Effective date: 6 March 2026
1. Introduction
Line ("we", "us", "our") provides a cloud-based business phone system that lets organisations send and receive SMS/MMS messages and voice calls using UK phone numbers (the "Service"). This Privacy Policy explains how we collect, use, store, share, and protect personal data when you visit our website at https://useline.io or use the Service.
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the EU General Data Protection Regulation (EU GDPR), and the Privacy and Electronic Communications Regulations (PECR).
2. Data Controller
Line is the data controller for personal data we collect about you as a user of our website and Service. For personal data processed on behalf of our business customers (e.g. their contacts' phone numbers and messages), we act as a data processor on the customer's behalf.
Contact us at hello@useline.io for any data protection enquiries.
3. Personal Data We Collect
3.1 Account and Organisation Data
When you sign up and use the Service, we collect:
- Full name and email address (via your authentication provider)
- Organisation name and business website
- Team membership details (role, invitation status)
- Billing and subscription information (processed by Stripe; we do not store full payment card details)
3.2 Communications Data
When you or your contacts use the Service, we process the following on your behalf:
- SMS/MMS message content — the body text of messages sent and received
- Message metadata — sender and recipient phone numbers, timestamps, delivery status, and message direction
- Voice call metadata — caller and recipient numbers, call duration, timestamps, and call status
- Voicemail recordings and transcriptions — audio files and generated text of voicemail messages
- Contact information — phone numbers, display names, company names, and notes stored by your organisation
3.3 Technical and Usage Data
- IP address, browser type, device information, and operating system
- Pages visited, features used, and interaction patterns
- Cookies and similar tracking technologies (see Section 10)
3.4 Data We Do Not Collect
We do not knowingly collect special category data (e.g. health, biometric, or political data). We do not sell personal data to third parties.
4. Lawful Basis for Processing
We process personal data under the following lawful bases as defined by Article 6 of the UK GDPR and EU GDPR:
| Purpose | Lawful Basis |
|---|---|
| Providing and operating the Service | Performance of a contract (Art. 6(1)(b)) |
| Processing communications on behalf of customers | Performance of a contract (Art. 6(1)(b)) |
| Billing and payment processing | Performance of a contract (Art. 6(1)(b)) |
| Preventing fraud, abuse, and enforcing acceptable use | Legitimate interests (Art. 6(1)(f)) |
| Product analytics and service improvement | Legitimate interests (Art. 6(1)(f)) |
| Service-related communications (e.g. outage notices) | Legitimate interests (Art. 6(1)(f)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
5. How We Use Your Data
We use personal data to:
- Provide, maintain, and improve the Service
- Route SMS/MMS messages and voice calls between your organisation and your contacts
- Display conversation history and contact records within the Service
- Process payments and manage subscriptions via Stripe
- Send transactional emails (account verification, billing receipts, service alerts)
- Detect and prevent fraud, spam, and abuse
- Enforce our Terms of Service, Acceptable Use Policy, and SMS Policy
- Comply with applicable laws and regulations
6. Data Sharing and Third-Party Processors
We share personal data only where necessary to operate the Service or comply with the law. We do not sell your data.
| Sub-processor | Purpose | Data Shared | Location |
|---|---|---|---|
| Twilio | SMS/MMS delivery and voice call routing | Phone numbers, message content, call metadata | US (with EU/UK SCCs) |
| Supabase | Database hosting and authentication | Account data, communications data | EU |
| Stripe | Payment processing and billing | Name, email, payment details | US (with EU/UK SCCs) |
| Vercel | Application hosting | IP addresses, request metadata | Global (with EU/UK SCCs) |
| Meta Platforms | Business messaging integration (where enabled) | Message content, sender/recipient identifiers | US (with EU/UK SCCs) |
All sub-processors are bound by data processing agreements that require them to protect personal data to standards equivalent to those required by UK GDPR and EU GDPR. Where data is transferred outside the UK or EEA, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms.
We may also disclose personal data to law enforcement or regulatory authorities when required by law or to protect the rights, safety, or property of Line, our users, or the public.
7. International Data Transfers
Some of our sub-processors operate outside the UK and European Economic Area. When personal data is transferred internationally, we ensure appropriate safeguards are in place, including:
- EU and UK Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner's Office (ICO)
- Adequacy decisions where applicable
- Supplementary technical and organisational measures where required following transfer impact assessments
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:
| Data Type | Retention Period |
|---|---|
| Account and organisation data | Duration of the account plus 30 days after deletion |
| SMS/MMS message content and metadata | Duration of the account; deleted within 30 days of account closure |
| Voice call metadata | Duration of the account plus 30 days |
| Voicemail recordings | Duration of the account plus 30 days |
| Billing records | 7 years (UK legal requirement) |
| Server logs and technical data | 90 days |
When a customer deletes their account, we delete or anonymise all associated personal data within the retention periods above, unless a longer retention period is required by law.
9. Your Rights
Under UK GDPR and EU GDPR, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate or incomplete data
- Right to erasure — request deletion of your personal data ("right to be forgotten")
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time
- Right to lodge a complaint — you may complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or your local EU supervisory authority
To exercise any of these rights, contact us at hello@useline.io. We will respond within one month, as required by law.
10. Cookies and Tracking Technologies
We use the following categories of cookies:
- Strictly necessary cookies — required for authentication, security, and core Service functionality. These cannot be disabled.
- Analytics cookies — help us understand how visitors use our website so we can improve it. These are only set with your consent.
We do not use advertising or third-party tracking cookies. You can manage cookie preferences through your browser settings.
11. Data Security
We implement appropriate technical and organisational measures to protect personal data, including:
- Encryption of data in transit (TLS) and at rest
- Access controls and role-based permissions
- Regular security reviews and vulnerability assessments
- Secure authentication via third-party identity providers
- Row-level security policies on database tables to isolate organisation data
While we take all reasonable precautions, no method of transmission or storage is 100% secure. If you become aware of a security vulnerability, please contact us immediately at hello@useline.io.
12. Data Processing on Behalf of Customers
When our business customers use the Service to communicate with their contacts (end users), Line acts as a data processor. The customer is the data controller and is responsible for:
- Ensuring they have a lawful basis to send messages and make calls to their contacts
- Providing their own privacy notice to their contacts
- Responding to data subject requests from their contacts (we will assist as required)
- Complying with opt-out and consent requirements
We process such data only on the customer's documented instructions and in accordance with our Data Processing Agreement, available on request.
13. Children's Privacy
The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
14. Third-Party Platform Requirements
Where the Service integrates with third-party platforms (such as Meta Business Messaging), we adhere to the data use and privacy requirements of those platforms. This includes:
- Using platform data only to provide and improve the Service, not for independent advertising or data monetisation
- Deleting platform data upon request from the platform or the end user
- Implementing the technical and organisational security measures required by the platform
- Not transferring platform data to third parties except as necessary to provide the Service and as permitted by the platform's terms
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect. The "Effective date" at the top of this page indicates when the policy was last revised.
16. Contact Us
If you have any questions about this Privacy Policy, your personal data, or wish to exercise your data protection rights, please contact us:
- Email: hello@useline.io
- Website: https://useline.io
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, or with your local data protection authority if you are in the EU.