Haven Technologies Security and Data Privacy
Haven Tech is committed to keeping our customers’ data secure, so you can stay assured that your data is kept safe. Here is a summary of Haven Tech’s practices regarding security and data privacy.
Organization of Information Security
Haven Tech has appointed security champions responsible for coordinating and monitoring the security rules and procedures.
Information Security Policies
Haven Tech maintains a management-approved corporate information security policy, which defines Haven Tech’s approach to information security, ensuring physical, administrative and technical safeguards.
Senior Management Commitment
Haven Tech’s Information Security team develops, maintains, reviews, and approves Haven Tech’s security, availability, and confidentiality standards and policies.
Haven Tech has a formal cybersecurity risk assessment and management process which includes mitigation of any identified findings.
Audits, Certifications, & Threat Testing
The operations, policies, and procedures at Haven Tech are audited regularly to ensure that Haven Tech meets industry standards expected of service providers.
Haven Tech publishes a Service Organization Controls 2 (SOC 2) Type II report. Haven Tech’s SOC 2 report addresses all trust services principles and criteria (security, availability and confidentiality). SOC 2 audits validate Haven Tech’s physical and environmental safeguards for production data centers, backup and recovery procedures, software development processes, and logical security controls. The SOC 2 audit is conducted annually by an independent third-party auditor.
Haven Tech regularly utilizes third parties to conduct penetration testing of the Haven Tech platform for vulnerabilities. Haven Tech utilizes a bug bounty program whereby third-party advocates conduct continuous penetration.
Secure Development (SDLC)
Haven Tech employs cutting-edge security tools to continuously and dynamically scan in a frictionless manner to test our applications, such as:
- Security software scanners (SAST, SCA, secrets, license, and container)
- Embedded code reviews and approvals
- Unit testing, regression, and QA testing cycles
- Isolated development, test, and production environments
- Security software role-based training
Haven Tech won the BSIMM Community Award for seamlessly including these scanners as part of the regular SDLC.
Haven Tech employs access controls that follow the principle of least privilege, isolated environments, and separation of duties. Specifically, Haven Tech utilizes:
- Enterprise password managers
- Secrets management tooling
- Restricted developer access roles in UAT vs. production
- Firewall access workflows with expiration timeframes and required approvals
Haven Tech protects sensitive data as if it were our own by employing practices such as:
- Secure email tools used to protect against malicious threats
- Enforcement of “Test data” in lower environments
- Masking of data protocols for sensitive elements
- Maintaining a clearly defined data classification model
- Restricting of data logging
- Internal hosting of proprietary code
Availability & Continuity
Haven Tech’s infrastructure lifecycle is managed using infrastructure as code to provision, adjust, and maintain cloud availability, which includes:
- Configuration for high availability and scheduled backups
- Periodic Tabletop exercises
- Defined and tested Incident response team procedures
Cloud Service & Security
Haven Tech uses cloud services provided by Amazon Web Services (AWS) for storing and processing content. As part of cloud security, Haven Tech employs practices such as:
- Continuous monitoring of critical components
- Network firewalls, web application firewalls, and CDN protections
- Enabled vulnerability scanning
- Security configuration scanning for K8, IaS, and container images
- Annual external cloud security assessments
Haven Tech ensures you have control over the collection, use, and sharing of your information by:
- Collecting only the amount of information that is necessary for us to provide our goods and services to you and processing such information solely at your direction
- Entering into agreements with sub-processors containing terms that are at least as restrictive as our privacy and security obligations to you
- Developing internal policies and providing training to employees on the proper handling of your information, including how to protect it from theft, loss, or unauthorized disclosure
- Limiting access to your information to those employees and contractors who require access to provide our goods and services to you and conducting periodic reviews of such access rights
- Deleting your data upon termination of your contract or as directed by you, provided, we may keep copies of your information as required by law or regulation or to comply with a legal obligation
- Entering into a data processing addendum with all of our customers that governs our processing activities
For more information about our privacy practices, see below.
UPDATED AS OF DECEMBER 2022
For residents of California, please also refer to our California Privacy Rights Notice.
