Skip To Content

Haven Technologies Security

and Data Privacy

Haven Tech is committed to keeping our customers’ data secure, so you can stay assured that your data is kept safe. Here is a summary of Haven Tech’s practices regarding security and data privacy.

Organization of Information Security

Security Ownership
Haven Tech has appointed security champions responsible for coordinating and monitoring the security rules and procedures.

Information Security Policies
Haven Tech maintains a management-approved corporate information security policy, which defines Haven Tech’s approach to information security, ensuring physical, administrative and technical safeguards.

Senior Management Commitment
Haven Tech’s Information Security team develops, maintains, reviews, and approves Haven Tech’s security, availability, and confidentiality standards and policies.

Risk Management
Haven Tech has a formal cybersecurity risk assessment and management process which includes mitigation of any identified findings.

Audits, Certifications, & Threat Testing

The operations, policies, and procedures at Haven Tech are audited regularly to ensure that Haven Tech meets industry standards expected of service providers.

SOC2 Reports
Haven Tech publishes a Service Organization Controls 2 (SOC 2) Type II report. Haven Tech’s SOC 2 report addresses all trust services principles and criteria (security, availability and confidentiality). SOC 2 audits validate Haven Tech’s physical and environmental safeguards for production data centers, backup and recovery procedures, software development processes, and logical security controls. The SOC 2 audit is conducted annually by an independent third-party auditor.

Threat Testing
Haven Tech regularly utilizes third parties to conduct penetration testing of the Haven Tech platform for vulnerabilities. Haven Tech utilizes a bug bounty program whereby third-party advocates conduct continuous penetration.

Secure Development (SDLC)

Haven Tech employs cutting-edge security tools to continuously and dynamically scan in a frictionless manner to test our applications, such as:

  • Security software scanners (SAST, SCA, secrets, license, and container)
  • Embedded code reviews and approvals
  • Unit testing, regression, and QA testing cycles
  • Isolated development, test, and production environments
  • Security software role-based training

Haven Tech won the BSIMM Community Award for seamlessly including these scanners as part of the regular SDLC.

Access Management

Haven Tech employs access controls that follow the principle of least privilege, isolated environments, and separation of duties.  Specifically, Haven Tech utilizes:

  • Enterprise password managers
  • Secrets management tooling
  • Restricted developer access roles in UAT vs. production
  • Firewall access workflows with expiration timeframes and required approvals

Data Security

Haven Tech protects sensitive data as if it were our own by employing practices such as:

  • Secure email tools used to protect against malicious threats
  • Enforcement of “Test data” in lower environments
  • Masking of data protocols for sensitive elements
  • Maintaining a clearly defined data classification model
  • Restricting of data logging
  • Internal hosting of proprietary code

Availability & Continuity

Haven Tech’s infrastructure lifecycle is managed using infrastructure as code to provision, adjust, and maintain cloud availability, which includes:

  • Configuration for high availability and scheduled backups
  • Periodic Tabletop exercises
  • Defined and tested Incident response team procedures

Cloud Service & Security

Haven Tech uses cloud services provided by Amazon Web Services (AWS) for storing and processing content. As part of cloud security, Haven Tech employs practices such as:

  • Continuous monitoring of critical components
  • Network firewalls, web application firewalls, and CDN protections
  • Enabled vulnerability scanning
  • Security configuration scanning for K8, IaS, and container images
  • Annual external cloud security assessments

Haven Tech ensures you have control over the collection, use, and sharing of your information by: 

  • Collecting only the amount of information that is necessary for us to provide our goods and services to you and processing such information solely at your direction
  • Entering into agreements with sub-processors containing terms that are at least as restrictive as our privacy and security obligations to you
  • Developing internal policies and providing training to employees on the proper handling of your information, including how to protect it from theft, loss, or unauthorized disclosure
  • Limiting access to your information to those employees and contractors who require access to provide our goods and services to you and conducting periodic reviews of such access rights
  • Deleting your data upon termination of your contract or as directed by you, provided, we may keep copies of your information as required by law or regulation or to comply with a legal obligation
  • Entering into a data processing addendum with all of our customers that governs our processing activities

For more information about our privacy practices, see below.




