🧩 TL;DR: The Substly Extension gives organizations real-time insights into SaaS usage, helps detect Shadow IT, and supports compliance with frameworks like NIS2, ISO 27001, and GDPR—all while protecting employee privacy.
The Substly Extension is a lightweight browser add-on that helps organizations gain insight into how cloud-based software is actually being used across the company. It’s designed to detect usage of SaaS tools, surface shadow IT, and identify unused accounts—without compromising personal privacy.
What the Substly Extension Does
The extension passively monitors visits to cloud-based services in Substly’s vendor database. These visits are used to provide insights such as:
✅ Usage rates - how often and how much a service is used
✅ Adoption rates - the percentage of those who have access to a service that actually use it
✅ Unused user accounts - identify user accounts that are not being used
✅ Unsanctioned usage - employees who are using services that they shouldn't have access to
Only visits to recognized B2B tools are monitored—nothing outside of that.
Why Use the Substly Extension?
Most companies can only list tools they know about. That’s not enough from a compliance perspective.
Substly’s browser extension helps fill that gap by monitoring actual usage—revealing unapproved or unknown B2B tools and enabling businesses to:
✅ Build a complete and accurate vendor inventory
✅ Evaluate services against internal compliance policies
✅ Take action on unapproved or high-risk services
⚖️ Compliance frameworks supported
NIS2 – EU-wide cybersecurity directive
DORA – Digital Operational Resilience Act
ISO 27001, SOC 2, GDPR – Frameworks requiring vendor transparency and data accountability
💡 Business value highlights
Detect shadow IT – Spot services that employees use without approval or IT awareness.
Support compliance efforts – Know what tools are in use to maintain control over data processing.
Optimize SaaS spending – Identify unused or underused tools and licenses to eliminate waste.
Improve IT operations – Get visibility into the actual usage of tools across teams, departments, and regions.
Increase decision-making confidence – Rely on objective data when negotiating renewals or onboarding new tools.
How the Extension Works
How the Extension Works
Supported browsers: The Substly Extension works with Google Chrome, Microsoft Edge, Firefox, Safari, and most Chromium-based browsers.
Passive monitoring: It runs quietly in the background and doesn't interrupt the user.
URL-based detection: The extension checks whether the URL of a visited application matches a SaaS tool in Substly’s database.
No monitoring outside the scope: If the website isn’t a known B2B service, the extension ignores it.
Silent rollout and authentication: Using tools like Google Workspace, Microsoft Intune, or other MDM systems, the extension can be installed automatically across all employee browsers. Authentication can happen in the background based on the user's corporate profile (e.g., Google account or Azure AD).
Tamper prevention: Admins can prevent users from logging out of or uninstalling the extension.
Personal Integrity & Privacy
Personal Integrity & Privacy
Core privacy principles
Core privacy principles
We only monitor B2B SaaS tools – The extension logs visits only to tools in our verified vendor database.
No personal browsing is monitored – Sites like news pages, social media, webmail, banking, etc. are ignored entirely.
No content or sensitive data – We do not log page content, search terms, file names, chat messages, or personal information.
Only part of the URL is captured – The extension captures the domain and basic path (before any query strings or parameters).
Everything happens locally – All matching happens in the browser. It is only when a match in our vendor/product database occurs that data is sent to Substly’s servers.
Compliance-ready – Our design aligns with GDPR, ISO 27001, and NIS2 requirements.
Optional anonymous monitoring
Optional anonymous monitoring
Anonymous monitoring option – Organizations with strict internal privacy policies can enable anonymous mode. This enables SaaS usage to be monitored without revealing individual user or device information.
Respecting time, not usage depth
Respecting time, not usage depth
Access frequency over time monitoring – We do not measure how long a user spends in a tool each day or week. Instead, we measure how often a service is accessed per day. This protects privacy while still helping assess actual usage.
What Data Is Captured
What Data Is Captured
When a user visits a monitored B2B SaaS tool, the following data may be logged:
Tool accessed – Based on URL match
User identifier – Based on Substly user
Timestamped access – Date of usage
Frequency of visits – Aggregated daily
This helps organizations:
✅ Identify underutilized or unused licenses
✅ Detect services being used outside the approved stack
✅ Find opportunities to consolidate or reduce spending
Admin Controls & Customization
Admin Controls & Customization
The Substly Extension offers flexible deployment and configuration options for IT administrators:
Deploy silently across browsers – Deploy the extension via tools like Google Workspace or Microsoft Intune without user involvement.
Authenticate users automatically – Seamless login using the user's corporate browser profile (e.g., Google or Azure AD).
Restrict uninstall or logout options – Prevent users from disabling or removing the extension.
Enable anonymous monitoring – Avoid collecting personal or device-level identifiers while maintaining visibility.
Set up policy-based notifications (coming soon) – Notify users when they access services that violate internal IT policies.
Related Help Articles
📩 Need help getting started? Contact us via chat or email, or explore our extension deployment guide.