Every BubblyPhone call is encrypted by default. Not as an add-on, not as a premium feature — encryption is built into the WebRTC protocol that powers every call you make.
When you make a call on BubblyPhone, three layers of security activate automatically before any audio leaves your device:
Before any audio flows, your browser and our server perform a DTLS (Datagram Transport Layer Security) handshake. This is the same family of protocols that secures HTTPS websites and online banking. During this handshake, both sides agree on encryption keys that only they know.
Once the keys are established, all voice data is encrypted using SRTP (Secure Real-time Transport Protocol). Your voice is converted to digital packets, encrypted, and only decrypted at the other end. Anyone intercepting the data in transit hears nothing — just encrypted noise.
Every single call generates its own unique set of encryption keys. When the call ends, those keys are discarded. This means even in the theoretical scenario where one call's encryption is compromised, no other call — past or future — is affected.
Security is as much about what a company chooses not to do. Here are concrete commitments:
Call audio is never permanently stored. If you opt in to AI transcription, the audio is processed and immediately deleted. Otherwise, no audio touches our servers at all.
Your calling data is never sold to advertisers, data brokers, or any third party. Your usage data stays between you and BubblyPhone.
Call audio is never permanently stored on our servers. If you opt in to AI transcription, the audio is processed and then immediately deleted — only the text transcript is kept. If you don't use transcription, no audio is retained at all.
BubblyPhone only requests microphone access — nothing else. No camera, no contacts, no location, no files. Just your microphone to make calls.
| Security Feature | BubblyPhone (WebRTC) | Traditional Phone | Skype / WhatsApp |
|---|---|---|---|
| Encryption | Always on (SRTP) | None by default | Varies by service |
| Call recording by provider | Never | Carrier may comply with wiretaps | Stored on company servers |
| Metadata logging | Minimal (billing only) | Full CDR logs | Extensive usage data |
| Open source protocol | Yes (WebRTC is open source) | No | No |
| Software required | Browser only (no attack surface) | Phone hardware | Proprietary app download |
Your browser runs BubblyPhone in a sandbox — an isolated environment that prevents any web application from accessing your files, other tabs, or system resources. Even if a vulnerability existed, the sandbox prevents it from affecting anything outside the browser tab.
Your browser asks for explicit permission before BubblyPhone can access your microphone. This permission is per-site and can be revoked at any time. No background listening is possible — the browser shows a visible indicator whenever your microphone is active.
Traditional VoIP apps require downloading and installing software, which introduces potential vulnerabilities. BubblyPhone runs entirely in your browser — there's no installer, no plugin, and no third-party code running on your machine.
Chrome, Firefox, Safari, and Edge all receive automatic security updates. When a WebRTC vulnerability is discovered and patched, you get the fix automatically through your browser update — no action required on your part.
No. Every BubblyPhone call is encrypted with SRTP (Secure Real-time Transport Protocol). Even if someone intercepted the data packets traveling over the internet, they would only see scrambled data. Each call uses unique encryption keys generated during the DTLS handshake, so compromising one call gives zero access to any other call.
Browser-based calling is actually more secure in several ways. Your browser runs in a sandboxed environment isolated from other applications. WebRTC mandates encryption — it cannot be turned off. There are no third-party plugins to introduce vulnerabilities. And your browser receives automatic security updates from Google, Mozilla, or Apple.
Yes. BubblyPhone minimizes data collection by design. Call audio is never permanently stored — if you opt in to AI transcription, the audio is processed and immediately deleted. We only retain the minimum data needed for billing and your optional transcripts. We do not sell or share your data with advertisers or third parties.
Only what is necessary for billing and your call history: the destination number, call duration, timestamp, and cost. If you opt in to AI transcription, the text transcript is stored in your account — but the audio itself is deleted immediately after processing. Your data is visible only to you in your dashboard.
Every call is encrypted. No recordings. No data selling. Just private, affordable international calls from your browser.
Create Free Account →