Data Privacy

Understand what data is collected by Kabeen and how it is protected

Introduction

Kabeen was designed with data privacy as a fundamental priority. This article describes the data collected by the platform and the protection mechanisms in place.

Data Collected by the User Agent

The Kabeen user agent collects the following information:

Web Navigation

  • Visited URLs: only the domain and path of applications configured in your inventory
  • Usage time: active usage duration for each application
  • Timestamps: usage session timestamps

Native Applications

  • Application name: description of the application displayed on screen
  • Foreground time: duration the application is in the foreground

Data NOT Collected

Kabeen NEVER collects:

  • Web page content (text, images, forms)
  • Usernames and passwords
  • Conversations or messages
  • Files opened or modified
  • Keystrokes
  • Screenshots
  • Personal data (emails, names, contact details)

Anonymization and Identity Tracking

Kabeen distinguishes the counting of users from their identification. Usage statistics rely on distinct user counts (aggregates), which always remain available; the display of identities depends on the identity tracking mode configured at the workspace level.

Three modes exist:

  • Named: the names of users and devices are displayed.
  • Anonymous: only counts and aggregates are visible; the names of users and devices are hidden.
  • Forced anonymous: locked anonymous mode, which can no longer be switched back to named mode.

Even in anonymous mode, the distinct user count remains visible: only individual identities are hidden. Accessing named detail additionally requires the user read permission, so data visibility can be restricted depending on roles.

Controlling Kabeen AI Features

The Kabeen AI features that rely on navigation data can be controlled from the workspace settings.

  • Application auto-discovery, feature auto-discovery, and the Prism assistant can be enabled or disabled from the workspace settings.
  • These features only use URL metadata (domain and path): never page content, credentials, or keystrokes.
  • Data visibility can also be driven by roles, to restrict access to navigation information depending on profiles.

To adjust data visibility by profile, refer to the Roles and Permissions article.

Reporting a Vulnerability

Kabeen welcomes security reports under a responsible disclosure approach.

  • There is currently no public bug bounty program.
  • Security reports are nevertheless accepted: for responsible disclosure, contact the Kabeen security team through the usual support channel.
  • For details of the protection measures in place (TLS 1.3, AES-256 encryption at rest) and the GDPR / ISO 27001 certifications, see the Architecture article.

Data Security

Encryption

  • In transit: TLS 1.3 minimum for all communications
  • At rest: AES-256 encryption for stored data

Hosting

  • Location: Google Cloud Platform, europe-west9 region (Paris)
  • Compliance: GDPR, ISO 27001

Retention

  • Usage data is retained for a maximum of 24 months
  • Data can be deleted upon request

User Rights

In accordance with GDPR, users have the following rights:

  • Right of access: view data collected about them
  • Right to rectification: correct inaccurate data
  • Right to erasure: request data deletion
  • Right to portability: export data in a standard format