Privacy Policy

1. Introduction

DirectLine.Solutions (“DirectLine,” “we,” “our,” “us”) provides a subscription-based platform that enables businesses to send compliant email, SMS, and MMS communications to customers who have provided consent. This Privacy Policy describes how we collect, use, disclose, and protect personal data when you use our website or platform.

2. Scope

This policy applies to:

• Business account users who access the DirectLine platform.
• End customers whose data is uploaded/collected by businesses using DirectLine.
• Visitors to directline.solutions and related web pages.

3. Roles: Controller vs Processor

In most cases, businesses using DirectLine determine what customer data is collected and who receives communications. In those cases:

• The business is the Data Controller.
• DirectLine is the Data Processor, processing data only to provide the service.

For website-only data (e.g., visitors to directline.solutions), DirectLine is the Data Controller.

4. Data We Collect

We may collect the following categories of personal data:

• Business account data: name, email, authentication identifiers, business details.
• Customer contact data (provided by businesses): email address, phone number, consent and preference metadata.
• Campaign data: message content, subject lines, images used in campaigns, send and delivery logs.
• Engagement data: delivery status, opens, clicks, unsubscribe events (where enabled).
• Website/device data: IP address, browser/device type, basic security and analytics signals.

5. How We Use Data

• Provide and operate the platform (authentication, campaign creation, delivery, reporting).
• Process subscriptions and payments.
• Deliver email/SMS/MMS via third-party messaging providers.
• Maintain compliance features such as consent flags and unsubscribe handling.
• Detect and prevent fraud, abuse, and security incidents.
• Improve performance, reliability, and user experience.

6. Legal Bases (GDPR / UK GDPR)

Where applicable, DirectLine processes personal data under one or more of the following legal bases:

• Contractual necessity: to provide the service to business customers.
• Legitimate interests: to secure, maintain, and improve the platform.
• Consent: where required for certain communications and tracking.
• Legal obligation: to comply with applicable laws and lawful requests.

Businesses are responsible for obtaining valid consent from end customers before sending marketing communications.

7. Sharing & Subprocessors

We share personal data with service providers (“subprocessors”) only as needed to operate DirectLine:

• Stripe: payment processing and subscription management.
• SendGrid: email delivery.
• Twilio: SMS/MMS delivery.
• Google Firebase / Google Cloud: authentication, storage, database, and infrastructure.
• AI processing services (where enabled) for image analysis/enhancement.

We do not sell personal data. We do not share personal data for third-party advertising.

8. AI Image Processing

If a business uses AI features, images may be uploaded and processed to generate improved campaign images or analysis. We process images solely to provide the feature, and we do not sell uploaded images or reuse them for unrelated purposes.

9. International Transfers

DirectLine operates globally. Personal data may be processed in jurisdictions where we and our subprocessors operate (including the United States). Where required, we use lawful transfer mechanisms (such as Standard Contractual Clauses) and apply appropriate safeguards.

10. Data Retention

We retain personal data only as long as necessary to provide the service, meet contractual obligations, comply with legal requirements, and maintain reasonable compliance and security logs. Retention periods may vary by data type and customer configuration.

11. Security

We use technical and organizational safeguards designed to protect personal data, including encryption in transit, access controls, and monitoring. No security program can guarantee complete protection.

12. Messaging Compliance

DirectLine provides tools to support compliance with global messaging laws (including CAN-SPAM, TCPA, CASL, and similar regimes), such as unsubscribe controls and consent metadata. Businesses remain responsible for ensuring lawful collection and use of customer contact data and ensuring the content and sending of messages complies with applicable law.

13. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, object to processing, or request portability of your personal data. If you are an end customer receiving messages from a business, you should also contact that business directly (as Controller).

Requests can be sent to privacy@directline.solutions.

14. California Notice (CCPA/CPRA)

DirectLine does not sell personal data. California residents may request disclosure, deletion, and correction, subject to applicable exceptions. We do not discriminate against individuals for exercising privacy rights.

15. Children

DirectLine is not intended for children under 18, and we do not knowingly collect children’s personal data.

16. Changes

We may update this Privacy Policy periodically. We will post the updated version on this page and revise the Effective Date.

17. Contact

Email: privacy@directline.solutions