The short answer
Privacy and security are not the same thing, and encryption is only part of the story. On FreeCallMe, browser-to-browser calls are about as private as VoIP gets: they use WebRTC, which is DTLS-SRTP encrypted by default, the audio travels directly between the two devices (or through an encrypted relay that cannot read it), and nothing is recorded. Calls to real phone numbers are encrypted on the browser leg, but the metadata is kept for billing and the final hop across the traditional phone network may not be encrypted. That last part is true of every VoIP-to-phone service.
Two layers: signaling and media
Every VoIP call has two distinct data streams, and they have to be secured separately.
Signaling
The call-setup traffic: who is calling whom, when the call started, which codecs to use, and how to route it. It travels before and around your voice, not with it. The protocol is usually SIP (Session Initiation Protocol) or a proprietary equivalent.
Media
Your actual voice and video. This is the real-time stream that carries what you say, and it is the part most people mean when they ask whether a call is private.
Encrypt the signaling but not the media and you get a secure setup around a completely exposed call. Encrypt the media but not the signaling and your call content is safe while the metadata leaks. You need both, and this is where VoIP services diverge.
What good VoIP encryption looks like
- TLS for signaling
- Transport Layer Security, the same protocol that secures HTTPS. It stops anyone from intercepting who you are calling or injecting fake call-setup messages.
- SRTP for media, DTLS for keys
- Secure Real-time Transport Protocol encrypts the voice data itself in transit. Paired with DTLS (Datagram TLS) for the key exchange, your audio is encrypted between the two endpoints.
- WebRTC enforces it
- WebRTC, which FreeCallMe uses for browser calls, requires DTLS-SRTP by design. There is no setting to turn it off and no configuration step. Every WebRTC call is encrypted.
- The phone-network hop is the exception
- For calls to a real phone number, the final hop across the traditional phone network may not be encrypted. That infrastructure predates modern encryption standards, and it is the endpoint you are trying to reach.
What "private" actually means
Encryption protects your call content in transit. It does not cover everything that matters for privacy.
Metadata is not encrypted. Who you called, when, and for how long cannot really be encrypted: carriers and providers need it to route and bill the call. Even with perfect encryption of the content, this data exists and can be reachable under legal process.
Logs and recordings are a policy question, not a technical one. A provider can run fully encrypted calls and still choose to log metadata or keep recordings on its servers. Encryption protects you from outside eavesdropping, not automatically from the provider itself.
Peer-to-peer beats server-routed. In a server-routed call, your audio passes through the provider's systems, encrypted in transit but physically within reach. In a true peer-to-peer call, the audio travels between your device and the other person's device without a server in the middle.
How FreeCallMe handles this
Browser-to-browser calls (the ones you start from a call link) use WebRTC peer-to-peer. When a direct connection between the two browsers is possible, your audio travels straight between the two devices and does not touch a server. When a restrictive network blocks a direct link, the media is relayed to keep the call working, but that relay runs on Cloudflare's TURN service, not FreeCallMe's servers, and it only ever sees DTLS-SRTP encrypted packets it cannot read. FreeCallMe does not record or store your audio or video. Only the signaling that sets up the call, such as who joins your room and when, passes through FreeCallMe's infrastructure.
Dialer calls to a real phone number work differently. Your browser connects over WebRTC, again DTLS-SRTP encrypted, to a licensed telephony carrier, which bridges the call onto the public phone network. FreeCallMe's servers authorize and set up that call, but your audio does not route through FreeCallMe's own media servers. The final hop across the traditional phone network to the recipient's landline or mobile travels over legacy infrastructure that predates modern encryption, so that last leg may not be encrypted. This is true of every VoIP-to-phone service; it is a property of the phone network, not a FreeCallMe limitation.
