Trust & Security

How we protect your data and your reporters.

We don't hide behind badges. Here's exactly how MyHotline keeps case data and reporter identities safe, most of it without talking to us. Last updated: June 2026.

Security at a glance

The controls that protect every case.

πŸ”

Encryption

Encrypted in transit and at rest, end to end.

πŸ‡ΊπŸ‡Έ

US data residency

Data at rest in the US, AWS us-east-2 (Ohio), with US-region compute.

⛉

Row-level security

Database-enforced tenant isolation plus per-case access enforcement.

πŸ•΅

Reporter anonymity

No IP or phone stored for anonymous reports; identity sealed, break-glass only.

πŸ“œ

Immutable audit log

Every action recorded in a log that can't be quietly altered.

πŸ”Ž

Least-privilege access

Role-based access so people see only the cases they should.

How we think about trust

Transparency over badges.

Anyone can buy a logo for a footer. We'd rather show our work: publish the actual controls and the complete list of subprocessors that touch data, so your security team can verify rather than take our word. If your questionnaire asks about certifications, we answer it honestly; we just don't market a status we don't have.

Subprocessors & documents

The full list, and the paperwork.

Enter a work email to unlock our live subprocessor list and security documents. Unlocks instantly.

View our subprocessor list & security documents

Enter your work email to unlock the subprocessor list, DPA, data-flow diagram, and our completed security questionnaire. Unlocks instantly.

We'll only use it to follow up about your evaluation. No spam.

Stay informed

Questions, disclosures, and change notices.

For security questions or to report a vulnerability, contact security@myhotline.ai. We offer advance notice of new subprocessors; ask to subscribe.