Sikurd (“Sikurd”, “we”, “our”) provides a SaaS monitoring and management platform for 3CX phone systems. This policy explains what we collect, how we use it, and the choices you have.
What we collect
We collect three categories of data:
- Account data — your name, work email, tenant / organization name, role, and (optionally) phone number when you sign up or are invited.
- Instance configuration — the FQDNs of the 3CX systems you monitor, their administrator usernames, encrypted administrator passwords (AES-256-GCM at rest), and the integration tokens needed to talk to them.
- Operational telemetry — what Sikurd polls from each 3CX instance on your behalf: uptime, call counts, trunk and extension state, license usage, backup metadata, network latency / jitter / loss readings, and version information.
What we don’t collect
- We do not record or store call audio.
- We do not store call recordings, voicemails, or chat content.
- We do not collect end-user (caller) personally identifiable information beyond what 3CX reports for call logs and queue stats you choose to view.
- We do not sell, rent, or share your data with third parties for their own marketing purposes.
How we use it
- Operate the service — poll your instances, generate alerts, compute health scores, render dashboards.
- Send notifications — alert emails, mobile push, Slack / Teams / PSA integrations you configure.
- Improve the product — anonymized, aggregated usage metrics may inform feature decisions; we never look at customer-identifiable data for product development without your explicit involvement.
- Support you— when you contact us, we access only what’s necessary to resolve your request.
Where data lives
Application data is hosted on infrastructure provided by Neon (PostgreSQL), Vercel (web application), Railway (worker processes), and Upstash (queue / cache). All hosts operate in US-East regions; data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Encrypted backup snapshots are retained for 30 days.
Sub-processors
We use the following third-party services to deliver Sikurd. Each receives only the data needed for the listed purpose.
| Provider | Purpose |
|---|---|
| Vercel | Web application hosting |
| Neon | Primary PostgreSQL database |
| Railway | Worker processes (polling, alerting) |
| Upstash | Queue + cache (BullMQ on Redis) |
| Stripe | Payment processing |
| SendGrid | Transactional email |
| ElevenLabs | Optional TTS for hold music / prompts (only if you use AI Voice Studio) |
| Anthropic / OpenAI | Optional AI features (Fleet Intelligence, incident summaries) |
| Microsoft Azure / Google | OAuth sign-in (only if you choose to use SSO) |
How long we keep your data
- Account data — for as long as your account is active. Deleted within 30 days of account closure.
- Operational telemetry — retained for the rolling window relevant to each metric (call logs 90 days, uptime records 30 days, alert history 12 months). Configurable per tenant on request.
- Backups — encrypted snapshots retained 30 days.
Your rights
You can access, export, correct, or delete your data at any time from your account settings, or by emailing us at help@sikurd.com. We respond to verified requests within 30 days. If you’re an EU / UK / California resident, the rights described in GDPR / UK GDPR / CCPA apply and we honor them as a matter of policy regardless of jurisdiction.
Security
- All traffic is HTTPS-only.
- Admin passwords and API tokens stored on Sikurd are encrypted at rest with AES-256-GCM. The encryption key is held outside the database in a separate secret store.
- Database access is scoped to least-privilege service roles; no shared admin credentials.
- Session cookies are HttpOnly + Secure + SameSite=lax, scoped to the apex domain and rotated on sign-in.
Cookies
Sikurd uses functional cookies only — session, preferences, and CSRF tokens. We do not use third-party advertising cookies, tracking pixels, or analytics that build cross-site profiles.
Children
Sikurd is not directed at children under 16 and we do not knowingly collect their data.
Changes to this policy
We’ll post material changes at the URL where this policy lives and update the “Last updated” date above. If a change materially expands how we use your data, we’ll notify you by email before it takes effect.
Contact
Questions about this policy or your data: help@sikurd.com or by phone at (941) 280-4090.