Privacy For Humans

Updated Jan 3, 2024

For humansFor laywers

Hi there!

At Hapstack, your privacy is at the core of our decision making. Sensitive information may pass through our systems, and we don’t take that lightly.

This page explains how our systems process your data. For more details on personal data usage, refer to our Privacy Policy (for laywers).

Where does my data go within Hapstack?

Your data is comprised of things like your name, email, apps, app sessions, notifications, linked accounts like Google, and so on. The majority of this data is stored in an encrypted database with our database provider, Neon. Only two individuals at Hapstack have access to this data, and strict role-based permissions and audit logs are in place.

How do you handle activity tracking?

All activity tracking is handled by our lightweight, open-source browser extension. Users must consent to sharing their activity, and have full visibility into the tracking data collected from them.

The tracking technology is quite simple. Whenever a user with our extension visits a web page, we check to see if that url is present in our database of SaaS urls. If there is, we record a session, If not, we don't do anything. This whole process happens locally. In other words, no url or browsing activity is ever sent to our servers unless our extension has already determined that a match has been found in our database of apps.

Our proprietary app database consists only of business-related, verified software tools. It doesn't include personal, B2C apps or apps that are not typically used for business purposes. That's because Hapstack is designed to uncover usage insights and save businesses money. We're not about monitoring employee browsing activity.

Where does my data go outside of Hapstack?

We only send data to trusted third-party systems that are subject to strict privacy and security controls. We think it’s important you understand not only what these systems are but also why we send your data to these systems. If you don’t agree with or understand our reasoning, please email us at privacy@hapstack.com. If you do not agree with your data going to a specific system, deleting your Hapstack account will permanently delete all of your data from all our systems. Only account administrators at your organization can delete data.

For folks coming to figure out GDPR compliance, the following third-party services act as data processors for us. When we work with these service providers in our capacity as a data processor for our customers' personal data, the General Data Protection Regulation (GDPR) calls these third-party service providers a sub-processor. A subprocessor is a third party data processor engaged by Hapstack who may have access to or process personal data: (i) on behalf of Hapstack customers; (ii) in accordance with customer instructions as communicated by Hapstack; and (iii) in accordance with the terms of a written contract between Hapstack and the subprocessor.

Neon

Location: US
Purpose: Database hosting services and storage
What: Neon is the provider we use to host our database systems. Neon stores your account data and other app data.
Why: Neon provides us a reliable, secure, and fast database. Neon databases have rigorous security, physical, and environmental controls. Learn more about Neon's security measures.

Google Cloud

Location: US
Purpose: Application hosting and infrastructure
What: GCP is the cloud provider we use to run our service. Google Cloud processes and hosts all components of our applications (except our database, as described above).
Why: Google Cloud provides Hapstack with a reliable, scalable, and secure global computing infrastructure. In addition, Google Cloud data centers have rigorous security, physical, and environmental controls to ensure inherent risks are mitigated. Learn more about Google Cloud's security measures.

PostHog

Location: US
Purpose: App analytics
What: We use PostHog to track the behavior signed-in users in our applications - things like button clicks, pageviews, feature usage, etc.
Why: PostHog allows us to continuously improve our applications by understanding user behavior and patterns. It also allows us to safely and reliably test new features and get real-time user feedback. Learn more about PostHog's security measures.

Sentry

Location: US
Purpose: Error logging service
What: Sentry is used as our error logging platform. We use Sentry to capture errors throw within our Service to better understand and resolve issues in real-time.
Why: No one likes bugs! Data sent to Sentry includes IP addresses and user IDs. We grab your IP to get a general location the error is happening in and potentially pin-down bugs that have to do with timezones. We send your user ID so we can more quickly search and diagnose issues surfaced by our users.

Zapier

Location: US
Purpose: Automation workflows
What: We use Zapier to automate repetitive tasks without coding or relying on developers to build integrations.
Why: Zapier allows us to remain a lean team and focus our energy on building a great product as opposed to every administrative tasks. Learn more about Zapier's enterprise-grade security measures.

Plausible.io

Location: EU
Purpose: Web analytics
What: We use Plausible to understand how users are interacting with our marketing website (anonymously). No application data is sent to Plausible.
Why: Plausible is a privacy-focused alternative to Google Analytics, and is fully open-source. It does not require the use of cookies because all measurement data is carried out completely anonymously.