Privacy Policy

Last updated: February 17, 2026

1. Introduction

Private Line ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services (collectively, the "Service").

By using Private Line, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Profile photo (optional)
  • User type (consultant or client)
  • Professional information (specialty, rates, availability)

2.2 Payment Information

To process payments, we collect:

  • Payment method details (processed securely through Stripe)
  • Billing information
  • Transaction history and payment records

Note: We do not store your full payment card details. All payment processing is handled by Stripe, a PCI-compliant payment processor.

2.3 Usage Data

We automatically collect information about how you use the Service:

  • Video call duration and timestamps
  • Messages and timestamps
  • Appointment bookings and schedules
  • App features accessed and usage patterns
  • Device information (device type, operating system, app version)

2.4 Communication Data

When you use our Service, we collect:

  • Video call content (transmitted through Agora, not stored by us)
  • Messages (stored to maintain conversation history)
  • Appointment requests and confirmations

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process payments and manage financial transactions
  • Facilitate video calls and messaging
  • Schedule and manage appointments
  • Send you notifications about your account and appointments
  • Respond to your inquiries and provide customer support
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our terms of service

4. Third-Party Services

We use the following third-party services that may collect and process your information:

4.1 Firebase (Google)

We use Firebase for:

  • User authentication and account management
  • Cloud database (Firestore) to store user data and messages
  • Cloud Storage for profile photos
  • Push notifications (Firebase Cloud Messaging)

Firebase's privacy policy: https://firebase.google.com/support/privacy

4.2 Stripe

We use Stripe for:

  • Payment processing and transaction management
  • Storing payment method information (encrypted and PCI-compliant)
  • Processing payouts to consultants

Stripe's privacy policy: https://stripe.com/privacy

4.3 Agora

We use Agora for:

  • Real-time video and audio communication
  • Video call infrastructure and quality management

Agora's privacy policy: https://www.agora.io/en/privacy-policy/

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encryption in transit (HTTPS/TLS) for all data transmission
  • Encryption at rest for sensitive data stored in our databases
  • Secure authentication and authorization mechanisms
  • Regular security assessments and updates
  • Access controls limiting data access to authorized personnel only

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide our Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal or regulatory purposes.

7. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Portability: Request transfer of your data to another service
  • Opt-out: Unsubscribe from marketing communications (if applicable)

To exercise these rights, please contact us at support@privateline.to.

8. HIPAA Compliance

Private Line is designed to support HIPAA-compliant communications for healthcare professionals and covered entities. When healthcare providers use our platform, certain communications may constitute Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

8.1 Health Data and PHI

When consultants use Private Line for healthcare-related consultations (e.g., telehealth, therapy, medical advice), the content of communications—including messages, video calls, and appointment notes—may constitute Protected Health Information (PHI). We do not sell PHI or use it for marketing. PHI is only shared with service providers (e.g., cloud infrastructure, payment processing, video infrastructure) that are bound by contractual obligations (Business Associate Agreements where required) and only to provide the Service.

8.2 Business Associate Agreement

Healthcare providers and covered entities who use Private Line to transmit, store, or process PHI must enter into a Business Associate Agreement (BAA) with Private Line before using the platform for healthcare-related communications. Consultants can complete BAA acceptance and HIPAA training in the app (Settings → Security & Privacy → HIPAA Compliance). To request a BAA or for compliance inquiries, contact hipaa@privateline.to.

8.3 PHI Safeguards

Private Line implements the following safeguards for PHI:

  • Encryption at Rest: All PHI is encrypted using AES-256-GCM before storage.
  • Encryption in Transit: All data transmissions use TLS 1.2 or higher. Video calls use AES-256-XTS media encryption.
  • Access Controls: Role-based access controls ensure only authorized users can access PHI.
  • Audit Logging: All access to PHI is logged in an immutable audit trail maintained for a minimum of six (6) years.
  • Automatic Session Timeout: Sessions are automatically terminated after 15 minutes of inactivity.
  • Breach Detection: Automated systems monitor for suspicious access patterns and potential data breaches.

8.4 Your Rights Under HIPAA

If you are a patient or individual whose PHI is processed through Private Line, you have the right to:

  • Request access to your PHI
  • Request amendment of your PHI
  • Request an accounting of disclosures of your PHI
  • Request restrictions on certain uses and disclosures
  • Request confidential communications
  • File a complaint with us or the U.S. Department of Health and Human Services

To exercise any of these rights, contact our Privacy Officer at hipaa@privateline.to.

8.5 Breach Notification

In the event of a breach of unsecured PHI, Private Line will notify affected individuals, the U.S. Department of Health and Human Services, and, where required, the media, in accordance with 45 CFR 164.400-414. Notifications will be made without unreasonable delay and no later than 60 calendar days after discovery of the breach.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us: