Trust & Security
Security at Hive Line
We handle live customer conversations on behalf of businesses. Protecting that data is the foundation of our product. This page summarizes our current security posture and the controls we operate.
Encryption
All traffic to Hive Line is served over HTTPS (TLS 1.2+). Data at rest — including call recordings, transcripts and account data — is encrypted using AES-256 on managed cloud storage.
EU data residency
Primary databases and storage for European customers are hosted in EU regions. Sub-processors and transfer mechanisms are listed on our sub-processors page.
Access controls
Role-based access on every workspace, least-privilege internal access, audited admin actions, mandatory MFA for all staff with production access, and short-lived OAuth tokens for Google Workspace integrations.
Account protection
Passwords are checked against the Have I Been Pwned breach database at signup and on change. We support Sign in with Google and Sign in with Apple. Self-serve account & data deletion is available in Settings → Privacy & Data.
Compliance posture
GDPR-aligned processing with a published DPA, sub-processor list, AI & recording disclosures and a documented retention schedule. SOC 2 / ISO 27001 are on our roadmap; we do not currently claim either certification.
Responsible disclosure
Found a vulnerability? Please email security@hiveline.live with reproduction steps. We aim to acknowledge within 2 business days and will not pursue legal action against good-faith research.
Related policies
Last reviewed: June 2026. Questions? Contact security@hiveline.live.