Sovereign Infrastructure
Sovereign Server
The Q-AUDION calling infrastructure can be fully owned and operated by the customer. Horizontal scalability on demand. No data traverses third-party clouds.
Go + bboltTURN embeddedWebSocket + RESTOTA Ed25519 signing
Full customer ownership
The Sovereign Server binary runs on any customer infrastructure: bare-metal in a classified datacenter, sovereign EU VPS, isolated private cloud. No phone-home, no telemetry, no third-party-managed keys.
- Single-binary deployment, footprint minimo
- Embedded storage (no external DB required)
- Configuration entirely via config.toml
On-demand scalability
The architecture is designed to scale out horizontally. Add nodes as traffic grows, remove them when it falls. Native load balancing, sticky sessions for WebRTC, automatic failover.
- Embedded Pion v4 TURN for WebRTC relay
- Refresh tokens with automatic rotation
- Offline messages with cleanup worker
OTA firmware signing
The Sovereign Server signs OTA payloads for the earbud with the customer's Ed25519 key. There is no way for the vendor to inject unauthorized firmware: the signing key stays under the organization's control.
- On-device MCUboot validation
- Rollback protection con security counter
- Immutable audit log of releases