Security

Transport & media

• HTTPS (TLS 1.2+) for every API call.
• WSS for SIP signalling — no plaintext UDP from the client.
• SRTP for voice media (DTLS-SRTP key agreement).
• Certificate pinning in mobile builds for voice-control + Transcenda ID.

Storage

• AES-256 at-rest on managed Postgres (Hetzner / Contabo EU).
• Field-level encryption (AES-GCM) for SIP passwords and Twilio sub-account secrets.
• iOS Keychain / Android Keystore for refresh tokens on the device. AsyncStorage is never used for credentials.

Authentication

• OIDC + PKCE through Transcenda ID (Keycloak) for the public app.
• Optional biometric app-lock (off by default; user enables in Settings).
• Auto-logout after 30 days idle.
• Active-session list visible in Settings; revoke any session from any device.

Operations

• Annual third-party penetration test of the auth + invite endpoints.
• Rate-limiting on every public endpoint (login, redeem-invite, branding lookup).
• Crash reporting via Sentry with PII filtering at the SDK boundary.
• 13-month internal audit log.

Reporting a vulnerability

We have a coordinated disclosure policy. Email security@transcenda.io with reproducible steps. We respond within 1 business day. We don't pursue researchers acting in good faith.

See also /.well-known/security.txt.