Trust
Security & Privacy
Dispatchers tell us things they haven't told anyone else. This page explains, in plain language, what happens to that information.
Last reviewed: July 2026
What we collect
| When you… | We receive |
|---|---|
| Submit a contact, award, or scholarship form | What you typed into that form, and the date you sent it. |
| Sign up for the newsletter | Your email address. |
| Create an account in The Line | Your email address, and the content of the peer-support messages you write. |
| Donate | Nothing. Payments are processed by Zeffy. We never see or store your card number. |
We do not sell, rent, or trade any of it. We do not run advertising trackers on this site.
Who can see it
Access is by role, not by job title, and it is enforced by the database itself rather than by the screen you happen to be looking at. Turning off a button in a web page is not security; refusing the request at the data layer is.
| Role | Can |
|---|---|
| Owner | Everything. Can only be assigned directly in the database, never through the website. |
| Admin | Read and work submissions; add, remove, and change staff. |
| Editor | Read and work submissions and site content. Cannot change who has access. |
| Viewer | Read only. |
Peer-support conversations are separate and stricter: a person who reaches out can see their own thread and nothing else. Staff cannot browse other people's private messages at will.
How it is protected
- Encrypted in transit. Every page and every form submission travels over HTTPS.
- Encrypted at rest. The database is encrypted on disk by our hosting provider.
- Two-factor authentication. Staff who manage access must confirm a code from their phone in addition to their password. A stolen password alone is not enough.
- Row-level security. Every table refuses reads and writes it has not been explicitly told to allow — the default is "no."
- A permanent audit trail. Every staff addition, removal, and role change is written to a log that no one — including the owner — can edit or delete.
- Automatic sign-out. An idle staff session ends by itself after 30 minutes.
- Continuous backups. The database is backed up by our hosting provider, with write-ahead logging so recent changes can be recovered, not just the last snapshot.
Where it lives
The website is hosted by Netlify. The database and staff accounts are hosted by Supabase. Donations are handled by Zeffy, email by Google Workspace. Each of these companies processes data on our behalf under their own security commitments; we do not grant them permission to use your information for their own purposes.
How long we keep it
Form submissions are kept as long as they are useful to the work — typically the life of the program they relate to. Peer-support accounts and messages are deleted on request. You can ask us to delete anything you have sent us, at any time, and we will.
Your choices
- Ask what we hold about you.
- Ask us to correct it.
- Ask us to delete it. For The Line, you can also use our account deletion page.
- Unsubscribe from any email we send, using the link in that email.
If something goes wrong
If we ever discover that information was exposed, we will say so — directly to the people affected, promptly, and without waiting to be asked. We would rather deliver bad news than let you learn it from someone else.
Reporting a vulnerability
If you have found a security problem with this site, please tell us before telling anyone else. Email john@goldlinesupport.com with enough detail to reproduce it. We will not pursue legal action against anyone who reports a flaw in good faith, gives us reasonable time to fix it, and does not access or alter other people's data in the process.
Questions
Email john@goldlinesupport.com. A person reads it.
This page describes our practices as of the date above and is provided for general informational purposes. It is not a contract and is not legal advice.