Privacy Policy


At HITPS LLC d/b/a Haven Technologies (“Haven Technologies”) we are committed to maintaining your confidence and trust as it relates to the privacy of your information. Please read below and learn how we collect, protect, share and use your information as part of our technology platforms, including, without limitation, our websites, interactive features, applications, and social network pages (“Platforms”).
We use the terms “we”, “our”, “us”, and similar to refer to Haven Technologies. We use the terms “you”, “your”, and similar terms to refer to the visitors to our Platforms. For residents of California, please also refer to section 12, Rights of California Residents.

1. Information We Collect on Our Platforms

Information You Provide To Us

We may collect Personal Information (information that can be used to identify you as an individual) such as your name, email, telephone number, home address, demographic information (such as zip code, age), and payment information (such as account or credit card number). The types of Personal Information we collect may vary depending on your use of the features of the Platforms.
For California residents, personal information is defined as information that “identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular” California consumer or household. Under California Law, personal information does not include publicly available information or consumer information that is de-identified or aggregate consumer information. For more information, see Section 12 on Rights of California Residents.

Information We Collect Automatically

Usage Information.
Whenever you visit or interact with the Platforms, we, as well as any third-party advertisers and/or service providers, may use a variety of technologies that automatically or passively collect information about how the Platforms are accessed and used (“Usage Information”). Usage Information may include browser type, device type, operating system, application version, the page served, the time, the preceding page views, and your use of features or applications on the Platforms. This information helps us keep our Platforms fresh and interesting to our visitors and allows us to tailor content to a visitor’s interests.

Device Identifier.
We automatically collect your IP address or other unique identifier (“Device Identifier”) for the device (computer, mobile phone, tablet or other device) you use to access the Platforms. A Device Identifier is a number that is assigned to your device when you access a website or its servers, and our computers identify your device by its Device Identifier. We may use a Device Identifier to, among other things, administer the Platforms, help diagnose problems with our servers, analyze trends, track users’ web page movements, help identify you and your interests, and gather broad demographic information for aggregate use.

Cookies; Pixel Tags.
The technologies used on the Platforms to collect Usage Information, including Device Identifiers, include but are not limited to: cookies (data files placed on a device when it is used to visit the Platforms), mobile analytics software and pixel tags (transparent graphic image, sometimes called a web beacon or tracking beacon, placed on a web page or in an email, which indicates that a page or email has been viewed). Cookies may also be used to associate you with social networking sites like Facebook and Twitter and, if you so choose, enable interaction between your activities on the Platforms and your activities on such social networking sites. We, or our vendors, may place cookies or similar files on your device for security purposes, to facilitate site navigation, to perform analytics, and personalize your experience while visiting our Platforms (such as allowing us to select which ads or offers are most likely to appeal to you, based on your interests, preferences, location, or demographic information). A pixel tag may tell your browser to get content from another server.

To learn how you may be able to reduce the number of cookies you receive from us, or delete cookies that have already been installed in your browser’s cookie folder, or prevent tracking activities, please refer to your browser’s tools or help menu or other instructions related to your browser. Because an industry-standard Do-Not-Track protocol has not yet been established, our information collection practices on our Platforms will continue to operate as described in this online privacy policy regardless of any “Do Not Track” signals that may be sent by certain browsers. However, you may refuse to accept cookies in order to prevent tracking activities. If you do disable or opt out of receiving cookies, please be aware that some features and services on our Platforms may not work properly because we may not be able to recognize and associate you with your account(s). In addition, the offers we provide when you visit us may not be as relevant to you or tailored to your interests.

Information That We May Have Collected in the Past Twelve (12) Months

In the past 12 months, we may have collected the following categories of personal information relating to consumers:

• Identifiers, such as name and Social Security number;
• Personal information, as defined in the California safeguards law, such as contact information and financial information;
• Characteristics of protected classifications under California or other state or federal law, such as sex and marital status;
• Commercial information, such as transaction and account information;
• Biometric information, such as fingerprints and voiceprints;
• Internet or network activity information, such as browsing history and interactions with our website;
• Geolocation data, such as device location;
• Audio, electronic, visual, thermal, olfactory, and similar information, such as call and video recordings;
• Professional or employment-related information, such as work history and prior employer; and,
• Inferences drawn from any of the personal information listed above to create a profile/summary about, for example, an individual’s preferences and characteristics.

We collect personal information directly from consumers, through the use of analytics tools on our website, and from affiliated and nonaffiliated third parties, such as data brokers or data aggregators.