1. Information We Collect
Information You Provide To Us
We collect Personal Information when you provide it directly to us (such as when you access our website, www.haventech.us, (the “Website”)), send us a message through the Website, sign up for newsletters, apply for a job, fill out a form, email or call us, interact with us at an event or on our social networking sites, or otherwise communicate with us. “Personal Information” is defined as information that can be used to identify you as an individual and includes, but is not limited to your name, home address, email address, and telephone number. We may also collect work-related information, such as your job title and work address, and your employer’s Employer Identification Number (EIN) and bank account information.
Information We Collect Automatically
Whenever you visit or interact with the Website, we, as well as any third-party advertisers and/or service providers, may use a variety of technologies that automatically or passively collect information about how the Website is accessed and used (“Usage Information”). Usage Information may include browser type, device type, operating system, the page served, the time, the preceding page views, and your use of features on the Website. This information helps us keep our Website fresh and interesting to our visitors and allows us to tailor content to a visitor’s interests.
We may automatically collect your IP address or other unique identifier (“Device Identifier”) for the device (computer, mobile phone, tablet or other device) you use to access the Website. A Device Identifier is a number that is assigned to your device when you access a website or its servers, and our computers identify your device by its Device Identifier. We may use a Device Identifier to, among other things, run the Website, help diagnose problems with our servers, analyze trends, track your web page movements, help identify you and your interests, and gather broad demographic information for aggregate use.
Cookies; Pixel Tags.
The technologies used on the Website to collect Usage Information, including Device Identifiers, include but are not limited to: cookies (data files placed on a device when it is used to visit the Website), mobile analytics software, and pixel tags (transparent graphic image, sometimes called a web beacon or tracking beacon, placed on a web page or in an email, which indicates that a page or email has been viewed). Cookies may also be used to associate you with social networking sites like Facebook and Twitter and, if you so choose, enable interaction between your activities on the Website and your activities on such social networking sites. We, or our vendors, may place cookies or similar files on your device for security purposes, to facilitate site navigation, to perform analytics, and personalize your experience while visiting our Website (such as allowing us to select which ads or offers are most likely to appeal to you, based on your interests, preferences, location, or demographic information). A pixel tag may tell your browser to get content from another server.
2. How We Use the Information We Collect
We use the Personal Information we collect about and from you for a variety of business purposes such as to respond to your questions and requests for services; operate, manage, and maintain our business; provide you with access to certain areas and features of the Website such as certain products and services; verify your identity; communicate with you about changes to any of our policies; tailor content, advertisements, and offers we serve you; for our employment and vendor management purposes; conduct research and data analysis; conduct risk and security control monitoring; detect and prevent fraud; improve the Website; comply with law, legal process, internal policies and license obligations; and for purposes disclosed at the time you provide your Personal Information or otherwise with your consent. We may also collect your location-based information for the purpose of providing you with certain services.
Does Haven Technologies Sell Personal Information?
Haven Technologies does not sell Personal Information, including the Personal Information of consumers under 16 years of age.
3. Sharing of Information
Third Parties Providing Services.
We may share your Personal Information with third parties that perform functions on our behalf, such as nonaffiliated companies in order to perform standard business functions on our behalf including those related to processing transactions you request or authorize; service providers that host or operate our Website or analyze data; advertisers; and third parties that provide marketing or promotional assistance. Your Personal Information may also be used by us or shared with our advertisers or other third parties to provide you with product information and promotional and other offers.
Your Agreement to Have Your Personal Information Shared.
We may share your Personal Information with other entities and our affiliates primarily for business and operational purposes. In the event that we are involved in a bankruptcy, merger, acquisition, reorganization or sale of assets, your information may be sold or transferred as part of that transaction.
4. Information We Receive from Third Parties
We may receive Personal Information about you from third parties. In addition, if you are on another website and you opt-in to receive information from us, that website will submit to us your email address and other information about you so that we may contact you as requested. You may also choose to participate in a third party application or feature (such as one of our Facebook or Twitter applications or a similar application or feature on a third party website) through which you allow us to collect (or the third party to share) information about you, including Usage Information and Personal Information such as lists of your friends, “likes”, comments you have shared, groups and location. Services like Facebook Connect give you the option to post information about your activities on our Website to your profile page to share with others within your network.
