Security Overview

• Encrypted transport (HTTPS/TLS) for web and API traffic.
• Authentication and access control via Firebase Auth.
• Role-based access patterns for business workspaces.
• Subscription-gated sending and logging for operational control.
• Centralized cloud infrastructure (Google Firebase / Google Cloud).
• Third-party delivery providers (SendGrid/Twilio) for messaging.

For security questionnaires, email security@directline.solutions.

Access control

• Account access is authenticated; sensitive operations require valid identity tokens.
• Business data is scoped by business workspace and access permissions.

Data protection

• Encryption in transit for all standard web/API traffic.
• Cloud provider security controls and managed services used for storage and auth.

Operational safeguards

• Sending can be gated by subscription status to reduce abuse and cost runaway.
• Message delivery events are logged for troubleshooting and auditing.
• Unsubscribe functionality supported for compliant outreach.

Vulnerability reporting

If you believe you've found a vulnerability, report it to security@directline.solutions. Please do not publicly disclose without giving us time to investigate and remediate.