Reliability you can trust

Hanna is built with security, stability, and responsible data protection at its core.
Security is not an add-on — it’s part of how the system works from day one.

See prices

Data security

Encryption

Data is encrypted in transit (TLS 1.2 or higher)
All communication with servers is secured via HTTPS
Sensitive user data is encrypted at rest
Passwords are stored using one-way cryptographic hashing with salting and are not
accessible to Hanna employees
Infrastructure-level protection against unauthorized access

Access control

Role-based access control (RBAC)
Optional two-factor authentication (2FA)
All user and administrative actions are logged
Logged events include logins, data creation, edits, exports, and deletions
Full auditability and access history tracking
Audit logs are retained for no less than 12 months

Infrastructure

Hosted in secure, high-standard data centers
Physical and network security controls
Isolated customer environments and data segregation
Continuous system monitoring
Customer data is stored within the European Union

These measures ensure data protection at both technical and organizational levels.

ISO 27001 Certification

Hanna’s Information Security Management System is certified to ISO/IEC 27001:2022.

This means:

Systematic risk assessment and risk management
Documented security policies and procedures
Regular independent audits
Continuous improvement of security processes

Security assurance is an ongoing process, not a one-time effort.

Reliability is not an extra feature. It is the foundation of sustainable business growth.

System Monitoring & Availability

24/7 automated system monitoring
Real-time alerts for disruptions
Incident escalation procedures
Historical monthly system availability exceeding 99.5%

We aim to maintain a minimum monthly uptime of 99.5%.

Critical alerts are immediately routed to the responsible team to ensure rapid response.

System status and uptime history are publicly available at: status.hannacrm.app

Business Continuity

System stability is essential to business continuity.Hanna ensures:

Regular automated data backups
Backup storage across geographically separate locations
High-availability architecture with multiple active application instances using load
balancing
A documented Disaster Recovery (DR) plan
Incident management and recovery procedures

Recovery objectives:

RTO (Recovery Time Objective): up to 12 hours
RPO (Recovery Point Objective): up to 6 hours

In the event of disruption, the system can be restored within defined timeframes, and potential data loss is limited and controlled.

Our objective is to ensure uninterrupted business operations.

Vulnerability Management

Regular security assessments of systems
Ongoing vulnerability monitoring and remediation processes
Critical security patches applied with priority

Security threats are continuously evaluated and mitigated in accordance with industry best practices.

SaaS Architecture & Platform Accessibility

Hanna is delivered as a SaaS solution.

Each customer operates in a dedicated, isolated environment
Accessible via web browser
Mobile access supported
Secure API-based integrations available

The platform is designed for secure, reliable access from anywhere.

SaaS Architecture & Platform Accessibility

Integrations & API Security

Hanna provides a secure REST API, with communication conducted over encrypted HTTPS channels using standardized JSON format.

API communication secured via HTTPS
Authentication and access control enforced at API level
Secure integrations with third-party systems

The API enables controlled and secure data exchange between systems.

Change Management

All system changes follow a documented change management process.

Code reviews prior to deployment
Testing and quality assurance procedures
Automated updates and security patches
Phased deployments to minimize operational risk
Customers are informed in advance of significant changes

This ensures system stability and controlled risk management.

Incident Management

Customers are informed of significant security incidents without undue delay, in accordance with legal and contractual requirements.

Incidents are managed under a documented response procedure designed to ensure rapid resolution and impact mitigation.

Professional & Cyber Liability Insurance

Hanna maintains professional and cyber liability insurance.

Coverage limit: €1,000,000 per incident
Worldwide coverage
Insurer: Lloyd’s of London (A+ rating)
Covers professional errors, data breaches, and privacy violations

This provides an additional financial safeguard for our customers.

Professional & Cyber Liability Insurance

Privacy & GDPR Compliance

We respect and protect customer data.

Compliant with the EU General Data Protection Regulation (GDPR)
Data Processing Agreement (DPA) available
Transparent list of engaged subprocessors
Customer data remains the sole property of the Customer
Data export and deletion available upon request

Hanna does not sell or reuse customer data for purposes unrelated to service delivery.

Data Processing Agreement (DPA)

This Data Processing Agreement (“Agreement”) is entered into between:

Data Controller – the Client

and

Data Processor – UAB “Ateities IT” (Hanna)

This Agreement forms an integral part of the Terms of Service.

1. Subject and nature of processing

The Data Processor processes personal data on behalf of the Client only to the extent necessary to provide, maintain, and ensure the secure operation of the Hanna CRM services.

2. Categories of data

Depending on the Client’s use of the service, the following categories of personal data may be processed:

contact details
job roles and company information
communication records
sales and activity data
system user data

Data subjects may include the Client’s customers, employees, or other related individuals.