For dialer calls, FreeCallMe keeps call metadata such as the destination number, duration, and your account, because it is needed to bill the call and meet legal requirements. It does not keep the contents of your calls.
| On a FreeCallMe call | Browser to browser | Call to a phone |
|---|---|---|
| Your voice (media) | Encrypted, DTLS-SRTP | Encrypted on the browser leg; last phone-network hop may not be |
| Passes through FreeCallMe's own servers | No, peer-to-peer or an encrypted relay | No, the browser connects to the carrier |
| Metadata (number, time, duration) | Room signaling only, no phone number | Retained for billing |
| Call audio recorded | No | No |
Want the most private option?
A browser-to-browser call is peer-to-peer and encrypted by default. Generate a link and go.
Call any phone number in 220+ countries from your browser. Your first $1.00 is free, then pay-as-you-go by the minute.
The threat model that actually matters
For most people making personal calls, the realistic threats are:
- Someone on your local network trying to intercept the call. Covered by DTLS-SRTP encryption.
- The provider logging your conversations. A policy question, not a technical one.
- Third parties seeing who you called and when. Metadata, mostly unavoidable on any network.
- A provider with weak access controls getting breached. A question of how seriously that provider takes security.
The threats that stay largely theoretical for personal use:
- Nation-state interception and real-time decryption of an encrypted stream. Not a realistic threat for ordinary personal calls.
What to look for in any VoIP service
When you are judging whether a calling tool takes privacy seriously, four questions matter.
Does it use WebRTC or SRTP for encryption?
If a service does not disclose this, assume the call is not encrypted. Any legitimate provider says so plainly.
Are calls peer-to-peer or server-routed?
Peer-to-peer is more private. Server-routed is fine for most uses, but it means the audio passes through the provider.
What is the data-retention policy?
What metadata is kept, for how long, and under what conditions is it shared with third parties or law enforcement?
Is the signaling encrypted too?
SRTP without TLS still leaks who you are calling and when. Both channels need to be protected, not just the audio.
FreeCallMe's browser calls are peer-to-peer and DTLS-SRTP encrypted. Dialer calls are encrypted on the browser leg to the carrier. Nothing is recorded. You can read how FreeCallMe handles your information in the privacy policy.
Common questions
- Are VoIP calls encrypted by default?
- It depends on the service. WebRTC-based calls, like FreeCallMe's browser calls, are DTLS-SRTP encrypted by default and cannot be switched off. Older SIP setups can run unencrypted unless the provider turns on TLS and SRTP, so if a service does not mention encryption, assume it is not encrypted.
- Can my VoIP provider listen to my calls?
- Encryption stops outsiders from listening in, but it does not by itself stop the provider. On a server-routed call the audio passes through the provider's systems. On a genuine peer-to-peer call, like FreeCallMe's browser calls, the audio travels between the two devices and FreeCallMe does not record or store it.
- Is a browser call more private than a call to a phone number?
- Yes. A browser-to-browser call stays on the internet the whole way and is peer-to-peer encrypted. A call to a real phone number has to cross the traditional phone network for its final leg, which predates modern encryption, so that hop may not be encrypted. That is true of every VoIP-to-phone service, not just FreeCallMe.
- Does FreeCallMe record calls?
- No. FreeCallMe does not record or store the audio or video of your calls. There is no recording feature.
- What information does FreeCallMe keep about my calls?
- For calls to real phone numbers, FreeCallMe keeps call metadata such as the destination number, duration, and your account, because it is needed to bill the call and meet legal requirements. It does not keep the contents of your calls.
The short version
Browser-to-browser calls on FreeCallMe are about as private as VoIP calls get: peer-to-peer, DTLS-SRTP encrypted, not passing through FreeCallMe servers, and never recorded. Calls to real phone numbers are encrypted on the browser leg, but metadata is kept for billing and the last hop to a traditional phone may not be encrypted. That is a property of the phone network, not a FreeCallMe limitation, and it is true of every VoIP-to-PSTN service.
If your call is between two browsers
Generate a link and go. Peer-to-peer, encrypted by default, no account needed.
Call any phone number in 220+ countries from your browser. Your first $1.00 is free, then pay-as-you-go by the minute.