Privacy Policy

Last updated: 2022-01-01

The following is complete documentation of our privacy policy, reflecting how we treat customer data. Instead of a long document, our goal is to keep this simple and understandable, so you know exactly how we handle your data.

Privacy Principles at Haekka

The following Privacy Principles guide our decisions and approach to handling customer data:

  • We only collect data necessary to deliver our products and services.
  • We do not sell customer data to third parties.
  • We scrutinize the privacy posture and philosophy of all potential partners.
  • All customers have the right and ability to delete or edit their personal data.
  • We will protect your data at all times using industry-best practices.
  • If we ever discover a breach of your data, we will notify you as soon as possible.

Our commitment to all Haekka customers is to abide by our Principles. Should you ever have questions about our Principles, please contact us.

What data we collect

In order to better manage, secure, and enable your data rights, we classify all of our user data into categories. There are three basic categories of data we collect:

Identifiable data (name, email address, etc): We get this data from your Slack or Teams workspace when an admin installs the Haekka application.

Public website data (browsing data, cookies, etc): We use this data to optimize our public web experience. We do not store this data and at times will use approved third parties, such as marketing platforms, that will store certain identifiable information such as an IP address.

Training data (content, curriculum, learning paths, etc.): Training data is not identifiable to you. In some cases, if you create content, there will be a unique user identifier linked to the content. This is not identifiable and only used by Haekka products to match content to users that created it.

Application usage data (how customers interact and experience our product): We collect this data to understand how you use the Haekka application (what you click on, the way you navigate the app, etc). This data also has a unique identifier used by Haekka software.

Why we collect data

As our first Privacy Principle states — we only collect data we need to deliver our products and services. This mandates a minimum necessary approach to data collection. We do not make money on user data and, in fact, view user data as a liability. We only want data that we can use to deliver value to you, our users; and only value that we deem to be greater than the liability of having the data in the first place.

This minimum necessary approach is contrary to the approach taken by most of the services on the internet. For too long, online services on both your computer and on your phone have collected as much data as they can get away with, including egregious examples like contact lists and location data. We take a different approach to your data and your privacy.

How we use the data we collect

Identifiable Data: Our primary use for your identifiable data is user account management. This includes contact information and basic information about your position and role, including, but not limited to, name, email, display name, and user IDs of applications to which we integrate. We will also use this data to recommend and deliver training that is catered to certain types of information about you.

Website Data: We use this information to optimize the experience of using our public website.

Training Data: Training is the educational content in the Haekka application. Training content is created by Haekka, Haekka customers, and Haekka partners.

Application Usage Data: App usage data is used to improve the app experience for you. We use this data to understand how you use the app, where there may be bottlenecks or roadblocks to certain actions. We also use this data to track the outcome of the changes we make to the design and experience of the application.

Requesting, modifying, or deleting your data

How to request information and take action on your data: All Haekka users are eligible to request a complete export of the data we've collected on them. You can request this export by sending us an email at support@haekka.com with a note indicating you'd like an export of your information.

Legal disclosure of personal information

There are times when we are required to disclose personal information by law enforcement.

Data retention

We retain data for as long as needed in order to provide our services and products. Meaning, so long as you and your company are Haekka customers, we retain your data. When you cease to be a Haekka customer, we retain data only for the amount of time required by law. This is specific to geographical regions. See CCPA and GDPR. Of course, we do not retain data if a user has requested for it to be deleted. In those cases, we process deletion requests within 30 days.

Third parties that may access Haekka data

We do work with third parties to help deliver our products. As a part of our vetting process for new partners, we examine the services we are using to understand how these partners will treat our data. We work hard to ensure alignment between our Privacy Policies and the services we use. (note: the following list of services may not be comprehensive).

Webflow: Our static websites are hosted and served by Webflow. You can read more about privacy at Webflow here.

Heroku: Our core application is hosted on Heroku. More on Heroku’s privacy, security and compliance practices can be found here.

Google Cloud Platform: Certain aspects of our technology are hosted on Google Cloud Platform. Read more about how GCP handles security and privacy here.

Hubspot: We use Hubspot to store customer and account information. Read more about Hubspot's security posture here.

Stripe: For subscriptions and payment processing we use Stripe. You can read more about Stripe’s privacy and compliance practice here.

Google OAuth

Our application utilizes Google APIs to enhance your experience and provide specific functionalities. The types of data we access are as follows:

  • Organization name
  • Organization groups
  • Group member emails
  • Group member names

When you use our application, you will be prompted through Google's OAuth 2.0 consent process to authorize our access to your data. We ensure transparency in our data access requests and use this information solely for the purposes stated in our application. We are committed to protecting your privacy and securing your data in compliance with Google's API services terms and our privacy practices.

The security of your data is paramount. We implement stringent security measures to safeguard your data from unauthorized access, disclosure, alteration, and destruction. Our application adheres to Google’s recommended practices for data security and privacy. Our application complies with Google's OAuth app verification process, ensuring that our access to data is within the scope of what is necessary for our app's functionality. We are committed to adhering to Google’s guidelines for accessing sensitive or restricted scopes of user data.

For further information regarding Google OAuth, please visit this link -> Google API Services User Data Policy

Privacy Shield

Our privacy policy aligns with the requirements of the Privacy Shield Framework. Any data privacy disputes under Privacy Shield are handled by a panel established by DPAs or the Commissioner. We are a US entity subject to enforcement powers of US regulatory bodies.

© 2022 DayZero Inc., dba Haekka All rights reserved.

Top