3. Purpose of processing

Personal data is processed only to the extent necessary for:

providing the service
system operation and maintenance
ensuring security

Processing is carried out in accordance with the Client’s use of the system and the terms of this Agreement.

4. Obligations of the Data Processor

The Data Processor:

processes personal data on behalf of the Client only as necessary to provide the service, based on the Client’s use of the system and this Agreement
ensures confidentiality and that personnel are bound by confidentiality obligations
implements appropriate technical and organizational security measures
notifies the Client without undue delay in the event of a personal data breach
upon termination of services, deletes or returns personal data
reasonably assists the Client in fulfilling data subject rights

5. Sub-processors

The Data Processor may engage sub-processors to provide the service.

Sub-processors process data only to the extent necessary for their function
Appropriate data protection obligations are in place with them
The Data Processor remains responsible for their actions

A list of sub-processors is provided separately.

6. International data transfers

Where personal data is transferred outside the European Economic Area, appropriate safeguards are applied, including the European Commission’s Standard Contractual Clauses (SCCs).

7. Audit and compliance

Upon reasonable request, the Data Processor provides the Client with information necessary to demonstrate compliance with this Agreement and applicable data protection laws.

8. Term

This Agreement remains in effect for the duration of the service provision.

Organizational Security Measures

Technology is only part of security. Processes and people matter equally.

Access granted on a strict need-to-know basis
Employees bound by confidentiality agreements (NDA)
Regular security training
Internal security policies and procedures
Defined incident escalation and response processes

Security is a continuous operational responsibility.

Transparency

We are committed to clarity and openness. Publicly available documents include:

Privacy Policy
Terms of Service
Data Processing Agreement (DPA)
Subprocessor List

Customers are notified in advance of material changes to the subprocessor list. If you have any questions regarding security or compliance, our team is ready to assist.

Hanna Terms of Service

1. General Provisions

These Terms of Service (“Terms”) govern the use of the Hanna system provided by UAB “Ateities IT”.

By using the Hanna system, registering an account, entering into an agreement, or otherwise using the services, the customer confirms that they have read and agree to comply with these Terms.

If a separate written agreement exists between the Customer and UAB “Ateities IT”, the provisions of such agreement shall prevail over these Terms to the extent of any inconsistency.

2. Service Provider

Service provider:

UAB “Ateities IT”

Company code: 303336094

Address: Ozo g. 12A, LT-08200 Vilnius, Lithuania

Email: [email protected]

Technical support: [email protected]

Hereinafter referred to as “Hanna” or the “Service Provider”.

3. Description of Services

Hanna is a cloud-based customer relationship management (CRM) platform designed for managing customers, sales, communication, business processes, and related information.

Services may include:

CRM functionality;
contact and communication management;
document and file storage;
email integrations;
automation features;
artificial intelligence (“Hanna AI”) features;
API and third-party integrations;
technical support and maintenance.

Hanna reserves the right to modify, improve, or update the functionality of the system in order to ensure service quality, security, and technological relevance.

4. Accounts and Use of the System

The Customer is responsible for:

the accuracy of account information;
the security of login credentials;
actions performed by users within the system;
lawful use of the services.

The Customer agrees not to:

use the system for unlawful purposes;
violate third-party rights;
attempt to bypass security measures;
overload or disrupt the system;
perform reverse engineering, decompilation, or source code extraction unless expressly permitted by applicable law.

Hanna may temporarily restrict or suspend access to the system if the Customer’s actions threaten the security, stability, or lawful operation of the services.

5. Service Availability

Hanna uses commercially reasonable efforts to ensure continuous operation of the system but does not guarantee uninterrupted or error-free availability.

The system may occasionally become unavailable due to:

scheduled maintenance;
updates;
infrastructure issues;
third-party provider failures;
internet or electricity outages;
cybersecurity incidents;
force majeure events.

Where reasonably possible, customers will be informed in advance about planned maintenance.

6. Payments and Subscription

Services are provided according to the selected plan and applicable pricing model.

Unless agreed otherwise:

invoices are issued periodically;
payments must be made within the invoice due date;
prices are stated excluding VAT unless otherwise indicated.

Hanna reserves the right to update pricing from time to time by providing prior notice of material changes.

In case of overdue payments, Hanna may:

restrict system functionality;
suspend access to the services;
terminate services in accordance with applicable law and these Terms.

7. Data and Responsibility for Content

The Customer remains the controller of all data uploaded into the system and is responsible for:

the legality of the data;
its accuracy;
having the right to process personal data;
the lawful storage and use of uploaded information.

Hanna acts as a data processor to the extent necessary for providing the services.

Personal data processing is governed by:

the Privacy Policy;
the Data Processing Agreement (DPA);
the Subprocessor List.

