Skip to content

Security Overview

Hardline is designed for construction teams that need project documentation from calls and jobsite conversations without creating unnecessary operational friction.

This page summarizes Hardline’s customer-facing security posture. It intentionally does not publish internal incident response runbooks, disaster recovery procedures, infrastructure findings, or confidential assessment details.

  • Data is encrypted in transit using HTTPS/TLS.
  • Stored customer data is encrypted at rest in managed cloud infrastructure.
  • Access to customer data is limited by authentication, authorization, and least-privilege internal access practices.
  • Secrets and API keys are stored outside source code.
  • Customers retain ownership of their data.
  • Hardline does not sell customer data.
  • Hardline does not use customer data to train public third-party AI models.

Hardline may process:

  • User account information, such as name, email address, and phone number
  • Call metadata, such as date, duration, participants, and routing details
  • AI-generated summaries, tasks, and project records
  • On-site Capture recordings and transcripts when a user starts a capture session
  • Phone call audio only when audio storage is enabled by the customer
  • Integration data needed to sync with connected construction systems

Hardline uses role-based access controls so users can access data appropriate to their organization role and permissions. Administrative access is limited to authorized personnel and reviewed as part of internal security practices.

Hardline maintains internal policies for risk management, data handling, vendor review, vulnerability disclosure, incident response, and disaster recovery. Public docs summarize the customer-facing commitments from those policies without exposing internal procedures.

For security questions, contact:

security@hardlineapp.com