TetraCore LogoTetraCore
    CallsAround is a TetraCore product — built in Bowling Green, Ohio.Full site: callsaround.com
    Security

    The AI vendor is never a security boundary

    Tenancy, encryption, payment isolation, and audit are enforced in CallsAround's own systems — the voice model receives answers, never your credentials or customer data stores.

    Security controls

    Tenant isolation via RLS

    Postgres Row-Level Security is the authoritative tenant boundary on every read and write. The AI voice vendor is never a security boundary — it receives answers, never credentials.

    Encrypted OAuth tokens

    Customer Google/Microsoft OAuth tokens are AES-256-GCM encrypted at rest and never leave CallsAround servers.

    Payments stay with Stripe

    Card data is held by Stripe, never by CallsAround. Billing state changes only from verified Stripe webhooks.

    Signed webhooks & scoped API keys

    Inbound webhooks are signature-verified (Ed25519 for telephony, HMAC for Stripe). API keys are SHA-256-hashed at rest with scopes, rate limiting, and full request logging.

    Call-recording consent

    A per-line disclosure toggle supports two-party-consent states. We do not sell personal data, and we do not use your calls to train AI models.

    Automatic data retention

    Recordings and transcripts are kept 365 days, operational events 90 days, and API logs 30 days — then removed automatically.

    Audit log & session control

    Every mutation is written to an audit log (who changed what). Session management includes "sign out of all devices," with Google/Microsoft SSO.

    Telephony compliance

    E911 address support on every number, plus 10DLC and toll-free SMS compliance workflows.

    CallsAround routes business emergencies to your on-call team. It is not a substitute for 911.
    Report a security issue: security@tetracorehq.com

    Related CallsAround pages