Skip To Content

Haven Technologies Security and Data Privacy

Haven Tech is committed to keeping our customers’ data secure, so you can stay assured that your data is kept safe. Here is a summary of Haven Tech’s practices regarding security and data privacy.

Organization of Information Security

Security Ownership
Haven Tech has appointed security champions responsible for coordinating and monitoring the security rules and procedures.

Information Security Policies
Haven Tech maintains a management-approved corporate information security policy, which defines Haven Tech’s approach to information security, ensuring physical, administrative and technical safeguards.

Senior Management Commitment
Haven Tech’s Information Security team develops, maintains, reviews, and approves Haven Tech’s security, availability, and confidentiality standards and policies.

Risk Management
Haven Tech has a formal cybersecurity risk assessment and management process which includes mitigation of any identified findings.

Audits, Certifications, & Threat Testing

The operations, policies, and procedures at Haven Tech are audited regularly to ensure that Haven Tech meets industry standards expected of service providers.

SOC2 Reports
Haven Tech publishes a Service Organization Controls 2 (SOC 2) Type II report. Haven Tech’s SOC 2 report addresses all trust services principles and criteria (security, availability and confidentiality). SOC 2 audits validate Haven Tech’s physical and environmental safeguards for production data centers, backup and recovery procedures, software development processes, and logical security controls. The SOC 2 audit is conducted annually by an independent third-party auditor.

Threat Testing
Haven Tech regularly utilizes third parties to conduct penetration testing of the Haven Tech platform for vulnerabilities. Haven Tech utilizes a bug bounty program whereby third-party advocates conduct continuous penetration.

Secure Development (SDLC)

Haven Tech employs cutting-edge security tools to continuously and dynamically scan in a frictionless manner to test our applications, such as:

  • Security software scanners (SAST, SCA, secrets, license, and container)
  • Embedded code reviews and approvals
  • Unit testing, regression, and QA testing cycles
  • Isolated development, test, and production environments
  • Security software role-based training

Haven Tech won the BSIMM Community Award for seamlessly including these scanners as part of the regular SDLC.

Access Management

Haven Tech employs access controls that follow the principle of least privilege, isolated environments, and separation of duties.  Specifically, Haven Tech utilizes:

  • Enterprise password managers
  • Secrets management tooling
  • Restricted developer access roles in UAT vs. production
  • Firewall access workflows with expiration timeframes and required approvals

Data Security

Haven Tech protects sensitive data as if it were our own by employing practices such as:

  • Secure email tools used to protect against malicious threats
  • Enforcement of “Test data” in lower environments
  • Masking of data protocols for sensitive elements
  • Maintaining a clearly defined data classification model
  • Restricting of data logging
  • Internal hosting of proprietary code

Availability & Continuity

Haven Tech’s infrastructure lifecycle is managed using infrastructure as code to provision, adjust, and maintain cloud availability, which includes:

  • Configuration for high availability and scheduled backups
  • Periodic Tabletop exercises
  • Defined and tested Incident response team procedures

Cloud Service & Security

Haven Tech uses cloud services provided by Amazon Web Services (AWS) for storing and processing content. As part of cloud security, Haven Tech employs practices such as:

  • Continuous monitoring of critical components
  • Network firewalls, web application firewalls, and CDN protections
  • Enabled vulnerability scanning
  • Security configuration scanning for K8, IaS, and container images
  • Annual external cloud security assessments

Haven Tech ensures you have control over the collection, use, and sharing of your information by: 

  • Collecting only the amount of information that is necessary for us to provide our goods and services to you and processing such information solely at your direction
  • Entering into agreements with sub-processors containing terms that are at least as restrictive as our privacy and security obligations to you
  • Developing internal policies and providing training to employees on the proper handling of your information, including how to protect it from theft, loss, or unauthorized disclosure
  • Limiting access to your information to those employees and contractors who require access to provide our goods and services to you and conducting periodic reviews of such access rights
  • Deleting your data upon termination of your contract or as directed by you, provided, we may keep copies of your information as required by law or regulation or to comply with a legal obligation
  • Entering into a data processing addendum with all of our customers that governs our processing activities

For more information about our privacy practices, see below.

