Privacy Policy for Houdin.io & Logic App Connector

Last Updated: July 14, 2025

1. Introduction

Houdin.io (“we”, “us”, “our”) provides a cloud-based cyber threat analysis platform, including a Logic App connector (together, the “Service”). This policy explains how we collect, use, share, and protect your data in compliance with GDPR.

2. Data Controller & Processor

• Controller: Houdin.io controls the processing of customer data related to your use of the Service.
• Processor: We act as a processor when handling personal data on behalf of customers. A Data Processing Agreement (DPA) covers subprocessors, confidentiality, technical safeguards, audits, and data deletion upon termination.

3. Personal Data & Lawful Processing

• Account info: name, email, company, billing details
• Technical logs: IP addresses, device/browser info, connector usage
• Payload data: the content you pass through the Logic App connector

We process data under these lawful bases:

1. Consent: when you opt into data tracking or cookies.
2. Contractual necessity: to provide and support the Service.
3. Legitimate interests: for fraud prevention, analytics, security.
4. Legal obligations: e.g., record‑keeping for compliance.

4. Data Principles & Retention

• Minimization: only essential data is collected.
• Purpose limitation: data used only for stated purposes.
• Accuracy: you can correct your info anytime.
• Storage limitation: retained only as long as necessary.
• Security: encryption, access control, pseudonymization, audits.

5. Transparency & Privacy‑by‑Design

Our policy is clear and concise. Privacy is built into our systems by default with secure‑by‑default settings, encrypted storage, API authentication, and privacy‑aware integrations.

6. Consent & Cookies

We show a GDPR‑compliant cookie banner for EU/EEA visitors. Only essential cookies load by default; marketing and analytics cookies are opt‑in and withdrawable.

7. Subprocessors & International Transfers

We publish our subprocessors (e.g., cloud, analytics, payments) in our DPA and notify customers of additions. Data transferred outside the EU/EEA is protected by Standard Contractual Clauses or equivalent safeguards.

8. Data Subject Rights

Under GDPR, you may:

• Access, correct, erase, restrict, or object to processing
• Port your data in a common format
• Withdraw consent and stop profiling or automated decisions

Requests are processed within one month. Contact us at privacy@houdin.io.

9. Data Breach & Security Measures

• TLS encryption in transit & at rest
• Role‑based access controls
• Secure backups & regular vulnerability testing
• 72‑hour breach notification to authorities

10. Data Protection Officer (DPO)

We have a designated DPO to oversee compliance. Contact details are available on request.

11. Updates & Governance

Policy updates are posted on our website with revision dates; major GDPR changes will be highlighted. We maintain records of processing activities and conduct periodic GDPR audits.

12. Contact Information

Email: privacy@houdin.io