Security
Authentication
Torqvoice uses Better Auth for authentication.
- Passwords are encrypted using bcrypt — a one-way algorithm meaning they cannot be reversed or read by anyone, including administrators
- Login sessions expire after 7 days of inactivity, after which you'll be asked to sign in again
- All communication between your browser and the server is encrypted over HTTPS
- Session tokens are stored in secure, HttpOnly cookies — inaccessible to browser scripts, protecting against common web attacks
- Optional two-factor authentication (2FA) adds an extra layer of security — works with any authenticator app like Google Authenticator or Authy
- The first user to register automatically becomes the admin and can manage team access from there
Your Data (Self-Hosted)
Everything stays on your own server. You have full control over your data, backups, and who has access. No telemetry, no cloud sync.
Your Data (Cloud)
When using the Torqvoice cloud offering, your data is stored securely on servers located in the EU. We do not sell or share your data with third parties. You can delete your data or your entire account at any time directly from within your account settings.
GDPR
Torqvoice is built with GDPR in mind.
- Your data is stored in the EU (cloud) or on your own server (self-hosted)
- Your data is never shared with third parties. It stays safe on our servers
- You have the right to access, correct, or delete your data at any time