 

—–

Privacy Policy

UPDATED AS OF DECEMBER 2022

At HITPS LLC d/b/a Haven Technologies (“Haven Technologies”, “we”, or “us”), we are committed to maintaining your confidence and trust as it relates to the privacy of your information.  This privacy policy (the “Privacy Policy”) governs how Haven Technologies collects and uses Personal Information (as defined below) about you when you use our website and when you otherwise communicate with us.  Please read below and learn how we collect, protect, share and use your information.

Please note, this Privacy Policy does not cover information collected about you that is provided to us via our software as a service technology platform by or at the direction of our customers.  For details on information practices about such information, please contact the Haven Technologies customer that acts as your insurance carrier.

For residents of California, please also refer to our California Privacy Rights Notice.

1. Information We Collect

Information You Provide To Us

We collect Personal Information when you provide it directly to us (such as when you access our website, www.haventech.us, (the “Website”)), send us a message through the Website, sign up for newsletters, apply for a job, fill out a form, email or call us, interact with us at an event or on our social networking sites, or otherwise communicate with us.  “Personal Information” is defined as information that can be used to identify you as an individual and includes, but is not limited to your name, home address, email address, and telephone number.  We may also collect work-related information, such as your job title and work address, and your employer’s Employer Identification Number (EIN) and bank account information.

Information We Collect Automatically

Usage Information.

Whenever you visit or interact with the Website, we, as well as any third-party advertisers and/or service providers, may use a variety of technologies that automatically or passively collect information about how the Website is accessed and used (“Usage Information”). Usage Information may include browser type, device type, operating system, the page served, the time, the preceding page views, and your use of features on the Website. This information helps us keep our Website fresh and interesting to our visitors and allows us to tailor content to a visitor’s interests.

Device Identifier.

We may automatically collect your IP address or other unique identifier (“Device Identifier”) for the device (computer, mobile phone, tablet or other device) you use to access the Website. A Device Identifier is a number that is assigned to your device when you access a website or its servers, and our computers identify your device by its Device Identifier. We may use a Device Identifier to, among other things, run the Website, help diagnose problems with our servers, analyze trends, track your web page movements, help identify you and your interests, and gather broad demographic information for aggregate use.

Cookies; Pixel Tags.

The technologies used on the Website to collect Usage Information, including Device Identifiers, include but are not limited to: cookies (data files placed on a device when it is used to visit the Website), mobile analytics software, and pixel tags (transparent graphic image, sometimes called a web beacon or tracking beacon, placed on a web page or in an email, which indicates that a page or email has been viewed). Cookies may also be used to associate you with social networking sites like Facebook and Twitter and, if you so choose, enable interaction between your activities on the Website and your activities on such social networking sites. We, or our vendors, may place cookies or similar files on your device for security purposes, to facilitate site navigation, to perform analytics, and personalize your experience while visiting our Website (such as allowing us to select which ads or offers are most likely to appeal to you, based on your interests, preferences, location, or demographic information). A pixel tag may tell your browser to get content from another server.

To learn how you may be able to reduce the number of cookies you receive from us, or delete cookies that have already been installed in your browser’s cookie folder, or prevent tracking activities, please refer to your browser’s tools or help menu or other instructions related to your browser. Because an industry-standard Do-Not-Track protocol has not yet been established, our information collection practices on our Website will continue to operate as described in this online Privacy Policy regardless of any “Do Not Track” signals that may be sent by certain browsers. However, you may refuse to accept cookies in order to prevent tracking activities. If you do disable or opt out of receiving cookies, please be aware that some features and services on our Website may not work properly.

2. How We Use the Information We Collect

We use the Personal Information we collect about and from you for a variety of business purposes such as to respond to your questions and requests for services; operate, manage, and maintain our business; provide you with access to certain areas and features of the Website such as certain products and services; verify your identity; communicate with you about changes to any of our policies; tailor content, advertisements, and offers we serve you; for our employment and vendor management purposes; conduct research and data analysis; conduct risk and security control monitoring; detect and prevent fraud; improve the Website; comply with law, legal process, internal policies and license obligations; and for purposes disclosed at the time you provide your Personal Information or otherwise with your consent. We may also collect your location-based information for the purpose of providing you with certain services.

Does Haven Technologies Sell Personal Information?

Haven Technologies does not sell Personal Information, including the Personal Information of consumers under 16 years of age.

