Privacy

How WebRTC Protects Your Voice Calls

Published by Calln · May 2026 · 6 min read

When you make a call on Calln, your voice travels directly from your device to your partner's device. Our servers are not in the middle. We cannot listen to your conversations, we cannot record them, and we cannot share them with anyone — not because we choose not to, but because we are technically unable to.

This is possible because Calln is built on WebRTC — Web Real-Time Communication — an open standard that enables direct peer-to-peer audio and video in browsers and apps without plugins or downloads. Understanding how it works helps you understand exactly what privacy guarantees you actually have when you use Calln.

What is WebRTC?

WebRTC is an open-source project originally developed by Google and standardised by the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF). It is now built into every major browser — Chrome, Firefox, Safari, and Edge all support it natively. Most modern communication applications use it, including Google Meet, Discord, and many others.

The core idea behind WebRTC is that two devices should be able to communicate directly with each other over the internet without routing data through a central server. This direct connection is called a peer-to-peer connection.

💡 Key point: Peer-to-peer means your audio goes directly from your microphone to your partner's speaker — not through any company's servers. Nobody in the middle can intercept it.

How a Calln Call is Established

Setting up a peer-to-peer connection is more complex than it sounds. Two devices on the internet cannot simply connect directly to each other — they need to negotiate how to find each other across networks, firewalls, and NAT (Network Address Translation) systems. Here is what happens when you press Start on Calln:

Step 1 — Matching

Calln's signalling server receives your request and matches you with an available partner based on your country preference. This is the only moment our server is meaningfully involved in your call.

Step 2 — Signalling

Your browser and your partner's browser exchange technical information called an SDP (Session Description Protocol) offer and answer. This describes what audio formats each side supports. This exchange happens through our server but contains no audio — just technical metadata.

Step 3 — ICE Negotiation

Both browsers use ICE (Interactive Connectivity Establishment) to find the best path to reach each other. Google's STUN servers help discover each device's public IP address. ICE candidates are exchanged through our server — again, no audio is involved.

Step 4 — Direct Connection

A direct peer-to-peer connection is established. From this point, audio flows directly between your device and your partner's device. Our server steps out completely.

How Audio is Encrypted

All WebRTC audio is encrypted using DTLS-SRTP — Datagram Transport Layer Security combined with Secure Real-time Transport Protocol. This encryption is mandatory in the WebRTC specification. It cannot be disabled, and no compliant browser will allow an unencrypted WebRTC connection.

What this means in practice is that even if someone were intercepting the data packets travelling between you and your partner, they would see only encrypted noise. The encryption keys are negotiated directly between your two devices and are never shared with our servers.

What About TURN Servers?

In most cases, WebRTC establishes a direct peer-to-peer connection. But in some network environments — particularly strict corporate firewalls, university networks, or certain mobile carrier configurations — a direct connection is not possible. In these cases, WebRTC falls back to a TURN server (Traversal Using Relays around NAT), which acts as a relay for the audio data.

Calln uses TURN servers for these situations. Even when audio is relayed through a TURN server, the DTLS-SRTP encryption still applies. The TURN server relays encrypted packets that it cannot decode. This is fundamentally different from a traditional server-based call where the audio is decrypted, processed, and re-encrypted at each hop.

What Calln Can and Cannot See

We can see that a call happened and approximately how long it lasted — this is in our server logs for debugging purposes and is deleted within 7 days.
We can see your IP address, which we use for regional matching and the ban system.
We cannot hear your audio — it is encrypted end-to-end and never passes through our servers in a form we can access.
We cannot read your text messages — they are relayed through our server but are not stored anywhere and are deleted the moment they are forwarded.
We cannot see your shared images — same as text messages, relayed in memory and immediately discarded.

Why This Matters

Many communication platforms claim to be private but route all your data through their servers. This means they have the technical capability to record, analyse, and potentially share your conversations — regardless of what their privacy policy says. A privacy policy is a legal document that can change; a peer-to-peer architecture is a technical reality that cannot be overridden by policy.

With WebRTC, the privacy guarantee is not just a promise — it is an architectural fact. We could not record your calls even if we wanted to, even if we were legally compelled to, because the audio never reaches us in a form we can access.

Experience private peer-to-peer voice calling for yourself.

Try Calln — No Account Needed →