Security
Security & Privacy by Design
FilterCalls was built with privacy as a product constraint, not an afterthought. Public intelligence should help people make safer decisions without exposing raw phone numbers or reporter identities.
SHA-256 Community Hashing
Community reputation uses cryptographic hashing so public reputation pages never need raw phone numbers.
No Raw Public Phone Numbers
Public pages show hash previews and aggregated reputation signals, not raw caller numbers.
Reporter Identity Protection
Reporter details are never exposed publicly. Aggregation keeps reputation useful without exposing individuals.
Edge-First Architecture
FilterCalls runs on Cloudflare Edge patterns for fast responses and reduced centralized infrastructure exposure.
Controlled Error Responses
API responses are designed to avoid raw stack traces and internal implementation details.
Input Validation & Rate Limiting
Inputs are validated before analysis and sensitive routes use limits to reduce abuse.
Data handling
What is stored, and what becomes public?
We avoid absolute promises that the product architecture cannot prove. The key rule is simple: raw caller numbers and reporter identities are not exposed on public reputation pages.
| Data | Storage / Handling | Visibility |
|---|---|---|
| Community-reported numbers | SHA-256 hash only | Aggregated reputation only |
| Report category/severity | Stored as report metadata | Aggregated public stats only |
| Reporter identity | May be linked internally for authenticated abuse prevention | Never exposed publicly |
| Raw IP addresses | Not stored as raw IP; abuse prevention uses hashed or limited signals | Never exposed publicly |
| Analysis results | Processed for requester and usage/plan controls | Not exposed publicly |
Responsible disclosure
Found a security issue?
Email us at contact@filtercalls.com. We aim to acknowledge credible security reports within 72 hours.
This page reflects current FilterCalls security practices as of April 2026.