Data Privacy
Understand what data is collected by Kabeen and how it is protected
Introduction
Kabeen was designed with data privacy as a fundamental priority. This article describes the data collected by the platform and the protection mechanisms in place.
Data Collected by the User Agent
The Kabeen user agent collects the following information:
Web Navigation
- Visited URLs: only the domain and path of applications configured in your inventory
- Usage time: active usage duration for each application
- Timestamps: usage session timestamps
Native Applications
- Application name: description of the application displayed on screen
- Foreground time: duration the application is in the foreground
Data NOT Collected
Kabeen NEVER collects:
- Web page content (text, images, forms)
- Usernames and passwords
- Conversations or messages
- Files opened or modified
- Keystrokes
- Screenshots
- Personal data (emails, names, contact details)
Anonymization and Identity Tracking
Kabeen distinguishes the counting of users from their identification. Usage statistics rely on distinct user counts (aggregates), which always remain available; the display of identities depends on the identity tracking mode configured at the workspace level.
Three modes exist:
- Named: the names of users and devices are displayed.
- Anonymous: only counts and aggregates are visible; the names of users and devices are hidden.
- Forced anonymous: locked anonymous mode, which can no longer be switched back to named mode.
Even in anonymous mode, the distinct user count remains visible: only individual identities are hidden. Accessing named detail additionally requires the user read permission, so data visibility can be restricted depending on roles.
Controlling Kabeen AI Features
The Kabeen AI features that rely on navigation data can be controlled from the workspace settings.
- Application auto-discovery, feature auto-discovery, and the Prism assistant can be enabled or disabled from the workspace settings.
- These features only use URL metadata (domain and path): never page content, credentials, or keystrokes.
- Data visibility can also be driven by roles, to restrict access to navigation information depending on profiles.
To adjust data visibility by profile, refer to the Roles and Permissions article.
Reporting a Vulnerability
Kabeen welcomes security reports under a responsible disclosure approach.
- There is currently no public bug bounty program.
- Security reports are nevertheless accepted: for responsible disclosure, contact the Kabeen security team through the usual support channel.
- For details of the protection measures in place (TLS 1.3, AES-256 encryption at rest) and the GDPR / ISO 27001 certifications, see the Architecture article.
Data Security
Encryption
- In transit: TLS 1.3 minimum for all communications
- At rest: AES-256 encryption for stored data
Hosting
- Location: Google Cloud Platform, europe-west9 region (Paris)
- Compliance: GDPR, ISO 27001
Retention
- Usage data is retained for a maximum of 24 months
- Data can be deleted upon request
User Rights
In accordance with GDPR, users have the following rights:
- Right of access: view data collected about them
- Right to rectification: correct inaccurate data
- Right to erasure: request data deletion
- Right to portability: export data in a standard format