Security at Private Line

Data in Transit

Every connection to Private Line is encrypted with TLS (Transport Layer Security). Whether you're making a video call, sending a message, or processing a payment, your data is encrypted from the moment it leaves your device.

• ✓ HTTPS enforced on all web connections with automatic HTTP redirect
• ✓ Video and audio streams encrypted via TLS
• ✓ SSL certificates managed and auto-renewed

Data at Rest

Your data is encrypted when stored. Sensitive information like tax identification numbers are encrypted on your device using AES-256-GCM before being stored in our database. Encryption keys are stored in the iOS Keychain and never leave your device.

• ✓ AES-256-GCM client-side encryption for sensitive fields
• ✓ Database-level encryption at rest for all stored data
• ✓ Encryption keys stored in iOS Keychain with device-only access

Stripe-Powered Payments

All payment processing is handled by Stripe, one of the world's most trusted payment processors. Stripe is PCI-DSS Level 1 certified — the highest level of security certification in the payments industry.

• ✓ We never see, store, or have access to your full card number
• ✓ Card details go directly to Stripe's secure servers
• ✓ Consultant payouts processed directly to verified bank accounts

Server-Side Billing

Call billing is enforced entirely on our servers. Start times, end times, and billing calculations happen server-side — not on your device. This prevents any manipulation of call duration or billing amounts.

• ✓ Call timestamps set by server, not client devices
• ✓ Billing calculations performed server-side
• ✓ Wallet balance changes require server authorization

Role-Based Permissions

Private Line enforces strict access controls at the database level. Every read and write operation is checked against security rules that verify your identity and role.

• ✓ Messages are only accessible to conversation participants
• ✓ Financial data is read-only for users — changes require server authorization
• ✓ Privilege escalation prevention — users cannot grant themselves elevated access
• ✓ Admin accounts protected with two-factor authentication

Invitation-Only Network

Private Line is not a marketplace. There are no public profiles and no public directory. Clients connect with consultants exclusively through private invitation links or QR codes. Your network is yours.

Your Data, Your Control

We believe your data belongs to you. Private Line is designed with privacy at its core.

• ✓ No data selling. We never sell your personal information to third parties.
• ✓ No tracking. We don't track you across other apps or websites.
• ✓ Account deletion. You can delete your account at any time, and we'll remove your personal data.
• ✓ Minimal collection. We only collect information necessary to provide the service.

Video Call Privacy

Video calls are transmitted in real-time and are not recorded or stored by Private Line. Once a call ends, the audio and video content is gone. Only metadata (duration, timestamp, participants) is retained for billing purposes.

GDPR Compliance

Private Line supports your rights under data protection regulations:

• ✓ Right to Access: Request a copy of your data
• ✓ Right to Rectification: Update or correct your information
• ✓ Right to Erasure: Delete your account and personal data
• ✓ Right to Portability: Request your data in a portable format

HIPAA-Aligned for Healthcare

Private Line is designed to support HIPAA-aligned communications for healthcare professionals using the platform for telehealth consultations, messaging, and scheduling. When healthcare providers use Private Line, certain communications may constitute Protected Health Information (PHI).

PHI Safeguards

Private Line implements technical and administrative safeguards for Protected Health Information:

• ✓ Encryption at Rest: AES-256-GCM encryption for sensitive data before storage
• ✓ Encryption in Transit: TLS 1.2+ for all data transmissions
• ✓ Audit Logging: Immutable audit trail for all PHI access, retained for a minimum of six years
• ✓ Automatic Session Timeout: Sessions terminated after 15 minutes of inactivity
• ✓ Breach Detection: Automated monitoring for suspicious access patterns and potential data breaches
• ✓ Access Controls: Role-based permissions ensuring only authorized users can access PHI

Business Associate Agreement

Healthcare providers and covered entities who use Private Line to transmit, store, or process PHI can complete BAA acceptance and HIPAA training directly in the app (Settings → Security & Privacy → HIPAA Compliance).

For BAA requests or compliance inquiries, contact hipaa@privateline.to.

For full details on PHI handling and your rights under HIPAA, see Section 8 of our Privacy Policy.

Trusted Partners

We build on industry-leading infrastructure providers with their own rigorous security certifications: