Security
No marketing — only what is actually implemented.
Hosting & infrastructure
IONOS VPS Berlin, Ubuntu 24.04, Let's Encrypt TLS with automatic renewal. HTTPS enforced, HTTP redirected.
Database
Supabase (PostgreSQL), self-hosted on the VPS. Row-level security (RLS) active — every request is checked against company membership.
PII encryption
Caller phone numbers are stored encrypted with AES-256-GCM (column calls.caller_number). Customer API keys are also stored AES-256-GCM encrypted.
Authentication
Supabase Auth with JWT. PKCE flow for secure token handoff. Rate limiting on login endpoints.
Webhooks
Outbound webhooks are signed with HMAC-SHA256. SSRF protection against unwanted internal requests.
EU AI Act Art. 50
Before every AI voice conversation, a transparency announcement is played: the caller is informed that they are speaking with an AI and that the conversation may be recorded.
GDPR
Data processing agreement (DPA) in place. Sub-processors: Twilio, Deepgram, Cartesia, Anthropic/OpenAI (depending on customer choice). Right to erasure is technically supported.
Backups
Daily at 03:00 UTC, automatic rotation: 7 daily, 4 weekly, 3 monthly.
Monitoring
Capacity monitor runs every 15 minutes: RAM, concurrent calls, disk, backup age. Alert email on threshold breach.
Notice
Talura is operated by a solo developer on a single VPS. There is no SLA commitment, no guaranteed uptime level, and no 24/7 support. For business-critical processes with high-availability requirements, Talura in this form is not suitable.