In addition, we may receive information about you if other users of a third party website give us access to their profiles and you are one of their “connections” or information about you is otherwise accessible through your “connections” web page, profile page, or similar page on a social networking or other third party website or interactive service. We may supplement the information we collect about you through the Website with such information from third parties in order to enhance our ability to serve you, to tailor our content to you and/or to offer you opportunities to purchase products or services that we believe may be of interest to you.
5. Your Privacy Rights, Choice and Access
You control the Personal Information that you provide to us, but some Personal Information is required by us in order for you to obtain certain services from us. If you choose not to provide us with your Personal Information, you may not be able to take advantage of some of the services we offer or use some functionality on the Website. Except as provided above in section 3, we will not share Personal Information collected with third parties without your consent. You may also direct us to stop sending you promotional emails by following the removal instructions in a communication you receive from us. Your opt-out request will be processed within 10 business days of the date on which we receive it.
If you wish to modify, verify, correct, or delete any of your Personal Information, you may contact us at email@example.com. In accordance with our routine record keeping we may delete certain records that contain Personal Information. We are under no obligation to store such Personal Information indefinitely and disclaim any liability arising out of, or related to, the destruction of such Personal Information. It may not always be possible to completely remove or delete all of your information from our databases without some residual data because of backups and other reasons. We will retain your Personal Information (including geo-location data) for as long as needed to provide you services. If you wish to request that we no longer use your Personal Information to provide you services or contact you, contact firstname.lastname@example.org.
Notwithstanding the foregoing, we will retain and use your Personal Information as necessary to comply with our legal obligations, resolve disputes, comply with our internal compliance and record retention policies, enforce our agreements, carry out legitimate business functions, and for any other purpose permitted by law. We do not control certain privacy settings and preferences maintained by our social media partners like Facebook and Twitter. If you wish to make changes to those settings and preferences, you may do so by visiting the settings page of the appropriate social media site.
6. Advertising; How to Opt-Out
If you do not want to receive the benefits of targeted advertising, you may opt-out of some network advertising programs that use your information by visiting the NAI Opt-Out page at http://networkadvertising.org/managing/opt_out.asp. Please note that even if you choose to remove your information, you will still see advertising when you are browsing online. However, the advertisements you see may be less relevant to you and your interests.
The Website is not directed to children under 13. We do not knowingly collect, use or disclose personally identifiable information from anyone under 13 years of age. If we determine upon collection that a Website visitor is under this age, we will not use or maintain his/her Personal Information without the parent/guardian’s consent. If we become aware that we have unknowingly collected personally identifiable information from a child under the age of 13, we will make reasonable efforts to delete such information from our records.
8. Security of Your Information
We take information security seriously and use certain reasonable security measures to help protect your Personal Information. We apply physical, electronic, and procedural safeguards to protect your Personal Information from unauthorized access. We provide training to our employees on how to safeguard Personal Information and only authorized employees are permitted to access Personal Information, which may only be used for permitted business purposes. We contractually require service providers to protect your Personal Information and use it exclusively for the purpose of performing certain business functions on our behalf. However, no electronic data transmission or storage of information can be guaranteed to be 100% secure. Please note that we cannot ensure or warrant the security of any information you transmit to us. You use the Website and provide us with your information at your own risk.
9. Other Sites
The Website may contain links to other sites that we do not own or operate. This includes links from advertisers, sponsors and/or partners that may use our logo(s) as part of a co-branding or co-marketing agreement. We do not control, recommend or endorse and are not responsible for these sites or their content, products, services or privacy policies or practices. These other sites may send their own cookies to your device, they may independently collect data or solicit Personal Information and may or may not have their own published privacy policies. You should also independently assess the authenticity of any site which appears or claims that it is our Website (including those linked to through an email or social networking page).
11. Consent to Processing and Transfer of Information
The Website is governed by and operated in and in accordance with the laws of the United States. We make no representation that the Website is governed by or operated in accordance with the laws of any other nation. By using the Website, or providing us with any information, you (a) acknowledge that the Website is subject to the laws of the United States, (b) consent to the collection, processing, maintenance and transfer of such information in and to the United States and other applicable territories in which the privacy laws may not be as comprehensive as or equivalent to those in the country where you reside and/or are a citizen, and (c) waive any claims that may arise under those laws.
12. Rights of California Residents
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with certain additional privacy rights related to the personal information we collect about you. For more information, please see our California Privacy Rights Notice.
13. Contact Us