3. Sharing of Information

Except as described here, we will not provide any of your Personal Information to any third parties without your specific consent.  We may share non-Personal Information, such as aggregated or de-identified data and Usage Information with third parties. We may also share your information as disclosed at the time you provide your information, as set forth in this Privacy Policy and in the following circumstances:

Third Parties Providing Services.

We may share your Personal Information with third parties that perform functions on our behalf, such as nonaffiliated companies in order to perform standard business functions on our behalf including those related to processing transactions you request or authorize; service providers that host or operate our Website or analyze data; advertisers; and third parties that provide marketing or promotional assistance. Your Personal Information may also be used by us or shared with our advertisers or other third parties to provide you with product information and promotional and other offers.

Your Agreement to Have Your Personal Information Shared.

While on our Website, you may have the opportunity to opt-in to receive information and/or marketing offers from someone else or to otherwise consent to the sharing of your information with a third party, including social networking sites such as Facebook or Twitter. If you agree to have your Personal Information shared, your Personal Information will be disclosed to the third party and the Personal Information you disclose will be subject to the privacy policy and business practices of that third party.

Business Transfers.

We may share your Personal Information with other entities and our affiliates primarily for business and operational purposes. In the event that we are involved in a bankruptcy, merger, acquisition, reorganization or sale of assets, your information may be sold or transferred as part of that transaction.

Legal Disclosure.

We may transfer and disclose your information to third parties to comply with a legal obligation; when we believe in good faith that the law or a governmental authority requires it; to verify or enforce our Terms of Use or other applicable policies; to address fraud, security or technical issues; to respond to an emergency; or otherwise to protect our rights or property or security of third parties, visitors to our Website, or the public.

4. Information We Receive from Third Parties

We may receive Personal Information about you from third parties.  In addition, if you are on another website and you opt-in to receive information from us, that website will submit to us your email address and other information about you so that we may contact you as requested. You may also choose to participate in a third party application or feature (such as one of our Facebook or Twitter applications or a similar application or feature on a third party website) through which you allow us to collect (or the third party to share) information about you, including Usage Information and Personal Information such as lists of your friends, “likes”, comments you have shared, groups and location. Services like Facebook Connect give you the option to post information about your activities on our Website to your profile page to share with others within your network.

In addition, we may receive information about you if other users of a third party website give us access to their profiles and you are one of their “connections” or information about you is otherwise accessible through your “connections” web page, profile page, or similar page on a social networking or other third party website or interactive service.  We may supplement the information we collect about you through the Website with such information from third parties in order to enhance our ability to serve you, to tailor our content to you and/or to offer you opportunities to purchase products or services that we believe may be of interest to you.

5. Your Privacy Rights, Choice and Access

You control the Personal Information that you provide to us, but some Personal Information is required by us in order for you to obtain certain services from us.  If you choose not to provide us with your Personal Information, you may not be able to take advantage of some of the services we offer or use some functionality on the Website. Except as provided above in section 3, we will not share Personal Information collected with third parties without your consent.  You may also direct us to stop sending you promotional emails by following the removal instructions in a communication you receive from us.  Your opt-out request will be processed within 10 business days of the date on which we receive it.

If you wish to modify, verify, correct, or delete any of your Personal Information, you may contact us at privacy@haventech.us.  In accordance with our routine record keeping we may delete certain records that contain Personal Information.  We are under no obligation to store such Personal Information indefinitely and disclaim any liability arising out of, or related to, the destruction of such Personal Information.  It may not always be possible to completely remove or delete all of your information from our databases without some residual data because of backups and other reasons.  We will retain your Personal Information (including geo-location data) for as long as needed to provide you services.  If you wish to request that we no longer use your Personal Information to provide you services or contact you, contact privacy@haventech.us.

Notwithstanding the foregoing, we will retain and use your Personal Information as necessary to comply with our legal obligations, resolve disputes, comply with our internal compliance and record retention policies, enforce our agreements, carry out legitimate business functions, and for any other purpose permitted by law.  We do not control certain privacy settings and preferences maintained by our social media partners like Facebook and Twitter. If you wish to make changes to those settings and preferences, you may do so by visiting the settings page of the appropriate social media site.

