Jul 16, 2025
Effective date: 23 October 2025
Version: 1.1
At Highsail, we are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, and safeguard your information when you interact with our website, services, and related tools.
By accessing or using Highsail, you acknowledge that you have read and understood this policy and consent to the practices described, in accordance with the General Data Protection Regulation (GDPR) and other applicable European data protection laws.
1. Who We Are
Highsail BV is registered with the Crossroads Bank for Enterprises (Kruispuntbank van Ondernemingen) under number 1017.818.525.
Registered address: Brusselsesteenweg 6, 9050 Ghent, Belgium
Contact: privacy@highsail.com
2. What Data We Collect
We collect different types of data depending on how you interact with Highsail.
Website visitors (highsail.com)
Basic analytics data such as page views, referral source, browser type, and approximate location, collected through our website platform (Framer) and any integrated analytics tools.
Information you voluntarily provide through contact forms, newsletter sign-ups, or demo requests (e.g., name, email address, company name).
Software users (Highsail platform)
Account information: name, email address, company details, and login credentials.
Usage data: features used, session duration, and interaction logs to improve service quality.
Client data: Highsail processes data that you - as customer - provide about your clients. This may include customer related data, documents, business-contact details, and other information related to your professional activities.
3. Purpose and Legal Basis for Processing
Under Article 6 of the GDPR, we process personal data only when we have a valid legal basis. The list below maps each processing purpose to its legal basis.
Providing the platform and services - Legal basis: Contractual necessity - Example data: Account details, customer operations data
Account creation and authentication - Legal basis: Contractual necessity - Example data: Name, email, login credentials
Customer support - Legal basis: Contractual necessity - Example data: Contact details, support correspondence
Security, fraud prevention, and abuse detection - Legal basis: Legitimate interest - Example data: IP addresses, access logs, usage patterns
Product improvement and analytics - Legal basis: Legitimate interest - Example data: Aggregated usage data, feature interaction logs
Website analytics - Legal basis: Legitimate interest or consent - Example data: Page views, referral source, browser type
Marketing communications - Legal basis: Consent - Example data: Email address, name
Legal and regulatory compliance - Legal basis: Legal obligation - Example data: Financial records, tax-related data
Where processing is based on consent, you may withdraw that consent at any time. Withdrawal applies only to the period following the withdrawal and does not affect the lawfulness of the processing that took place before it.
Where processing is based on legitimate interest, Highsail performs a balancing assessment to ensure our interests do not override your fundamental rights and freedoms.
4. AI Processing
Highsail uses artificial intelligence to provide its core service. This means:
Data you input into the Highsail platform may be processed by AI models to generate insights, suggestions, or outputs relevant to your accounting tasks.
AI processing is carried out through third-party large language model (LLM) providers. These providers are bound by data processing agreements and are listed on our sub-processor list.
We apply data minimization principles: only the data necessary for the specific task is sent to AI providers.
We do not use your data or your clients' data to train AI models, unless explicitly agreed upon in a separate agreement.
AI-generated outputs are intended as assistance and should be reviewed by qualified professionals before being relied upon.
5. Data Controller and Data Processor
Highsail BV acts in different roles depending on the context:
As data controller: Highsail is the data controller for the personal data of website visitors, platform account holders, and prospective customers. We determine the purposes and means of processing this data.
As data processor: When customers use the Highsail platform to process their clients' data, Highsail acts as the data processor. In this case, the customer (you) is the data controller for your clients' personal data. You are responsible for informing your clients about how their data is processed and for obtaining any necessary consent. Highsail processes this client data solely on your instructions and for the purposes outlined in our agreement.
A Data Processing Agreement (DPA) is included as part of our customer agreements. If you require a standalone DPA, please contact privacy@highsail.com.
6. Data Sharing & Transfers
We do not sell your personal data. Highsail may share personal data with processors who provide services on behalf of Highsail.
Highsail and its subsidiaries or parent companies, if any (list available upon request at privacy@highsail.com).
External processors, including but not limited to public entities, IT service providers, auditors, marketing and communication agencies, and lawyers, may be used by Highsail. These processors are only authorized to process personal data for the specific tasks assigned to them and are bound by all relevant legislation regarding data protection.
If a processor outside the European Economic Area is utilized, the same level of protection as in Belgium will be ensured, and cooperation will only take place with a party that meets the conditions for international data protection as defined in the General Data Protection Regulation (GDPR).
7. Data Retention
Data is not kept longer than necessary on servers at established cloud and hosting service providers that comply with General Data Protection Regulation (GDPR) legislation in terms of security and privacy protection.
Highsail retains only data necessary to provide its services. Upon or after termination of the contract, any interested party may request the deletion of all applicable data.
Website visitor data (analytics) is retained for a maximum of 14 months.
Account and usage data is retained for the duration of your contract and deleted within 90 days after termination, unless a longer retention period is required by law.
Client accounting data processed on behalf of customers is deleted or returned in accordance with the applicable Data Processing Agreement.
8. Data Security
We are committed to ensuring the confidentiality, integrity, and availability of your data. We use industry-standard security measures, including:
Encryption at rest and in transit
Multi-factor authentication for administrative access
Role-based access controls with least-privilege principle
Secure logging and monitoring of access to personal data
Secure data storage and backups
Regular security reviews and vulnerability remediation
9. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, Highsail will:
Notify the relevant supervisory authority (the Belgian Data Protection Authority) without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR.
Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms, in accordance with Article 34 of the GDPR.
For customers with a Data Processing Agreement, Highsail will notify the data controller within 48 hours of becoming aware of a breach affecting their data, enabling the controller to fulfil its own notification obligations.
10. Cookies & Tracking
Our website (Highsail.com) is built on Framer and uses cookies and similar technologies.
Essential cookies are required for the website to function properly and cannot be disabled.
Analytics cookies collect anonymised usage data to help us understand how visitors interact with our website and improve our services. These cookies are only placed with your consent, in accordance with the ePrivacy Directive. You can manage your cookie preferences through our cookie consent banner when you first visit our website, and you may withdraw your consent at any time by adjusting your browser settings or revisiting the cookie settings.
For more details on Framer's data practices, please refer to Framer's privacy policy.
11. Your Rights
As a user, you can exercise the following rights under the GDPR:
Right of access: You have the right to access the personal data Highsail processes about you and obtain additional information regarding this processing.
Right to rectification: You may request correction of inaccurate or incomplete personal data.
Right to erasure: In certain cases, you may request the deletion of your personal data.
Right to restrict processing: In certain cases, you may request to restrict the processing of your personal data.
Right to data portability: In certain cases, you have the right to have the personal data you provided transferred to another controller, provided this is technically possible.
Right to object: You may object to the processing of your personal data for direct marketing purposes at any time.
You may exercise the above rights by sending a request to privacy@highsail.com. To protect your personal data, we may take reasonable steps to verify your identity before processing your request.
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority — in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement. In Belgium, the competent authority is the Data Protection Authority (Gegevensbeschermingsautoriteit):
Address: Drukpersstraat / Rue de la Presse 35, 1000 Brussels
Email: contact@apd-gba.be
Phone: +32 2 274 48 00
Website: www.dataprotectionauthority.be
12. Third-Party Links
Our platform may contain links to third-party websites or services. We are not responsible for their content or privacy practices and encourage you to review their policies before sharing information.
13. Children's Privacy
Highsail's services are designed for business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete that data promptly.
14. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available at highsail.com/legal/privacy with the effective date clearly stated. Continued use of our services constitutes acceptance of any updates.
