How is data encrypted in transit and at rest?

All signalling and APIs use TLS 1.3. Every media leg is encrypted with SRTP, including mobile and softphone. Data at rest — recordings, transcripts, voicemail, CDRs — is encrypted with AES-256 using per-tenant key envelopes. Keys rotate quarterly on a documented schedule.

Do you support SSO, SCIM, and MFA?

Yes — on every plan, including the free trial. SAML 2.0 SSO works with Okta, Azure AD, Google Workspace, OneLogin, and any standards-compliant IdP. SCIM 2.0 handles user and group provisioning and instant deprovisioning. MFA supports TOTP, WebAuthn, and hardware security keys, configurable per role.

How are tenants isolated from each other?

No shared schemas. No cross-tenant joins. Each customer's data lives behind its own logical boundary, enforced at both the application and infrastructure layer. Recordings and transcripts are encrypted per-tenant so a key compromise on one account cannot expose another.

What is your incident response process?

24/7 on-call engineers — not a ticket queue. Documented IR plan tested twice yearly. Affected customers are notified within 24 hours of incident confirmation. Status page updates within 5 minutes of detection. Post-incident reports within 5 business days of resolution.

How do you protect against fraud and telecom abuse?

Real-time machine-learning models score every outbound leg for IRSF, Wangiri, and traffic-pumping patterns. Anomalous calls are scored and blocked in real time. ACD anomaly detection flags short-duration fraud patterns on every trunk. CPS rate limiting is configurable per trunk group.

Security & Trust

Carrier-grade security, built into every call.

Q: What network and uptime guarantees do you offer?

Every plan is backed by a carrier-grade Tier-1 network with 99.999% uptime SLA (financial remedy included on Enterprise, scaling from 99.9% on Starter), 24/7 NOC monitoring, automated multi-carrier failover across at least three independent routes, and STIR/SHAKEN A-level attestation on US/CA traffic.

Our Tier-1 network ships with STIR/SHAKEN A-level attestation, AES-256 encryption, automated multi-carrier failover, and a 24/7 NOC — on every plan. Not a tier upgrade. Not an add-on.

Start a Free Trial Pricing

99.999%

Uptime SLA

24/7

NOC monitoring

A-level

STIR/SHAKEN

Live signals

Network & Trust

HEALTHY

STIR/SHAKEN attestation

A-level

Transport encryption

TLS 1.3 · SRTP

Storage encryption

AES-256 · per-tenant keys

Network operations

24/7 NOC · automated failover

Last check

just now

Tier-1

Direct peering

24/7 NOC

99.999% SLA

STIR/SHAKEN A-level

US/CA traffic

AES-256 + TLS 1.3

At rest & in flight

24/7 NOC monitoring

Live ops

Automated failover

Multi-carrier

99.999% uptime SLA

Financial remedy

Carrier-level protection

The threat starts at the wire. So does our defence.

Most VoIP providers re-sell wholesale capacity and hope nothing breaks. Teloz operates the carrier. Every protection below is enforced at the network edge — before a call ever touches your tenant. See how these protections translate into tangible benefits on our pricing page.

Tier-1 voice network

Direct peering

Direct peering with major carriers — no resold capacity. Every route runs across at least three independent paths so failure of one carrier does not break your traffic.

STIR/SHAKEN at the carrier

A-level · US/CA

Full A-level attestation on US and Canadian traffic — signed at our edge, not just relayed. Reduces spam-flagging at the destination and meets FCC call-authentication requirements.

Real-time fraud detection

IRSF · Wangiri

Machine-learning models score every outbound leg for IRSF, Wangiri, and traffic-pumping patterns. Anomalies are scored and blocked in real time, with ACD anomaly detection on every trunk.

E911 + FCC RMD listed

Dynamic E911

Dynamic E911 location for every extension, including mobile and softphone. Teloz is a registered US carrier on the FCC's Robocall Mitigation Database — public, auditable, and current.

Defense in depth

Four independent layers. Failure of one does not compromise the next.

Customer data flows through four layers of protection — encryption, isolation, and recoverable backups. Every layer is reviewed annually by independent penetration testers. Encryption standards follow NIST cryptographic guidelines for symmetric encryption and key management.

Step 01

In transit

TLS 1.3 for signalling and APIs. SRTP for every media leg, including mobile and softphone. No call audio leaves an encrypted tunnel — ever.

TLS 1.3SRTPPerfect forward secrecy

Step 02

At rest

AES-256 with per-tenant key envelopes. Recordings, transcripts, voicemail, and CDRs are encrypted before they hit disk. Keys rotate on a documented schedule.

AES-256Per-tenant keysQuarterly rotation

Step 03

Per-tenant isolation

No shared schemas. No cross-tenant joins. Each customer's data lives behind its own logical boundary — enforced at the application and infrastructure layer.

Logical isolationRow-level guardsAudited access

Step 04

Backup & recovery

Continuous backups with documented RPO/RTO targets. Region-pinned restore. Field-level redaction available for sensitive recordings and transcripts.

RPO 15m · RTO 4hRegion-pinnedField redaction

Identity & access

Identity and audit trails your IT team will actually approve.

SSO, SCIM, MFA, and role-based access are standard on every plan — including the free trial. Every admin action is logged, exportable, and reviewable for incident response.

What's included on every plan

SSO via SAML 2.0 (any compliant IdP)
SCIM 2.0 user + group provisioning
MFA (TOTP, WebAuthn, hardware keys)
Role-based access with custom scopes
Tamper-evident audit log to SIEM

Identity

SSO via SAML 2.0

Okta, Azure AD, Google Workspace, OneLogin — standard SAML on every plan.

SCIM 2.0 provisioning

Auto-sync users and groups from your IdP. Deprovisioning revokes access instantly.

Mandatory MFA options

TOTP, WebAuthn, and hardware-key support. Configurable per-role and per-device.

Role-based access

Admin, supervisor, agent, billing, and read-only roles — plus custom permission scopes.

Monitoring & audit

Tamper-evident audit log

Every admin action writes to an immutable log. Exportable to SIEM via webhook or API.

Real-time alerts

Anomalous-login detection, session revocation, and instant alerts on role or permission changes.

Operational resilience

Built for failure. Designed to recover before you notice.

Carriers fail. Hardware fails. Software fails. The question is whether your platform is built to absorb those failures and keep customer calls flowing. Ours is.

Uptime SLA

99.999%

Backed by financial remedy on every plan, scaling from 99.9% on Starter up to 99.999% on Enterprise.

Carrier failover

Sub-second

Automated failover switches between at least three independent carrier paths in milliseconds.

NOC monitoring

24/7

Around-the-clock network operations center watches ASR, ACD, and CPS thresholds on every trunk.

Incident notification

< 24h

Documented incident response plan. Customers notified within 24 hours. IR plan tested twice yearly.

Incident response

When something breaks, you hear it from us first.

24/7 on-call engineers — not a ticket queue.
Notification to affected customers within 24 hours of confirmation.
Status page updates within 5 minutes of detection.
IR plan documented and tested twice every year.
Post-incident report within 5 business days of resolution.

Track live

See live status & changelog

Security FAQ

The short answers.

Questions buyers ask in the first call.