6. Advertising; How to Opt-Out

We may use third party ad network providers to help present ads on the Website, as well as other service providers to evaluate and provide us with information about the use of the Website and viewing of our content. We do not share Personal Information with these providers (unless, of course, you give us permission). Such providers may place and access cookies, pixel tags, or similar technologies on your device to serve you ads or other content personalized to your interests which they infer from your browsing on the Website and other sites you have visited. In doing so, the provider collects or has access to non-Personal Information such as your Usage Information. The use of cookies, pixel tags, or similar technologies by these providers is subject to their own privacy policies, not ours.

If you do not want to receive the benefits of targeted advertising, you may opt-out of some network advertising programs that use your information by visiting the NAI Opt-Out page at http://networkadvertising.org/managing/opt_out.asp. Please note that even if you choose to remove your information, you will still see advertising when you are browsing online. However, the advertisements you see may be less relevant to you and your interests.

7. Children

The Website is not directed to children under 13. We do not knowingly collect, use or disclose personally identifiable information from anyone under 13 years of age. If we determine upon collection that a Website visitor is under this age, we will not use or maintain his/her Personal Information without the parent/guardian’s consent. If we become aware that we have unknowingly collected personally identifiable information from a child under the age of 13, we will make reasonable efforts to delete such information from our records.

8. Security of Your Information

We take information security seriously and use certain reasonable security measures to help protect your Personal Information. We apply physical, electronic, and procedural safeguards to protect your Personal Information from unauthorized access. We provide training to our employees on how to safeguard Personal Information and only authorized employees are permitted to access Personal Information, which may only be used for permitted business purposes. We contractually require service providers to protect your Personal Information and use it exclusively for the purpose of performing certain business functions on our behalf. However, no electronic data transmission or storage of information can be guaranteed to be 100% secure. Please note that we cannot ensure or warrant the security of any information you transmit to us.  You use the Website and provide us with your information at your own risk.

9. Other Sites

The Website may contain links to other sites that we do not own or operate. This includes links from advertisers, sponsors and/or partners that may use our logo(s) as part of a co-branding or co-marketing agreement. We do not control, recommend or endorse and are not responsible for these sites or their content, products, services or privacy policies or practices. These other sites may send their own cookies to your device, they may independently collect data or solicit Personal Information and may or may not have their own published privacy policies. You should also independently assess the authenticity of any site which appears or claims that it is our Website (including those linked to through an email or social networking page).
The Website may make available chat rooms, forums, message boards, and news groups. Remember that any information that you disclose in these areas becomes public information and is not subject to the provisions of this Privacy Policy.

10. Changes

We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes, we will notify you by email (sent to the email address provided by you) or by means of a notice on our Website.  We encourage you to periodically review this page for the latest information on our privacy practices.

11. Consent to Processing and Transfer of Information

The Website is governed by and operated in and in accordance with the laws of the United States. We make no representation that the Website is governed by or operated in accordance with the laws of any other nation. By using the Website, or providing us with any information, you (a) acknowledge that the Website is subject to the laws of the United States, (b) consent to the collection, processing, maintenance and transfer of such information in and to the United States and other applicable territories in which the privacy laws may not be as comprehensive as or equivalent to those in the country where you reside and/or are a citizen, and (c) waive any claims that may arise under those laws.

12. Rights of California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with certain additional privacy rights related to the personal information we collect about you.  For more information, please see our California Privacy Rights Notice.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our practices, please contact us at privacy@haventech.us.

Are you a carrier ready to talk about what's next? A potential colleague? Or, do you just have a question about where our offices are located? No matter what, we want to hear from you! Drop us a line and we’ll get in touch ASAP.

California Privacy Request

For California Residents Only:

Use the form below to initiate your privacy request.*

For More Information

Visit our Privacy Policy and our California Privacy Rights Notice.

Privacy Options
Please select one of the following:
Please enter the email address you used at Haven Technologies:
This field is for validation purposes and should be left unchanged.

*Please Note:

Haven Tech does not sell or share personal information. We also do not use your sensitive personal information for any other purpose except (a) to perform services, (b) to provide the goods reasonably expected by you, (c) to help ensure security and integrity, (d) for short-term transient use, (e) to perform services on our behalf, (f) to undertake activities to verify or maintain the quality or safety of our service, and (e) as authorized under the California Privacy Rights Act.

We don't support Internet Explorer

Please use Chrome, Safari, Firefox, or Edge to view this site.