastructure project we migrated all customer systems to new infrastructure which uses encrypted disks, so all phone systems in all regions are now considered Encrypted at Rest.