Privacy at Humu: Vulnerabilities, breaches, and notifications

People aren’t perfect. Mistakes happen, even when we have the best intentions. When building new technology, sometimes those mistakes involve security or privacy vulnerabilities.

At Humu, we want to build a world where people are treated with humanity, respect, and consideration. That’s why, as a company, we’ve made a commitment to doing what’s right, whether by sharing insights from our research teams or by volunteering in our communities. Because to truly make work better, it takes a village.

When we discover a security or privacy vulnerability in our product, we fix it as soon as possible.

Similarly, if we find potential issues in someone else’s product or system, we let them know so they can take steps to protect their users’ security and privacy.

We also help avoid future vulnerabilities by encouraging discussion in the broader community about what works, what doesn’t, and why.

In accordance with responsible disclosure practices, once the bug is fixed, or the default deadline of 90 days after being notified of the bug has elapsed, we will share the issue with the public, so we can all learn.  A note on the 90-day window: this is adjustable, and can be increased when fixes are exceptionally difficult to roll out, or decreased if a particular vulnerability is being actively exploited—because without knowledge of that vulnerability, targets can’t take measures to protect themselves.

Related article: Building Systems for Trust to Make Work Better

Privacy and security are core to the Humu experience—and is why I joined the company from Google. I want to build great things which are respectful of people; that means things which function in the imperfect real world in which we live.

It’s my hope that our notification policy broadens the conversation around privacy and security in the people analytics and management field. If you find issues in our product or system, please let us know so we can fix them as soon as possible! We’ll thank you publicly, we’ll send you some snazzy socks, and—most importantly—we’ll consider you partners in the mission to make work better.

If you have questions about this policy or other privacy-related issues at Humu, email us at

Continue reading