Data Security
2016.09.29
[Added on 2017/9/13] This page is outdated, and is only left for archival purposes. Latest page is [here].
To protect information received from users, LINE has implemented all conceivable measures including deployment of advanced encryption technology, use of data centers with the world's top-level security facilities, etc.
Personal data management
Services provided by LINE will not be released through assessment by its legal affairs and personal data protection divisions. Rather, the division in charge of personal data protection conducts reviews and inspections from the standpoints of minimum personal information collection and of suitability in the objectives of use, acquisition process, encryption and storage periods for important data, access control, etc., as well as issues improvement instructions when necessary. Of the many LINE data centers located around the world, the principal servers are concentrated in data centers in Japan, and personal data is controlled under Japanese laws.
Encryption
[Added on 2017/9/13]
The information in this section is outdated. In addition, some of the statements below use incorrect terminology, and may not describe the current situation accurately. At the time of original publishing, some LINE messages types, in some usage environments (depending on OS, region, type of connectivity, etc.) were not completely encrypted. For details please see the [Encryption Report].
LINE employs transport encryption for all wireless traffic (both Wi-Fi and 3G/LTE) between mobile LINE clients and our servers. Additionally, user attributes designated by LINE as important personal information (telephone numbers, email addresses, passwords, etc.) are encrypted in storage, and personal information management procedures are inspected on a regular basis.
Messaging traffic between LINE clients and our servers is protected with forward-secure transport encryption. Both text messages and media streams in VoIP calls are encrypted using LINE's Letter Sealing end-to-end encryption (E2EE). Letter Sealing guarantees that neither third parties, nor LINE Corporation can decrypt private calls and messages; they can only be decrypted by the intended recipient.
Both transport encryption and Letter Sealing employ widely-accepted and standard encryption algorithms. If you are interested in the technical details of the protocols that enable Letter Sealing, you can download our encryption whitepaper.
Rigid access control
LINE servers that store its data are managed at data centers with the latest security facilities. They have 24/7 surveillance by full-time security personnel, access control with IC cards and biometrics, monitoring with surveillance cameras, etc. Rigid access control is being implemented at the data centers, allowing access by only a very limited number of LINE personnel. Access is not granted even to the LINE CEO unless advance permission is granted based on justifiable reasons.
Surveillance and vulnerability inspections
The LINE data center is under physical and logistical surveillance by a security team dedicated to this function on a 24/7 basis. The team monitors network traffic around-the-clock, conducting analyses of all events that have the potential of threatening LINE security. Trained personnel take immediate action when necessary. To bolster LINE security further, penetration tests (simulated hacking tests) are conducted by the security team and outside businesses to implement preventive measures against unauthorized access of both internal and external origins.
Disposal
Personal information gathered by LINE is deleted in compliance with internal regulations with the realization of the objectives of use stated explicitly in its privacy policy, such as in cases of membership withdrawal. Deletion is executed in non-decodable methods. In cases of server disposal, the servers are physically destroyed within the disposal Internet Data Center (“IDC ”) for final disposal in a state in which data recovery is rendered impossible.