hibana

Privacy Notice.

Privacy Notice

Last Updated: June 19, 2025

This Privacy Notice describes how Hibana Labs B.V. ("we", "us", or "our") collects, uses, and shares information about you when you visit our website https://www.hibana.ai, contact us for information, or schedule appointments with us.

We are committed to protecting your privacy and handling your personal data in an open and transparent manner, in compliance with the General Data Protection Regulation (GDPR).

This notice applies only to this website, related marketing activities and customer interactions. It does not apply to the use of our final product, which is governed by a separate privacy notice.

1. Data Controller

The controller responsible for the processing of personal data described in this notice is:

Hibana Labs B.V.

Herengracht 320

1016 CE Amsterdam

The Netherlands

Legal Representatives: Mehran Mehri and Roberto Alonso Rodriguez

Email: contact@hibana.ai

2. Data Protection Officer

Within the scope defined in this privacy notice, we are not legally required to appoint a Data Protection Officer (DPO). If you have any questions about data protection, you can reach us at the contact details provided above.

3. How We Process Your Data, for What Purpose, and on What Legal Basis

We process your personal data for various purposes based on different legal grounds.

a) When You Visit Our Website (Server Log Files)

When you access our website, our server automatically collects information that your browser transmits. This data includes:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which the access is made (Referrer URL)
  • Browser type and version, and your computer's operating system

We process this data for the following purposes:

  • To ensure a smooth connection and comfortable use of our website.
  • To evaluate system security and stability.
  • For administrative purposes and to detect and prevent misuse.

The legal basis for this processing is our legitimate interest (Article 6(1)(f) GDPR) in maintaining the security and functionality of our online presence. This data is not merged with other data sources and is typically deleted after 30 days.

b) When You Schedule an Appointment (Calendly)

We use the services of Calendly to allow you to book appointments with us for product demonstrations or interviews. When you use the Calendly widget on our site, you provide data directly to Calendly, LLC. This may include:

  • Your name
  • Your email address
  • Date, time, and topic of the meeting

The purpose of this processing is to efficiently manage appointment scheduling. The legal basis is to take steps at your request prior to entering into a contract (pre-contractual measures, Article 6(1)(b) GDPR).

Calendly, LLC is a US-based company. We have entered into a Data Processing Addendum with Calendly, which includes the EU Standard Contractual Clauses (SCCs) to ensure your data is protected. For more information, please see Calendly's Privacy Policy: https://calendly.com/legal/privacy-notice.

c) When We Manage Scheduled Interviews (Google Calendar)

For organizing and keeping track of customer interviews and product feedback sessions, we may use Google Calendar. This involves processing:

  • Your name and email address
  • Details related to the scheduled interview

The purpose is the effective organization of our customer outreach and market research. The legal basis is your consent (Article 6(1)(a) GDPR), which you provide by agreeing to the interview, or as a pre-contractual measure (Article 6(1)(b) GDPR) if it relates to a potential purchase.

Google acts as a data processor, and data may be processed on servers in the U.S. We have a Data Processing Agreement with Google that incorporates the EU Standard Contractual Clauses (SCCs). For more information, please review Google's Privacy Policy: https://policies.google.com/privacy.


d) When We Conduct Prospect or Customer Interviews (Google Meet and Gemini)

For (prospective) customer interviews, we may use Google Meet for video calls and Gemini for note-taking. This involves processing:

  • Your name and email address
  • Content of the interview, including any notes taken

The purpose is to gather feedback and insights from our (prospective) customers to improve our products and services. The legal basis is your consent (Article 6(1)(a) GDPR) when you agree to participate in the interview.

Google acts as a data processor, and data may be processed on servers in the U.S. We have a Data Processing Agreement with Google that incorporates the EU Standard Contractual Clauses (SCCs). For more information, please review Google's Privacy Policy: https://policies.google.com/privacy.

4. Data Hosting with Firebase

Our website is hosted by Google Ireland Ltd. using Firebase. The customer information we collect through this website is stored on Firebase infrastructure.

  • Hosting Location: We have configured our Firebase services to store data within the European Union, specifically in the Netherlands.
  • Data Processing Agreement (DPA): We have a DPA with Google that governs the processing of your data.
  • International Transfers: While we store data within the EU, it is possible that Google employees or subcontractors located outside the EU (e.g., in the USA) may require remote access to the data for technical support or maintenance. Such access is covered by our DPA with Google and protected by the EU Standard Contractual Clauses (SCCs).

5. Use of Cookies

Our website uses cookies to enhance your browsing experience. Cookies are small text files stored on your device that help us understand how you use our site and improve its functionality.

We use the following types of cookies:

  • Essential Cookies: These are necessary for the basic functionality of the website.
  • Performance Cookies: These help us analyze how visitors interact with our site, allowing us to improve its performance.
  • Functional Cookies: These allow us to remember your preferences and provide a more personalized experience.

You can manage your cookie preferences through your browser settings. However, disabling cookies may affect the functionality of our website.

For more information about the cookies we use, please refer to our Cookie Policy, which is available on our website https://www.hibana.ai/cookies-policy.

6. Recipients of Your Data

We will not sell your data to third parties. We may share your data with trusted service providers who act as our data processors, including:

  • Hosting Provider: Google Cloud EMEA Ltd., for Firebase hosting.
  • Appointment Scheduling: Calendly, LLC, for booking appointments.
  • Productivity Tools: Google, LLC, for calendar management.
    • ``

We only share data that is necessary for them to perform their services and have appropriate data processing agreements with them.

7. Data Retention

We only store your personal data for as long as it is necessary for the purposes for which it was collected or to comply with legal obligations.

  • Server Log Data: Deleted within 30 days.
  • Contact Enquiries: Data from your enquiries will be deleted once the matter is resolved. If it results in a business relationship, we are subject to statutory retention periods under Dutch and German commercial law and must store it for up to 10 years.
  • Appointment Data: We retain this data for the duration of our business relationship or until you ask us to delete it, subject to legal retention obligations.

8. Your Rights as a Data Subject

You have the following rights regarding your personal data:

  • Right of Access (Art. 15 GDPR): To request information about the data we hold about you.
  • Right to Rectification (Art. 16 GDPR): To have inaccurate data corrected.
  • Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR): To have your data deleted, provided there are no legal grounds for us to retain it.
  • Right to Restriction of Processing (Art. 18 GDPR): To request a limitation on the processing of your data.
  • Right to Data Portability (Art. 20 GDPR): To receive your data in a machine-readable format.
  • Right to Withdraw Consent (Art. 7(3) GDPR): If processing is based on your consent, you can withdraw it at any time.

Right to Object (Article 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on our legitimate interests (Article 6(1)(f) GDPR). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms.

To exercise any of these rights, please contact us at contact@hibana.ai

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. As our main establishment is in the Netherlands, our lead supervisory authority is the Dutch Data Protection Authority:

Autoriteit Persoonsgegevens

Website: https://autoriteitpersoonsgegevens.nl/

You also have the right to lodge a complaint with your local supervisory authority, for example, if you reside in Germany.

10. Automated Decision-Making

We do not use your personal data for automated decision-making or profiling.