Call your bank — with your number
Security & Trust

Your data is safe with us.

EzyRing is engineered for security, privacy, and trust at every layer — from your password to the call audio that leaves your browser.

HTTPS Everywhere

Every byte between your browser and our servers is encrypted with TLS 1.3. HSTS-preloaded so browsers refuse insecure connections, even on first visit.

Bcrypt Password Hashing

Passwords are hashed with bcrypt (cost factor 12) before they ever touch our database. We never see, log, or store your password in plain text.

PCI via Stripe

We never see your card number. All payments are processed by Stripe (PCI Service Provider Level 1, the highest tier). Card data never reaches our servers.

GDPR & CCPA Aligned

We collect only what we need to provide the service, with documented retention. Right to access, rectify, and delete your data on request — just email us.

Anti-Fraud Rate Limiting

Multi-layer rate limits on auth endpoints (per-IP, per-email, per-account) block credential-stuffing, signup abuse, and password-spray attacks before they hit the database.

No Call Audio Stored

Voice traffic is routed via Twilio with WebRTC encryption in transit. We do not record, transcribe, or store the audio content of your calls — ever.

Session Invalidation

Changing your password instantly invalidates every other active session worldwide. Sign in to a new device and old sessions are revoked automatically on critical events.

Verified Caller ID Only

Phone numbers used as Caller ID must be verified via a Twilio one-time code — and they're tagged with your account so they can never be reused by anyone else.

Sign in with Google

OAuth 2.0 with PKCE and state-cookie binding. ID tokens are verified against Google's JWKS on every callback. No password to leak if you sign in with Google.

How your call is protected

When you place a call from EzyRing, here's what happens behind the scenes — all designed to keep your conversation private.

  1. Your browser establishes a WebRTC connection to Twilio's media servers over SRTP (Secure Real-time Transport Protocol).
  2. Twilio routes the call to the destination carrier over their global network of Tier 1 telecom interconnects.
  3. We log only metadata (timestamp, destination, duration, cost) — never the audio.
  4. Twilio is SOC 2 Type II, ISO 27001, HIPAA, and PCI certified. They publish a detailed security overview.

Account security best practices

A few things you can do to keep your EzyRing account even safer:

  • Use a unique, strong password not used on any other site. We enforce minimum 8 characters and block known-compromised passwords on signup.
  • Prefer Sign in with Google if you already have a strong Google account — it removes the password from the equation entirely.
  • Set a low balance alert in your wallet settings so you spot unusual activity immediately.
  • Set auto-recharge only if you trust the device — and use a low cap.
  • Sign out from public computers. Even though sessions are HttpOnly cookies, signing out clears them server-side too.

Where your data lives

EzyRing is built on top of best-in-class infrastructure providers — we don't run our own servers.

Vercel

Application hosting + edge network

Neon

Postgres database (encrypted at rest)

Twilio

Voice / SMS / Caller ID verification

Stripe

Payment processing (PCI Level 1)

Resend

Transactional email delivery

Google

OAuth identity provider (optional)

Headers & web hardening

Every response from ezyring.com is served with these security headers:

  • Strict-Transport-Security with preload — browsers refuse HTTP forever after first visit.
  • Content-Security-Policy — only our own scripts, plus Stripe and Twilio, can execute.
  • X-Frame-Options: DENY — clickjacking protection.
  • Referrer-Policy: strict-origin-when-cross-origin — your URL parameters never leak to third parties.
  • HttpOnly + Secure + SameSite=Lax cookies — auth tokens cannot be read by JavaScript or sent on cross-site requests.

Responsible disclosure

If you believe you've found a security vulnerability in EzyRing, please email us at [email protected].

We commit to:

  • Acknowledge your report within 48 hours.
  • Provide a status update within 5 business days.
  • Work with you to validate and reproduce the issue.
  • Credit you in the fix release notes (if you wish).

Please do not publicly disclose the issue until we've had a chance to fix it. We don't take legal action against security researchers acting in good faith.

Compliance & transparency

EzyRing operates under EU consumer protection law. Read the details in our:

Privacy PolicyTerms of ServiceCookie PolicyAcceptable UseRefund Policy

Last reviewed: May 2026 — Security is a continuous process. We update this page as our practices evolve.