Call Encryption is a method of encrypting both your VoIP SIP traffic (The handshake that introduces and closes a call) and your actual VoIP Audio, often referred to as RTP traffic.
Yay.com support turning on both TLS (Transport Layer Security) to encrypt your VoIP SIP traffic and turning on encryption for your RTP traffic to make the actual audio secure using SRTP (Secure RTP). To activate TLS for the SIP traffic you don't need to do anything in your Yay.com dashboard.
SRTP encryption deals with encrypting the actual audio of the call. Therefore it can be turned on for both the inbound call audio and the outbound call audio. So for listening to what your caller has to say (inbound) and you talking to the caller (outbound). Below is what you need to do to encrypt each part:
Configure your FreePBX trunk as follows...
type=peer qualify=yes transport=tls username=your_SIP_username secret= your_SIP_password host=talk.yay.com dtmfmode=rfc2833 disallow=all allow=alaw encryption=yes
type=peer qualify=yes nat=yes insecure=port,invite host=talk.yay.com disallow=all allow=alaw transport=tls encryption=yes
Once you've done that, you then need to enable call encryption in your Yay.com Dashboard. To do this go to your Dashboard > MyVoIP > User > Sip User > Edit > Call Encryption > Enable.