2. How We Use the Information We Collect

We use the information we collect about and from you for a variety of business purposes such as to respond to your questions and requests for services; operate, manage and maintain our business; provide you with access to certain areas and features of the Platforms such as certain products and services; purchase history; verify your identity; communicate with you about your account and activities on the Platforms and, in our discretion, changes to any of our policies; tailor content, advertisements, and offers we serve you; for our employment and vendor management purposes; conduct research and data analysis; conduct risk and security control monitoring; detect and prevent fraud; improve the Platforms; comply with law, legal process, internal policies and license obligations; and for purposes disclosed at the time you provide your Personal Information or otherwise with your consent. We may also collect your location based information for the purpose of providing you with certain services.

Does Haven Technologies Sell Personal Information?
Haven Technologies does not sell personal information, including the personal information of consumers under 16 years of age, and we have not done so for the 12-month period preceding the last revision date of this Privacy Policy.

3. Sharing of Information

Except as described here or in our customer privacy notices, we will not provide any of your Personal Information to any third parties without your specific consent. We may share non-Personal Information, such as aggregated or de-identified data and Usage Information with third parties. We may also share your information as disclosed at the time you provide your information, as set forth in this Privacy Policy and in the following circumstances:

Third Parties Providing Services.
We may share your Personal Information with third parties that perform functions on our behalf (or on behalf of our partners) such as nonaffiliated companies in order to perform standard business functions on our behalf including those related to processing transactions you request or authorize, or maintaining your account or policy; service providers that host or operate our Platforms, analyze data, process transactions and payments, fulfill orders, or provide customer service; advertisers; sponsors or other third parties that participate in or administer our promotions, contests, sweepstakes, surveys or provide marketing or promotional assistance and “powered by” partners or partners in co-branded sites. Your Personal Information may also be used by us or shared with our sponsors, partners, advertisers or other third parties to provide you with product information and promotional and other offers.

Your Agreement to Have Your Personal Information Shared.
While on our Platforms, you may have the opportunity to opt-in to receive information and/or marketing offers from someone else or to otherwise consent to the sharing of your information with a third party, including social networking sites such as Facebook or Twitter. If you agree to have your Personal Information shared, your Personal Information will be disclosed to the third party and the Personal Information you disclose will be subject to the privacy policy and business practices of that third party.

Business Transfers.
We may share your Personal Information with other entities and our affiliates primarily for business and operational purposes. In the event that we are involved in a bankruptcy, merger, acquisition, reorganization or sale of assets, your information may be sold or transferred as part of that transaction.

Legal Disclosure.
We may transfer and disclose your information to third parties to comply with a legal obligation; when we believe in good faith that the law or a governmental authority requires it; to verify or enforce our Terms of Use or other applicable policies; to address fraud, security or technical issues; to respond to an emergency; or otherwise to protect our rights or property or security of third parties, visitors to our Platforms or the public.

Information That We May Have Shared In the Past Twelve (12) Months.
In the past 12 months, we may have disclosed the following categories of personal information to affiliated and nonaffiliated third party service providers for our business purposes:
• Identifiers, such as name and Social Security number;
• Personal information, as defined in the California safeguards law, such as contact information and financial information;
• Characteristics of protected classifications under California or other state or federal law, such as sex and marital status;
• Commercial information, such as transaction and account information;
• Biometric information, such as fingerprints and voiceprints;
• Internet or network activity information, such as browsing history and interactions with our website;
• Geolocation data, such as device location;
• Audio, electronic, visual, thermal, olfactory, and similar information, such as call and video recordings;
• Professional or employment-related information, such as work history and prior employer;
• Education information, such as school and data of graduation;
• Health information, such as nicotine-use; and,
• Inferences drawn from any of the personal information listed above to create a profile/summary about, for example, an individual’s preferences and characteristics

4. Information We Receive from Third Parties

We may receive information about you from third parties such as consumer or other reporting agencies. In addition, if you are on another website and you opt-in to receive information from us, that website will submit to us your email address and other information about you so that we may contact you as requested. You may also choose to participate in a third party application or feature (such as one of our Facebook or Twitter applications or a similar application or feature on a third party website) through which you allow us to collect (or the third party to share) information about you, including Usage Information and Personal Information such as lists of your friends, “likes”, comments you have shared, groups and location. Services like Facebook Connect give you the option to post information about your activities on our Platform to your profile page to share with others within your network.