These documents form an integral part of these Terms.

8. Artificial Intelligence (AI)

Certain Hanna features may use artificial intelligence technologies (“Hanna AI”).

AI functionality may be used for:

text generation;
data analysis;
recommendations and automation;
process optimization.

The Customer acknowledges and agrees that:

AI-generated content may contain inaccuracies or incomplete information;
the Customer remains solely responsible for decisions made using AI-generated outputs;
AI functionality does not constitute legal, financial, or professional advice.

Hanna may use anonymized and aggregated usage data for improving AI functionality, provided such data does not directly or indirectly identify the Customer or any data subjects.

9. Intellectual Property

All rights to the Hanna system, including software, code, design, functionality, algorithms, documentation, and related intellectual property, belong to UAB “Ateities IT” or its licensors.

The Customer is granted a limited, non-exclusive, non-transferable right to use the system solely in accordance with these Terms and the selected subscription plan.

10. Subprocessors and Third-Party Services

Hanna may engage third-party service providers (subprocessors) necessary for operating the services, including:

hosting providers;
email infrastructure;
document processing services;
AI providers;
communication and analytics systems.

The current list of subprocessors is published separately on the website.

Some providers may process data outside the European Economic Area (EEA). In such cases, appropriate safeguards are implemented in accordance with GDPR requirements, including Standard Contractual Clauses (SCCs).

11. Limitation of Liability

To the maximum extent permitted by applicable law:

Hanna shall not be liable for indirect damages, loss of profits, reputational harm, or data loss;
Hanna shall not be liable for disruptions caused by third-party services;
Hanna shall not be liable for damages resulting from the Customer’s actions or misuse of the system.

Hanna’s total aggregate liability under these Terms shall not exceed the amount paid by the Customer for the services during the six (6) months preceding the event giving rise to the claim, except where liability cannot be limited under applicable law.

12. Term and Termination

The use of the services continues as long as:

the Customer uses the system; or
an active subscription or agreement remains in effect.

The Customer may terminate the use of the services in accordance with the applicable termination procedure.

Hanna may suspend or terminate access if:

these Terms are violated;
payment obligations are not fulfilled;
use of the system threatens security or legitimate interests.

Following termination, data may be retained for a limited period before permanent deletion.

13. Confidentiality

The parties agree not to disclose confidential information to third parties unless:

required for service provision;
required by law;
consent has been given by the other party.

14. Amendments

Hanna may periodically update these Terms.

The latest version will be published on the website. Customers may additionally be informed of material changes via email or through the system.

15. Governing Law and Dispute Resolution

These Terms shall be governed by the laws of the Republic of Lithuania.

Any disputes shall first be resolved through negotiations. If no agreement is reached, disputes shall be settled in the courts of the Republic of Lithuania according to the registered office of Hanna.

16. Contact Information

For questions regarding these Terms, please contact:

UAB “Ateities IT”

Email: [email protected]

Technical support: [email protected]

Data Processing Agreement (DPA)

This Data Processing Agreement (“Agreement”) is entered into between:

Data Controller – the Client

and

Data Processor – UAB “Ateities IT” (Hanna)

This Agreement forms an integral part of the Terms of Service.

1. Subject and nature of processing

The Data Processor processes personal data on behalf of the Client only to the extent necessary to provide, maintain, and ensure the secure operation of the Hanna CRM services.

2. Categories of data

Depending on the Client’s use of the service, the following categories of personal data may be processed:

contact details
job roles and company information
communication records
sales and activity data
system user data

Data subjects may include the Client’s customers, employees, or other related individuals.

3. Purpose of processing

Personal data is processed only to the extent necessary for:

providing the service
system operation and maintenance
ensuring security

Processing is carried out in accordance with the Client’s use of the system and the terms of this Agreement.

4. Obligations of the Data Processor

The Data Processor:

processes personal data on behalf of the Client only as necessary to provide the service, based on the Client’s use of the system and this Agreement
ensures confidentiality and that personnel are bound by confidentiality obligations
implements appropriate technical and organizational security measures
notifies the Client without undue delay in the event of a personal data breach
upon termination of services, deletes or returns personal data
reasonably assists the Client in fulfilling data subject rights

5. Sub-processors

The Data Processor may engage sub-processors to provide the service.

Sub-processors process data only to the extent necessary for their function
Appropriate data protection obligations are in place with them
The Data Processor remains responsible for their actions

A list of sub-processors is provided separately.

6. International data transfers

Where personal data is transferred outside the European Economic Area, appropriate safeguards are applied, including the European Commission’s Standard Contractual Clauses (SCCs).

7. Audit and compliance

Upon reasonable request, the Data Processor provides the Client with information necessary to demonstrate compliance with this Agreement and applicable data protection laws.

