Throughline runs the heart of a contractor's business — customers, contracts, money. Here's how that data is protected, in plain language.
Throughline is multi-tenant, but every workspace is walled off at the database level with row-level security. A query can only ever return rows that belong to your company — isolation is enforced by the database itself, not just by application code.
Card payments — both your subscription and the invoices your customers pay — are processed by Stripe. Card numbers never touch our servers and are never stored by us, so the most sensitive data stays inside a PCI-compliant processor.
Every connection to Throughline and its API is served over HTTPS/TLS. Data moving between your browser, our functions, and the database is encrypted on the wire.
The app in your browser only ever holds a publishable, read-scoped key — it can't bypass your workspace's security rules. Privileged operations run server-side with credentials that are never exposed to the client.
Your customers, deals, jobs, and invoices are yours. You can export your data, and closing your account doesn't hold it hostage.
Data lives in managed Postgres with automated backups, and the application is served from a hardened, continuously deployed hosting platform — so you're not depending on a server in someone's closet.
Found something that looks off? Tell us through the contact form and we'll take it seriously and respond quickly.
Throughline is operated by Lane Compliance Systems. This page describes how the product is built today; it isn't a contract or a certification claim. For specific compliance or data-processing questions, get in touch.