Humio Privacy Statement
Updated: April 11, 2017
Thanks for entrusting Humio with your data. Holding onto your private information is a serious responsibility, and we want you to know how we're handling it.
The short version
We collect your information only with your consent; we only collect the minimum amount of personal information that is necessary to fulfill the purpose of your interaction with us; we don't sell it to third parties; and we only use it as this Privacy Statement describes.
Of course, the short version doesn't tell you everything, so please read on for more details!
What information Humio collects and why
Information from website browsers
If you're just browsing the website, we collect the same basic information that most websites collect. We use common internet technologies, such as cookies and web server logs. This is stuff we collect from everybody, whether they have an account or not.
The information we collect about all visitors to our website includes the visitor’s browser type, language preference, referring site, additional websites requested, and the date and time of each visitor request. We also collect potentially personally-identifying information like Internet Protocol (IP) addresses.
We host our websites and subdomains on HubSpot. By using our websites and subdomains, you give us permission to collect, transfer, store, and use your Personal Data on servers located in Germany and the United States. Once collected, data is distributed through a global content delivery network. It is your own responsibility that the information you provide is accurate and that you protect information about your password. If you suspect your password to be misused and/or violated, please contact firstname.lastname@example.org.
You can visit our websites and subdomains without setting up an account or registering for receiving marketing materials. If you register for an account or for receiving marketing-, product- and/or downloadable materials, you give consent to that the information provided is sent to and stored at our servers. Such information pertains to:
Information provided via correspondence through our website and/or subdomains, for example a contact form. We collect:
- Company name
- Street address
- Postal code
- Job position
- Phone number
- Information provided via social media or other third party services
- Information provided to resolve a conflict
- Information about your and your devices’ location including the unique device ID if enabled on your device
Why do we collect this?
We collect this information to better understand how our website visitors use Humio, and to monitor and protect the security of the website.
Information from users with accounts
If you create an account, we require some basic information at the time of account creation. You log in via a third party identity provider and we do not store your password. You have the option to give us more information if you want to, and this may include "User Personal Information."
We also store an audit log of all actions you perform on the service.
"User Personal Information" is any information about one of our users which could, alone or together with other information, personally identify him or her. Information such as an email address, a real name, and a photograph are examples of “User Personal Information.”
User Personal Information does not include aggregated, non-personally identifying information. We may use aggregated, non-personally identifying information to operate, improve, and optimize our website and service.
Why do we collect this?
- We need your User Personal Information to create your account, and to provide the services you request.
- We use your User Personal Information, specifically your email address, to identify you on Humio.
- We will use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay. Please see our section on email communication for more information.
- We limit our use of your User Personal Information to the purposes listed in this Privacy Statement. If we need to use your User Personal Information for other purposes, we will ask your permission first. You can always see what information we have, how we're using it, and what permissions you have given us in your user profile.
We store an audit log for all user actions so that you can see who is accessing your information, and so that we can improve the security of the system and respond to security incidents.
- The access log shows who ran which queries and when, and may include the IP address from which the action took place. This includes cases where Humio Employees are accessing your information (on your instruction).
- It also shows changes in access rights for your data spaces, and if someone has been deleting data.
- The action of accessing the audit log is itself logged. You can use that information to prove that you have inspected the audit log, which may be a requirement under GDPR compliance.
Certain audit log entries are not deleted when you delete your account. This includes changes to access rights and delete requests. This ensures that no one can completely delete their tracks.
What information Humio does not collect
We do not intentionally collect sensitive personal information, such as social security numbers, genetic data, health information, or religious information. Although Humio does not request or intentionally collect any sensitive personal information, we realize that you might store this kind of information in your account, such as in a dataspace. If you store any sensitive personal information on our servers, you are consenting to our storage of that information on our servers, which are in the European Union.
We do not intentionally collect information that is stored in your data spaces or other free-form content inputs. Information in your data spaces belongs to you, and you are responsible for it, as well as for making sure that your content complies with our Terms of Service. Humio employees do not access private repositories unless required to for security or maintenance, or for support reasons, with the consent of the repository owner.
If you're a child under the age of 18, you may not have an account on Humio. Humio does not knowingly collect information from or direct any of our content specifically to children under 18. If we learn or have reason to suspect that you are a user who is under the age of 18, we will unfortunately have to close your account. We don't want to discourage you from learning to code, but those are the rules.
How we share the information we collect
We do not share, sell, rent, or trade User Personal Information with third parties for their commercial purposes.
We do not disclose User Personal Information outside Humio, except in the situations listed in this section or in the section below on Compelled Disclosure.
We do share certain aggregated, non-personally identifying information with others about how our users, collectively, use Humio, or how our users respond to our other offerings, such as our conferences or events. However, we do not sell this information to advertisers or marketers.
We may share User Personal Information with your permission, so we can perform services you have requested.
We may share User Personal Information with a limited number of third-party service providers who process it on our behalf to provide or improve our service, and who have agreed to privacy restrictions similar to our own Privacy Statement. Our service providers perform services such as email services, customer relation managemet, customer support ticketing, network data transmission, and other similar services. When we transfer your data to our service providers, we remain responsible for it.
We may share User Personal Information if we are involved in a merger, sale, or acquisition. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of User Personal Information, and we will notify you on our website or by email before any transfer of your User Personal Information. The organization receiving any User Personal Information will have to honor any promises we have made in our Privacy Statement or in our Terms of Service.