8. Term

This Agreement remains in effect for the duration of the service provision.

Technology Partners (Subprocessors)

Hanna works with trusted technology partners (subprocessors) that help ensure service delivery, including infrastructure, communication, and additional functionality.

All subprocessors:

receive only the data necessary to perform their function
operate under data processing agreements (DPA)
comply with GDPR requirements

Subprocessor	Purpose	Data location
Baltneta	Server infrastructure and data hosting	EU (Lithuania)
ConvertAPI	File conversion (e.g. documents to PDF)	EU / US
Nylas	Email integration and synchronization	US
Google	Cloud infrastructure, email, and documents	EU / US
Microsoft 365	Email and document management	EU
Postmark	Transactional email delivery	US
MailerSend	Email delivery services	EU / US
OpenAI	Artificial intelligence features (“Hanna AI”)	US

Last updated: 2026-02-25

Customers are informed in advance about material changes to the subprocessor list.

Privacy Policy

1. General provisions

UAB “Ateities IT” (hereinafter – the “Company”, “we”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use and safeguard your data when you use our website or contact us.

This Policy applies to individuals who:

visit our website;
contact us;
use our services prior to entering into a contract (e.g., submit an inquiry or request a demo).

By using our website or providing your data, you confirm that you have read this Privacy Policy.

2. Data controller

UAB “Ateities IT”

Company code: 303336094

Address: Ozo g. 12A, Vilnius, Lithuania

Email: [email protected]

3. What data we collect

We may collect the following personal data:

3.1. Data you provide:

name and surname;
email address;
phone number;
company name and related details;
any other information you provide when contacting us.

3.2. Automatically collected data:

IP address;
browser type and device information;
date and time of visit;
pages viewed;
cookie data.

4. Purposes and legal bases for data processing

We process your personal data for the following purposes:

Purpose	Legal basis
Responding to inquiries, communication	Performance of a contract or steps prior to entering into a contract
Providing services	Performance of a contract
Direct marketing (newsletters, offers)	Consent
Website improvement and analytics	Legitimate interest
Compliance with legal obligations	Legal obligation

You have the right to withdraw your consent for marketing purposes at any time.

5. Data disclosure

Your data may be shared with:

our service providers (e.g., IT, hosting, analytics, email service providers);
law enforcement authorities when required by law;
other parties if necessary for service provision.

All data processors are required to comply with GDPR requirements.

6. Data transfers outside the EEA

Some of our service providers may be located outside the European Economic Area (EEA). In such cases, we ensure that:

data is transferred in accordance with Standard Contractual Clauses (SCC) approved by the European Commission; or
other appropriate safeguards under GDPR are applied.

7. Data retention periods

We retain your data only as long as necessary:

inquiry data – up to 1 year from the last contact;
marketing data – until consent is withdrawn;
analytical data – according to cookie retention periods;
other data – as required by applicable laws.

8. Data security

We implement appropriate technical and organizational security measures, including:

data encryption during transmission (HTTPS / TLS);
access control;
system monitoring and protection;
restricted employee access.

However, no system is completely secure, and we cannot guarantee absolute security.

9. Your rights

You have the following rights:

to be informed about the processing of your data;
to access your data;
to request correction of inaccurate data;
to request deletion of your data (“right to be forgotten”);
to restrict processing;
to data portability;
to object to processing;
to withdraw consent;
to lodge a complaint with a supervisory authority.

To exercise your rights, contact us at: [email protected]

10. Cookies

We use cookies to ensure proper website functionality and improve user experience.

We use the following types of cookies:

necessary (for website functionality);
analytical (for usage statistics);
functional (to remember user preferences);
advertising (if applicable).

More information about cookies can be found in your browser settings or in our cookie notice.

11. Automated decision-making and AI

In certain cases, we may use automated tools or artificial intelligence (AI) solutions to:

improve service quality;
analyze data;
automate processes.

Such solutions are not used to make legal or similarly significant decisions about you without human involvement.

12. Links to other websites

Our website may contain links to third-party websites. We are not responsible for their privacy practices.

13. Policy updates

We may periodically update this Privacy Policy. The updated version will be published on this website.

14. Contact

If you have any questions regarding this Privacy Policy or the processing of your data, please contact us:

Email: [email protected]

Reliability you can trust

Data security

Encryption

Access control

Infrastructure

ISO 27001 Certification

Reliability is not an extra feature. It is the foundation of sustainable business growth.

System Monitoring & Availability

Business Continuity

Vulnerability Management

SaaS Architecture & Platform Accessibility

Integrations & API Security

Change Management

Incident Management

Professional & Cyber Liability Insurance

Privacy & GDPR Compliance

Organizational Security Measures

Transparency

Hanna is a valued partner. You should value her too!