Product Security

Security Policy Controls

Our platform puts a comprehensive set of administrative controls across phone, video and message at your fingertips, such as requiring your meeting attendees to authenticate, limiting who can enable screen sharing, and requiring waiting rooms for your users to approve attendees who can join.

Phone

  • Single sign-on (SSO)
  • Spam blocking (IP auto defense)
  • Block phone numbers
  • Call routing based on business hours
  • Call recording file encryption
  • Enable voicemail PIN
  • Analytics portal
  • Restrict country code dialing
  • Restrict outbound call permission
  • Restrict outbound call frequency
  • End-to-end encrypted (E2EE) calls
  • TLS encryption/SRTP secure voice
  • AI-based spam blocking
  • RoboCall mitigation using STIR/SHAKEN standards
  • Number masking
  • Emergency response locations for E911 calls
  • RAY BAUM’S Act and Kari’s Law compliant
  • Voicemail routing based on business hours
  • 99.999% SLA uptime

Video

  • Single sign-on (SSO)
  • Host password
  • Participant password
  • Enforced end meeting when host logouts
  • Restrict screen sharing
  • Enforce waiting room
  • Restrict meeting attendance to authenticated users
  • Allow user to enable meeting recordings
  • Enable moderator turn on/off video for all participants
  • Moderator remove participants
  • Moderator mute participants
  • Virtual background for privacy
  • Hide meeting ID
  • Control data file sharing
  • Audit trail to track changes
  • Video meeting insight
  • Enable E2EE before meeting
  • Dynamically turn on E2EE
  • TLS/SSL encryption & SRTP secure voice

Message

  • Allow/block list—external guest domains
  • Allow/block list—webmail accounts
  • Clear guest identification within 1:1 and group chats
  • Enforce policies
  • SEA FINRA 17a-4
  • End-to-end encrypted (E2EE) team chats

Access and Identity

  • Single sign-on (SSO)
  • Two-factor authentication (2FA)
  • Enforced strong password policy
  • Restrict to authenticated users
  • User roles & permission management
  • Session timer to logout inactivity
  • Event notifications & operation logs
  • Fail2ban
  • Enforced auto/static defense
  • Restrict IP allow/block list
  • Restrict country access
  • Global anti-hacking IP blocklist
  • HTTPS/TLS certificates
  • OAuth 2.0
  • Enforced multi-factor authentication (MFA)
  • Device PIN enforcement

Encryption

  • Data-at-rest
  • Data-in-transit
  • TLS encryption/SRTP secure voice
  • E2EE via Message Layer Security (MLS)

Unified Calling App

  • Single sign-on (SSO)
  • Require password
  • Restrict to authenticated users
  • Session timer to logout inactivity
  • Authorized apps manager
  • VoIP country blocking
  • Centralized IT management
  • Audit trail to track changes
  • Enterprise mobility management via Unified Calling for Intune
  • Native and 3rd party archive via Unified Calling API
  • eDiscovery, content capture and DLP via Theta Lake