Privacy Practices

Frequently Asked Questions

At HiThrive, our users’ privacy is at the core of our decision making. We provide a service that changes the way we connect to our work, to our coworkers, and to our organization. Sensitive information is passed through our systems, and we don’t take that lightly.

We have created this page to answer frequent questions about how our systems use your information to facilitate our services. If you wish to view our Privacy Policy, click here.


Where does my data go within HiThrive?

Your data is comprised of things like your name, group, shoutouts, comments, reactions, and so on. The majority of this data is stored on an encrypted database at both rest (when stored) and in-transit (when being sent from one server to another) within AWS. This server is behind a VPC (firewall) that only privileged servers have access to (such as our backend application servers). 


Where does my data go outside of HiThrive?

We only send data to trusted third-party service providers who perform certain functions on HiThrive’s behalf necessary to provide our services. These service providers are subject to strict privacy and security controls. Examples of service providers include cloud hosting providers, communications providers, and analytics companies. A list is available here

For folks coming to figure out GDPR compliance, these third-party services act as data processors for us. When we work with these service providers in our capacity as a data processor for our customers' personal data, the General Data Protection Regulation (GDPR) calls these third-party service providers a sub-processor. A subprocessor is a third party data processor engaged by HiThrive who may have access to or process personal data: (i) on behalf of HiThrive customers; (ii) in accordance with customer instructions as communicated by HiThrive; and (iii) in accordance with the terms of a written contract between HiThrive and the subprocessor.


‍Is HiThrive compliant with Europe’s General Data Protection Regulation (GDPR)?

‍Yes, HiThrive embraces a continuous commitment to maintain compliance with all applicable data protection laws, including the GDPR.  This includes requiring the Standard Contractual Clauses (SCCs) in all of HiThrive’s commercial relationships involving the transfer of personal data outside of the European Economic Area (EEA). Our intention is to ensure adequate protection of data transferred to us from Europe.


What information do you have access to inside of Slack?

HiThrive exclusively has access to and processes actions directed at the HiThrive application. We cannot see any messages in your Slack workspace. To process actions, they must both: (a) have been posted to a channel in which HiThrive has been invited to and (b) have a slash command (e.g. /shoutout, /award) that calls to the HiThrive application. Additionally, HiThrive has access to user profile details which may include name, display name, email address, profile picture, time zone, and status.

HiThrive can post messages to channels in which it is installed when directed to do so by an administrator or in conjunction with an automated award enabled by an administrator (ex. nomination campaign announcements, birthday and anniversary announcements). 


‍Does HiThrive sell personal information to third parties?

‍No. HiThrive will never sell the personal information it collects through its services or website to third parties.


How can I get additional information about HiThrive’s data privacy or information security practices?

‍Please do not hesitate to contact us at privacy@hithrive.com