Terms and Conditions
General
SIP2SIP is a real time communications service provided by AG Projects, a limited liability company registered in the Netherlands.
The purpose of this service is testing of the software deployed by AG Projects to its customers.
Terms of use
You may use this service as an end-user for establishing real time communications with other end-users on the same platform or external users serviced by third parties that are using SIP protocol.
AG Projects reserves the right to remove any account that behaves in an undesirable way.
Usage of accounts provided by this service by intermediaries or corporations deploying services to their own end-users is prohibited. Any party that wishes to deploy their own service must have commercial agreement with AG Projects.
Data Storage Policy
As a general rule, no end-user's data is collected on purpose nor shared with any third-parties, with the exception of push notifications. However there is data visible or stored implicitely by using the service, due to the inner working of the protocols involved.
If you are concerned about privacy of your data and how it is used inside the platform, read below.
General
When using Internet servers, one should not expect that information remains private. Everything that goes through a server is subject to forces outside the control of the clients using it. You may safely assume all data exchanged through a server is compromised by design. If you care about privacy of your data, you should find clients that reveal as less data as possible, then encrypt all the data that is possible and never share the private key used to encrypt data with anyone. Still, no matter what client technique you are using, it is impossible when using a server to completely hide when communication takes place, between which accounts takes place and the source and destination IP addresses of the end-points.
Accounts
SIP2SIP accounts and related information are stored in the platform database. Passwords are stored in an encrypted form in the database. It is advisable to use strong passwords that cannot be guessed by dictionary brute force attacks.
Account deletion
You can request deletion of you account. We will delete your account and its associated data providing that no commercial services has been purchased (e.g. credit to call to PSTN network). If you did make a purchase, we are required by law to keep records of all monetary transactions like full name and addresses for up to seven years after purchase.
To delete your account login to http://x.sip2sip.info. In the Identity tab click on the remove account button.
Email addresses
Email addresses are solely used for recovering lost passwords or account deletion confirmations.
Contacts
The contacts present in your operating system address-book are not share with anyone and remain local to your SIP client.
Contacts used for presence, for example by Blink client, are stored inside the platform XCAP servers.
Sessions
Individual SIP messages for session establishment are stored temporary in the platform databases. Both end-users and the platform operator have access to this information for troubleshooting purposes.
Registrations
Registration messages are not stored.
Subscriptions
Presence dialogs and related payloads are NOT stored.
Push notifications
Push notifications used for waking up mobile devices to receive incoming calls or messages are logged temporary for troubleshooting purposes. Apple and Google have a copy of these notifications.
Media
Text Messages
Messages sent using SIP MESSAGE method by Sylk client are encrypted end-to-end using PGP, the private key used for decryption is NOT known by the server. The encrypted messages are stored on the server for later retrieval and synchronization between multiple devices. Other devices may send such SIP MESSAGES unencrypted, which may be visible in the logs stored by the servers.
If either client does not suppoort PGP, the messages are stored in clear text.
File transfers
Files exchanged by Sylk client are encrypted end-to-end using PGP, the private key used for decryption is NOT known by the server. The encrypted files are stored for a limited time depending on storage availability on the server for later retrieval and synchronization between multiple devices.
If either client does not support PGP, the files are stored unencrypted.
RTP Media
RTP streams used for audio and video are relayed by media relays running on the platform. The stream data is not stored.
MSRP Media
MSRP sessions used for chat and file transfers are relayed via the platform MSRP relay servers. The content of the messages and files is not stored.
Voicemail
Voicemail message can be sent un-encrypted over email as attachments and are stored un-encrypted on the server voicemail server (option controlled by end users). Voicemail can be enabled/disabled for each SIP account.
Conferences
Data exchanged during multi-party conferences is not stored.
Call Detail Records
Call Details Records (CDRs) are stored for up to six months. CDRs contain metadata information about who called whom and what time and for how long. The IP addresses used for signaling and media are also stored in the CDRs.
Protection strategies
Illegal Intercept
To protect your data against being tapped over the Internet:
Use
TLSfor SIP signaling to encrypt data between client and serverUse
zRTPfor audio and video (Blink client supportszRTP)Use
TLSforMSRPmedia (Blink client supportsMSRP over TLS)Use
OTRfor MSRP media (Blink client supportsOTR)Use
PGPfor SIP Messages (Sylk client supportsPGP)
These measures can protect your data against those who try to illegally sniff your network traffic (like breaking into your LAN/WiFi) but have no access to the client or server software. These measures will not protect your data privacy against legal intercept measures if enforced and applied to the server infrastructure that relays the messages (you will likely not know if and when this happens).
Lawful Intercept
In case any entitled government agency requires access to the data stored by SIP2SIP infrastructure, all SIP account data stored on the server can be considered compromised. Use client side encryption to mitigate revealing sensitive data.