In addition, we may receive information about you if other users of a third party website give us access to their profiles and you are one of their “connections” or information about you is otherwise accessible through your “connections’” web page, profile page, or similar page on a social networking or other third party website or interactive service. We may supplement the information we collect about you through the Platforms with such information from third parties in order to enhance our ability to serve you, to tailor our content to you and/or to offer you opportunities to purchase products or services that we believe may be of interest to you.

5. Your Privacy Rights, Choice and Access

You control the Personal Information that you provide to us on the Platforms, but some Personal Information is required by us in order for you to obtain services from us or for you to use the Platforms. If you choose not to provide us with your Personal Information on the Platforms, you may not be able to take advantage of some of the services we offer or use some functionality on the Platforms. Except as provided above in section 3, we will not share Personal Information collected on the Platforms with third parties without your consent. You may also direct us to stop sending you promotional emails by following the removal instructions in a communication you receive from us. Your opt-out request will be processed within 10 business days of the date on which we receive it.

If you wish to modify, verify, correct, or delete any of your Personal Information collected through the Platforms, you may edit your registered user information or contact us at In accordance with our routine record keeping, we may delete certain records that contain Personal Information you have submitted through the Platforms. We are under no obligation to store such Personal Information indefinitely and disclaim any liability arising out of, or related to, the destruction of such Personal Information. It may not always be possible to completely remove or delete all of your information from our databases without some residual data because of backups and other reasons. We will retain your information (including geo-location data) for as long as your account is active or as needed to provide you services. If you wish to cancel your online account or request that we no longer use your information to provide you services through the platform, contact We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, comply with our internal compliance and record retention policies, enforce our agreements, carry out legitimate business functions, and for any other purpose permitted by law. We do not control certain privacy settings and preferences maintained by our social media partners like Facebook and Twitter. If you wish to make changes to those settings and preferences, you may do so by visiting the settings page of the appropriate social media site.

6. Advertising; How to Opt-Out

We may use third party ad network providers to help present ads on the Platforms, as well as other service providers to evaluate and provide us with information about the use of the Platforms and viewing of our content. We do not share Personal Information with these providers (unless, of course, you give us permission). Such providers may place and access cookies, pixel tags, or similar technologies on your device to serve you ads or other content personalized to your interests which they infer from your browsing on the Platforms and other sites you have visited. In doing so, the provider collects or has access to non-Personal Information such as your Usage Information. The use of cookies, pixel tags, or similar technologies by these providers is subject to their own privacy policies, not ours.
If you do not want to receive the benefits of targeted advertising, you may opt-out of some network advertising programs that use your information by visiting the NAI Opt-Out page at Please note that even if you choose to remove your information, you will still see advertising when you are browsing online. However, the advertisements you see may be less relevant to you and your interests.

7. Children

The Platforms are not directed to children under 13. We do not knowingly collect, use or disclose personally identifiable information from anyone under 13 years of age. If we determine upon collection that a user is under this age, we will not use or maintain his/her Personal Information without the parent/guardian’s consent. If we become aware that we have unknowingly collected personally identifiable information from a child under the age of 13, we will make reasonable efforts to delete such information from our records.

8. Security of Your Information

We take information security seriously and use certain reasonable security measures to help protect your Personal Information. We apply physical, electronic, and procedural safeguards to protect your personal information from unauthorized access. We provide training to our employees on how to safeguard personal information and only authorized employees are permitted to access personal information, which may only be used for permitted business purposes. We contractually require service providers to protect your personal information and use it exclusively for the purpose of performing certain business functions on our behalf. However, no electronic data transmission or storage of information can be guaranteed to be 100% secure. Please note that we cannot ensure or warrant the security of any information you transmit to us, and you use the Platforms and provide us with your information at your own risk.

9. Other Sites

The Platforms may contain links to other sites that we do not own or operate. This includes links from advertisers, sponsors and/or partners that may use our logo(s) as part of a co-branding or co-marketing agreement. We do not control, recommend or endorse and are not responsible for these sites or their content, products, services or privacy policies or practices. These other sites may send their own cookies to your device, they may independently collect data or solicit Personal Information and may or may not have their own published privacy policies. You should also independently assess the authenticity of any site which appears or claims that it is one of our Platforms (including those linked to through an email or social networking page).
The Platforms may make available chat rooms, forums, message boards, and news groups. Remember that any information that you disclose in these areas becomes public information and is not subject to the provisions of this Privacy Policy.

