Hearline inherits battle-tested security certifications from every layer of our stack. SOC 2 Type II at the voice layer, the auth layer, the database layer, and everywhere in between.
We do not build our own security infrastructure from scratch. We stand on the shoulders of providers that have already done the hard work, paid for the audits, and publish their reports publicly.
Vapi
Voice AI processing and call handling
Every call Hearline handles flows through Vapi. They are SOC 2 Type II certified and HIPAA compliant, with end-to-end encryption and optional private VPC deployments for enterprise workloads.
View Vapi Trust CenterClerk
Customer authentication and session management
Every Hearline account login runs through Clerk. They are SOC 2 Type II certified, conduct regular penetration tests, and offer GDPR and CCPA compliance with breached-password detection baked in.
View Clerk SOC 2 AnnouncementSupabase
Customer data storage and real-time queries
All lead data, call logs, appointment records, and account settings live in Supabase. Row-level security (RLS) is enabled on every table so no tenant can ever read another tenant's data.
View Supabase Security PageTwilio
Phone number provisioning and SMS delivery
Every Hearline phone number is provisioned via Twilio. They hold SOC 2 Type II, ISO 27001, and ISO 27018 certifications. HIPAA-eligible products are available with a signed BAA on enterprise plans.
View Twilio Security PageStripe
Payment processing and subscription billing
Hearline never touches your raw card data. Stripe processes all payments as a PCI-DSS Level 1 certified service provider, the highest certification in the payment industry, covering 100B+ dollars in transactions yearly.
View Stripe Security DocsResend
Transactional emails and drip sequences
All Hearline transactional emails (booking confirmations, summaries, receipts) are delivered via Resend. They are SOC 2 Type II certified, with TLS 1.3 in transit and AES-256 at rest on all datastores.
View Resend Security PageVercel
Dashboard hosting and edge delivery
The Hearline customer dashboard (app.gethearline.com) runs on Vercel. They are SOC 2 Type II certified with automatic HTTPS, DDoS mitigation, and global edge network distribution.
View Vercel Security PageInherited certs cover the infrastructure layer. Here is what Hearline adds on top of them.
Encryption in transit and at rest
All data is encrypted with TLS 1.3 or higher in transit. At rest, Supabase enforces AES-256 encryption on every row. Call recordings are stored encrypted and scoped to the recording tenant only.
Tenant isolation by design
Every customer's data is scoped by a unique client_id with Supabase Row Level Security enforced at the database layer. No application code can read or write across tenant boundaries, even if a bug exists in a route.
Settings change history
All changes to your AI receptionist's settings, greeting, hours, services, and team members flow through authenticated API routes tied to your account. Detailed audit logging is on our roadmap; contact us if you need change records for a specific date range.
Customer-controlled data deletion
You own your data. Submit a deletion request to [email protected] and we will purge all call logs, lead records, and personal data within 30 days, with written confirmation when complete.
Sub-processor transparency
We publish a complete list of every third-party vendor that processes Hearline data, what they have access to, and where they operate. Updated whenever a new vendor is added or removed.
View sub-processor listPrivacy policy
Our privacy policy covers what data we collect, how we use it, how long we keep it, and the rights you and your customers have under CCPA and GDPR.
Read our privacy policyEvery production system eventually has an incident. What separates trustworthy providers is how fast they detect it, how honestly they communicate it, and what they do to prevent it from happening again.
Production monitoring
We monitor production with Sentry alerting and uptime checks. Anomalies that affect call handling or data availability trigger immediate automated alerts to the on-call team.
Customer notification
Any incident that impacts your business or your customers' data is disclosed within 24 hours via email. We tell you what happened, what data was affected, and what we have done to fix it.
Status page
Service health and ongoing incidents are published at status.gethearline.com. You can subscribe to email or SMS alerts for any degradation or outage affecting your account.
We are a young company. Here is what we are working toward and when to expect it.
If you are evaluating Hearline for an enterprise deployment or have requirements not covered on this page, reach out directly. We respond within one business day.
Email [email protected]