Skip to content
Houdin Logo Houdin.io
Get Houdin

// Legal

Privacy Policy

Last Updated: July 14, 2025

1. Introduction

Houdin.io ("we", "us", "our") provides a cloud-based cyber threat intelligence platform (the "Service"). This policy explains how we collect, use, share, and protect your data in compliance with GDPR.

2. Data Controller & Processor

  • Controller: Houdin.io controls the processing of customer data related to your use of the Service.
  • Processor: We act as a processor when handling personal data on behalf of customers. A Data Processing Agreement (DPA) covers subprocessors, confidentiality, technical safeguards, audits, and data deletion upon termination.

3. Personal Data & Lawful Processing

  • Account info: name, email, company, billing details
  • Technical logs: IP addresses, device/browser info, usage metadata
  • Payload data: intelligence queries and payloads submitted through the Service

We process data under these lawful bases:

  1. Consent: when you opt into data tracking or cookies.
  2. Contractual necessity: to provide and support the Service.
  3. Legitimate interests: for fraud prevention, analytics, security.
  4. Legal obligations: e.g., record‑keeping for compliance.

4. Data Principles & Retention

  • Minimization: only essential data is collected.
  • Purpose limitation: data used only for stated purposes.
  • Accuracy: you can correct your info anytime.
  • Storage limitation: retained only as long as necessary.
  • Security: encryption, access control, pseudonymization, audits.

5. Transparency & Privacy‑by‑Design

Our policy is clear and concise. Privacy is built into our systems by default with secure‑by‑default settings, encrypted storage, API authentication, and privacy‑aware integrations.

6. Consent & Cookies

We show a GDPR‑compliant cookie banner for EU/EEA visitors. Only essential cookies load by default; marketing and analytics cookies are opt‑in and withdrawable.

7. Subprocessors & International Transfers

We publish our subprocessors (e.g., cloud, analytics, payments) in our DPA and notify customers of additions. Data transferred outside the EU/EEA is protected by Standard Contractual Clauses or equivalent safeguards.

8. Data Subject Rights

Under GDPR, you may:

  • Access, correct, erase, restrict, or object to processing
  • Port your data in a common format
  • Withdraw consent and stop profiling or automated decisions

Requests are processed within one month. Contact us at privacy@houdin.io.

9. Data Breach & Security Measures

  • TLS encryption in transit & at rest
  • Role‑based access controls
  • Secure backups & regular vulnerability testing
  • 72‑hour breach notification to authorities

10. Data Protection Officer (DPO)

We have a designated DPO to oversee compliance. Contact details are available on request.

11. Updates & Governance

Policy updates are posted on our website with revision dates; major GDPR changes will be highlighted. We maintain records of processing activities and conduct periodic GDPR audits.

12. Contact Information

Email: privacy@houdin.io