A cookie is a small piece of text that our web server stores on your computer or mobile device, which your browser sends to us when you return to our site. Cookies do not necessarily identify you if you are merely visiting Humio; however, a cookie may store a unique identifier for each logged in user. The cookies Humio sets are essential for the operation of the website, or are used for performance or functionality. By using our website, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device’s ability to accept cookies, you will not be able to log in or use Humio’s services.
We use Google Analytics as a third party tracking service, but we don’t use it to track you individually or collect your User Personal Information. We use Google Analytics to collect information about how our website performs and how our users, in general, navigate through and use Humio. This helps us evaluate our users' use of Humio; compile statistical reports on activity; and improve our content and website performance.
Google Analytics gathers certain simple, non-personally identifying information over time, such as your IP address, browser type, internet service provider, referring and exit pages, time stamp, and similar data about your use of Humio. We do not link this information to any of your personal information such as your user name.
Humio will not, nor will we allow any third party to, use the Google Analytics tool to track our users individually; collect any User Personal Information other than IP address; or correlate your IP address with your identity. Google provides further information about its own privacy practices and offers a browser add-on to opt out of Google Analytics tracking.
We use HubSpot as CRM, tracking our interactions with customers and as a third party tracking service for our web presence. Using this we track which pages you navigate to on our online services, and associate it with email and other interactions we have with you.
"Do Not Track" is a privacy preference you can set in your browser if you do not want online services to collect and share certain kinds of information about your online activity from third party tracking services. We do not track your online browsing activity on other online services over time and we do not permit third-party services to track your activity on our site beyond our basic Google Analytics tracking, which you may opt out of here. Because we do not share this kind of data with third party services or permit this kind of third party data collection on Humio for any of our users, and we do not track our users on third-party websites ourselves, we do not need to respond differently to an individual browser's Do Not Track setting.
If you are interested in turning on your browser’s privacy and Do Not Track settings, the Do Not Track website has browser-specific instructions.
Please see our section on email communication to learn about our use of pixel tags in marketing emails.
How Humio secures your information
Humio takes all measures reasonably necessary to protect User Personal Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of User Personal Information. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it.
No method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. For more information, see our security disclosures.
Humio's global privacy practices
Information that we collect will be stored and processed in the European Union in accordance with this Privacy Statement. However, we understand that we have users from different countries and regions with different privacy expectations, and we try to meet those needs.
We provide the same standard of privacy protection to all our users around the world, regardless of their country of origin or location, and we are proud of the levels of notice, choice, accountability, security, data integrity, access, and recourse we provide. We have appointed a Privacy Counsel and we work hard to comply with the applicable data privacy laws wherever we do business. Additionally, we require that if our vendors or affiliates have access to User Personal Information, they must comply with our privacy policies and with applicable data privacy laws, including signing data transfer agreements such as Standard Contractual Clause agreements.
- Humio provides clear methods of unambiguous, informed consent at the time of data collection, when we do collect your personal data.
- We collect only the minimum amount of personal data necessary, unless you choose to provide more. We encourage you to only give us the amount of data you are comfortable sharing.
- We offer you simple methods of accessing, correcting, or deleting the data we have collected.
- We provide our users notice, choice, accountability, security, and access, and we limit the purpose for processing. We also provide our users a method of resourse and enforcement. These are the GDPR Principles, but they are also just good practices.
If you have concerns about the way Humio is handling your User Personal Information, please let us know immediately. We want to help. You may contact us directly at email@example.com with the subject line "Privacy Concerns." We will respond within 45 days at the latest.
Dispute Resolution Process
In the unlikely event that a dispute arises between you and Humio regarding our handling of your User Personal Information, we will do our best to resolve it.
How we respond to compelled disclosure
Humio may disclose personally-identifying information or other information we collect about you to law enforcement in response to a valid subpoena, court order, warrant, or similar government order, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of third parties or the public at large.
In complying with court orders and similar legal processes, Humio strives for transparency. When permitted, we will make a reasonable effort to notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so, or in rare, exigent circumstances.
How you can access and control the information we collect
If you're already a Humio user, you may access, update, alter, or delete your basic user profile information by editing your user profile or contacting firstname.lastname@example.org.
Data Retention and Deletion
Humio will retain User Personal Information for as long as your account is active or as needed to provide you services.
We may retain certain User Personal Information indefinitely, unless you request its deletion.
If you would like to cancel your account or delete your User Personal Information, you may do so by sending an email to email@example.com. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 30 days.
How we communicate with you
We will use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay. You have control over how your email address is used and shared on and through Humio.
Humio may occasionally send notification emails about new features, requests for feedback, important policy changes, customer support offers, and news pertaining to Humio. We also send marketing emails, but only with your consent. There's an unsubscribe link located at the bottom of each of the emails we send you.
Our emails might contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted emails. If you prefer not to receive pixel tags, please opt out of marketing emails.
Changes to our Privacy Statement
Although most changes are likely to be minor, Humio may change our Privacy Statement from time to time. We will provide notification to Users of material changes to this Privacy Statement through our Website at least 30 days prior to the change taking effect by posting a notice on our home page or sending email to the email address specified in your Humio primary account. For changes to this Privacy Statement that do not affect your rights, we encourage visitors to check this page frequently.
This Privacy Statement is adapted from GitHub's Privacy Statement, and is licensed under this Creative Commons Zero license.
Questions regarding Humio's Privacy Statement or information practices should be directed to firstname.lastname@example.org.