Category of Personal Data
The personal data is processed for the following purposes, ways of processing, and time periods, in compliance with GDPR and other applicable laws.
1. Categories of Personal Data
Category | Purpose | Ways of Processing | Retention Period | Legal Basis |
Identity Data | Name, email, and user ID are used to administer accounts, enable services, and personalize experiences. | 1. Collection | Until the termination of the user account + 6 months | Performance of a contract to which the data subject is a party |
Technical Data | Includes IP address, unique device ID, browser type, and operating system. Used for functionality, security, and analytics. | 1. Collection | Until the termination of the user account + 6 months | Performance of a contract to which the data subject is a party |
Communication Data | Emails and support interactions are used to handle inquiries and improve support services. | 1. Collection | As long as relevant to business needs or until resolution of inquiries. | Legitimate interest |
2. Sub-Processors and Data Flows
1. Auth0 (Authentication/Login)
Website: https://auth0.com/
Sub-Processing Location: Frankfurt, Germany (EU)
International Transfer: Not applicable, processing within the EU
Description: Provides authentication services for users logging into the platform. Manages secure user authentication and authorization.
Type of Personal Data: Email addresses, IP addresses
Categories of Data Subjects: Users who create accounts
Auth0 Privacy Policy: https://auth0.com/privacy
Compliance Certifications: ISO 27001, SOC 2 Type II
Key Sub-Processors: AWS (Cloud Infrastructure)
2. Google Cloud Platform (Cloud Hosting)
Website: https://cloud.google.com/
Sub-Processing Location: Hamina, Finland (EU)
International Transfer: Not applicable, processing within the EU
Description: Hosts primary data storage solutions, including databases and application data.
Type of Personal Data: Primary data store (detailed categories and attributes should be specified)
Categories of Data Subjects: Users who create accounts
Google Cloud Privacy Policy: https://policies.google.com/privacy
Compliance Certifications: ISO 27001, SOC 2 Type II, FedRAMP
Key Sub-Processors: Equinix (Data Center Operations)
3. ArangoDB (Database)
Website: https://www.arangodb.com/
Sub-Processing Location: Netherlands (EU)
International Transfer: Not applicable, processing within the EU
Description: Manages databases for storing customer and user information, including emails, names, company details, IP addresses, and user IDs.
Type of Personal Data: Email, name, company, IP address, user ID
Categories of Data Subjects: Users who create accounts
Compliance Certifications: ISO 27001
Key Sub-Processors: Google Clous Platform (GCP)
4. Lundatech (Integrations)
Website: https://lundatech.com/
Sub-Processing Location: Stockholm, Sweden (EU)
International Transfer: Not applicable, processing within the EU
Description: Handles API-based integrations with external systems, such as exporting deadlines to calendars, pushing data to BI platforms, and supporting SSO integrations.
Type of Personal Data: Name, email, technical data
Categories of Data Subjects: Users who use integration services
5. Google Analytics (Public Webpage Analytics)
Website: https://analytics.google.com/
Sub-Processing Location: Hamina, Finland (EU)
International Transfer: Not applicable, processing within the EU
Description: Collects and analyzes public website traffic to improve service offerings.
Type of Personal Data: IP addresses
Categories of Data Subjects: Website visitors
Compliance Certifications: ISO 27001, SOC 2 Type II, FedRAMP
6. Sendgrid (Email Notifications)
Website: https://sendgrid.com/
Sub-Processing Location: USA
International Transfer: Standard Contractual Clauses (SCCs). Sendgrid participates in and relies on the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
Description: Sends email notifications and password reset emails, with a 3-day data retention policy.
Type of Personal Data: Email
Categories of Data Subjects: Users who create accounts
Compliance Certifications: ISO 27001, SOC 2 Type II
Key Sub-Processors: Twillo
7. Sentry (Error Tracking)
Website: https://sentry.io/
Sub-Processing Location: USA (Exploring EU options)
International Transfer: Standard Contractual Clauses (SCCs).
Description: Tracks and reports system errors to improve system reliability.
Type of Personal Data: IP addresses
Categories of Data Subjects: Users who encounter platform errors
Comment: Howwe is actively evaluating Sentry's EU-based data processing capabilities.
Compliance Certifications: SOC 2 Type II
Key Sub-Processors: AWS (Cloud Infrastructure)
8. WPEngine (Public Webpage Hosting)
Website: https://wpengine.com/
Sub-Processing Location: Germany (EU)
International Transfer: Not applicable, processing within the EU
Description: Hosts the public-facing website, including marketing and lead generation information.
Type of Personal Data: IP addresses, leads information
Categories of Data Subjects: Website visitors, potential customers (leads)
Compliance Certifications: ISO 27001, SOC 2 Type II
3. Data Retention and Disposal
Personal data is retained for the duration specified in this document. Upon expiration, data is securely deleted or anonymized to prevent identification.
Backup data is retained for up to 90 days and is automatically purged after the retention period.
4. Data Minimization
Howwe Technologies strives to minimize the personal data shared with third-party service providers to the extent strictly necessary for the provision of services or the fulfillment of contractual obligations.
5. Questions and Feedback
If you have questions about this document, or if you wish to raise concerns about any sub-processor, please contact us at:
Email: [email protected]