Data boundary
Aywa control plane
Identity, workspace membership, billing state, license records, install token hashes, registry tokens, instance metadata, and heartbeat summaries.
Customer runtime
Provider keys, phone calls, audio, transcripts, recordings, tool payloads, webhook payloads, runtime logs, artifacts, and local backups.
Auth and authorization
Runtime API keys protect private REST routes. Supabase Auth can be accepted for dashboard/user sessions when configured, and FreeSWITCH hooks can use a dedicated event secret.
Runtime API keysBearer or X-API-Key authentication for private API calls.Supabase AuthOptional JWT verification through JWKS or legacy HS256 secret for dashboard sessions.FreeSWITCH secretDedicated hook authentication for telephony edge callbacks.Webhook signingOutbound webhook trust through a deployment-owned signing secret.Redaction
Credential read responses and support bundles must redact tokens, API keys, passwords, SIP trunk auth values, bearer headers, and nested client secrets.
aywa support-bundle --redactOutbound request policy
Tool-driven outbound requests are a common risk surface. The runtime blocks unsafe request shapes before traffic leaves the deployment.
SSRF protection
Private, link-local, and reserved IP ranges are blocked by default.
Allowlists
Model-provided URLs require explicit host allowlists.
Sensitive headers
Dynamic Authorization, cookie, and API-key headers are dropped.
Production safety
Private network bypass flags are rejected in production mode.
Compliance posture
Aywa Runtime helps customers keep call data and provider secrets in their own infrastructure, but it does not remove their responsibility for provider DPAs, telephony consent, retention policies, backups, regional hosting, and incident response.