10. Changes

We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the email address specified in your account) or by means of a notice on our Platforms. We encourage you to periodically review this page for the latest information on our privacy practices.

11. Consent to Processing and Transfer of Information

The website is governed by and operated in, and in accordance with the laws of the United States. We make no representation that the website is governed by or operated in accordance with the laws of any other nation. By using the website, or providing us with any information, you (a) acknowledge that the website is subject to the laws of the United States, (b) consent to the collection, processing, maintenance and transfer of such information in and to the United States and other applicable territories in which the privacy laws may not be as comprehensive as or equivalent to those in the country where you reside and/or are a citizen, and (c) waive any claims that may arise under those laws.

12. Rights of California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with certain additional privacy rights related to the personal information we collect about you. For the avoidance of doubt, the rights outlined in this section are only applicable to California residents. Generally, the CCPA provides you with the right to know about the personal information we collect about you and the right to have personal information we collect about you deleted in certain circumstances. The CCPA also provides you with the right to opt-out of the sale of personal information that has been collected about you. Please see below to learn more about your rights under the CCPA and to learn more about Haven Technologies’ CCPA privacy practices.

This section (“CCPA Privacy Rights”) applies solely to consumers who are residents of the State of California at the time of a request. We adopt this section to comply with the California Consumer Privacy Act of 2018 (“CCPA”). Terms used in this section, such as personal information, consumers, and service providers, have the same meaning as they are defined in the CCPA.

Request to Know:

You may request and, subject to certain exemptions, we will provide:
The categories of personal information we collect about you.
The categories of sources of the personal information we collect about you.
Our business or commercial purpose for collecting personal information.
The categories of personal information we disclose about you.
The specific pieces of personal information we collect about you.
The specific pieces of personal information about you that we sell. Note that Haven Technologies does not sell any consumer personal information.

Request to Delete:
You may request that we delete the personal information we have collected about you. Subject to exemptions, such as a need to retain the information to service products you have purchased from us or as stated in this Privacy Policy, or such as requirements under federal or state law, we will delete the personal information we have collected from you.

Exemptions from the CCPA:
Not all of your personal information is subject to the CCPA. Notably, if you are a Haven Technologies customer, your personal information may be subject to other privacy laws and your personal information that Haven Technologies maintains may be exempt from the CCPA. Your rights under other applicable privacy laws are described in this Privacy Policy and customer privacy notices, which can be found at

Right to Non-Discrimination:
You have the right to not receive discriminatory treatment by Haven Technologies for the exercise of your privacy rights under the CCPA. This means that we will not:
Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Submitting a Request under the CCPA:
Beginning January 1st, 2020, if you are a California resident and would like to submit a CCPA request, you may contact us by phone toll-free at 1-800-487-7530 , or by email at

After verifying your identity, we will respond to your request within forty-five (45) days. If additional time is required to process your request, we will communicate as such. If responding to all or part of your request would conflict with federal or state law, or your personal information is subject to an exemption under the CCPA, we will inform you of that fact. We will respond to the portion of your request that is not in conflict with applicable laws or exempt under the CCPA.
Only you, or a person you authorize to act on your behalf may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To authorize another person to make a verifiable request on your behalf, you must provide that person with written permission clearly describing their authority to make a request on your behalf. That individual must also be able to verify their identity with us and provide us with their authority to act on your behalf. An individual to whom you have provided Power of Attorney pursuant to Sections 4000 – 4465 of the California Probate Code may also make a request on your behalf.

How Will You Verify My Identity If I Make a CCPA Request?
In order to verify your identity, we may request your:
• Name
• Date of Birth
• Email
• Cell Phone Number
• Address

We will use this information to verify your identity using reasonable methods in order to process your rights request. These methods may include matching information you provided to us with information already maintained by us or through the use of a third-party identity verification service.
We will use the information you provide to verify your identity and to respond to your rights request and for no other purpose.
We cannot respond to your request or provide you with personal information if we are not able to verify your identity or authority to make the request or confirm the personal information relates to you.

13. Contact Us

If you have any questions or concerns about this Privacy Policy, the practices of the Platforms, or your experiences with the Platforms, please contact us at 1-800-487-7530, or by email at

Are you a carrier ready to talk about what's next? A potential colleague? Or, do you just have a question about where our offices are located? No matter what, we want to hear from you! Drop us a line and we’ll get in touch ASAP.

We don't support Internet Explorer

Please use Chrome, Safari, Firefox, or Edge to view this site.