LineUp

Trust

Security & Trust Overview

Last updated: April 20, 2026

This document explains how LineUp protects the data and systems entrusted to it by Tenant organizations. It is written for both business and technical stakeholders and is intended to give a clear, honest picture of how we approach security.

Our Approach to Security

Security is foundational to LineUp — not an afterthought. As a platform handling customer service flows for organizations across multiple sectors, we recognize that the data we process belongs to our Tenants and their customers. Our responsibility is to protect it with appropriate technical controls, transparent practices, and prompt response when things go wrong.

Multi-Tenant Isolation

LineUp is built on a strictly isolated multi-tenant architecture. This means:

  • Every Tenant organization operates in its own logically separated environment
  • No Tenant can access, view, or query data belonging to any other Tenant — by design, not just by policy
  • Tenant data is segregated at the application layer and enforced at the database level
  • LineUp's internal Platform Owner role has controlled, audited administrative access for support purposes only

This architecture is not configurable or bypassable. It is a structural property of how the Platform is built.

Role-Based Access Control (RBAC)

Within each Tenant organization, access is managed through Role-Based Access Control. This means:

  • Every staff user is assigned a role that defines exactly what they can see and do
  • Users cannot access resources or data outside the scope of their assigned role
  • Roles are managed by Tenant administrators — LineUp does not define business roles for Tenants
  • Access can be revoked immediately by a Tenant administrator when a staff member changes role or leaves

RBAC is enforced server-side on every API request. It cannot be bypassed by modifying client-side state.

Authentication and Session Security

  • All staff accounts support Multi-Factor Authentication (MFA)
  • Passwords are stored using industry-standard hashing (never in plain text)
  • Sessions have automatic expiry to limit exposure from unattended or abandoned sessions
  • Authentication events are logged and attributable to individual users

Encryption

  • All data in transit between clients and LineUp servers is encrypted using TLS 1.2 or higher
  • Data at rest is encrypted on LineUp's hosting infrastructure
  • Encryption keys are managed by the infrastructure provider and not accessible to application-level code

Audit Logging

LineUp maintains comprehensive audit logs that record:

  • All user actions: logins, data access, modifications, deletions
  • System events: configuration changes, role assignments, session activity
  • Timestamps and the identity of the actor for every logged event

Audit logs are immutable within the application — users cannot delete or modify their own audit trail. Logs are retained for a minimum of 12 months and are accessible to Tenant administrators within their own scope.

Communications Security

SMS notifications are delivered via Twilio (or an equivalent enterprise SMS gateway). Email notifications are delivered via Resend or an equivalent provider. Both services are contracted under data processing terms consistent with this platform's privacy obligations. Message content is logged within the Platform's audit trail.

Incident Response

LineUp maintains an internal incident response process covering:

  • Detection: monitoring and alerting for anomalous activity, failed authentication attempts, and system errors
  • Containment: isolating affected systems or accounts as quickly as possible upon detection
  • Notification: informing affected Tenant organizations within 72 hours of a confirmed breach involving their data
  • Remediation: identifying root cause, applying fixes, and reviewing controls to prevent recurrence

We believe in transparent communication during security events. We will not obscure the nature or scope of an incident from affected Tenants.

Infrastructure

LineUp is hosted on cloud infrastructure from a reputable provider with industry-standard physical and network security practices. Planned maintenance is communicated to Tenants in advance. We target 99.9% monthly uptime for the Platform.

Questions and Security Disclosures

If you have a security concern, a vulnerability to report, or questions about our security practices, contact us at: security@cybersafehills.com

We take all security reports seriously and will acknowledge receipt within one business day.