HaubanHauban
PrivacyTerms
← Back to hauban.io

Privacy Policy

How Hauban collects, uses and protects your data.

Last updated: March 5, 2025

🇫🇷Une version française de cette politique est disponible sur simple demande à contact@hauban.io.

1. Who We Are

Hauban is an IT governance SaaS platform operated by Hauban SAS, headquartered in France. The platform is accessible at app.hauban.io and via a browser extension distributed on the Chrome Web Store.

For any privacy-related inquiry: privacy@hauban.io

2. Data We Collect

2.1 Hauban Web Platform

  • Account data: name, professional email address, organization name.
  • Authentication credentials: passwords (hashed with Argon2id — never stored in plain text), session tokens.
  • Application catalog data: tool names, URLs, categories, license information, invoices (PDF) and extracted metadata.
  • Usage and activity: login times, actions performed within the platform, API requests.

2.2 Hauban Browser Extension ("Hauban Tracker")

The extension collects the following data solely for the purpose of IT governance within your organization:

  • Web history (URLs and page titles): the list of SaaS domains and web tools visited by the user, along with the page title and visit timestamp. This data is used exclusively to detect IT tools in use (including Shadow IT) and to measure active usage time per tool.
  • User activity: active/idle browser state, used to measure the real time spent on each tool and to avoid recording idle time.
  • Authentication token: the Hauban session token, stored locally via the browser's storage API, used to authenticate syncs with the Hauban workspace.
  • Extension settings: tracking enabled/disabled state, discovery mode preference — stored locally.

The extension never reads page content, form inputs, passwords, cookies or any information beyond the URL and title of the active tab.It only collects the domain names of visited tools; it does not record browsing on personal websites or social media unless those domains are registered as IT tools in the organization's Hauban catalog.

3. How We Use Your Data

  • Provide and operate the Hauban platform and extension.
  • Detect SaaS applications and Shadow IT tools used within your organization.
  • Measure actual license usage and generate IT governance reports.
  • Send renewal alerts, monitoring notifications and product updates.
  • Improve platform reliability, performance and security.
  • Comply with legal obligations.

We do not sell, rent or transfer user data to third parties outside of the approved use cases described in this policy. We do not use data for advertising, credit scoring or any purpose unrelated to IT governance.

4. Data Sharing

Data may be shared only with:

  • Your organization's Hauban workspace: URL/title data collected by the extension is visible to authorized IT administrators within your organization's Hauban account.
  • Infrastructure sub-processors: Microsoft Azure (France — Paris region) for hosting; Azure Communication Services for transactional email. All sub-processors are bound by data processing agreements (DPA) compliant with GDPR.
  • Legal authorities: if required by applicable law.

5. Data Retention

  • Account data: retained for the duration of the subscription, plus 30 days after account deletion.
  • Extension usage data (URLs/titles): retained for a maximum of 13 months, then automatically deleted.
  • Invoices and license data: retained for the duration of the subscription.
  • Logs: retained for 90 days.

6. Security

  • Data hosted exclusively in France (Azure France — Paris).
  • Encryption at rest: AES-256.
  • Encryption in transit: TLS 1.3.
  • Passwords: Argon2id (never stored in plain text).
  • Multi-tenant architecture with strict data isolation between organizations.
  • Automated abuse protection: hCaptcha, rate limiting, disposable email blocking.

7. Your Rights (GDPR)

As a data subject under GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to processing.
  • Data portability in machine-readable format.
  • Withdraw consent at any time (e.g. disable the extension).

To exercise any of these rights, contact us at privacy@hauban.io. We will respond within 30 days.

You may also file a complaint with the French data protection authority: CNIL — www.cnil.fr.

8. Cookies

The Hauban web platform uses only strictly necessary cookies for authentication and session management. No advertising or tracking cookies are used. The browser extension does not use cookies.

9. Children

Hauban is a professional B2B platform. We do not knowingly collect data from individuals under 18 years of age.

10. Changes to This Policy

We may update this policy periodically. Material changes will be notified by email or in-app notification at least 14 days before taking effect. The date of the latest update is indicated at the top of this page.

11. Contact

Hauban SAS — France
Email: privacy@hauban.io
General: contact@hauban.io