Skip to main content

Getting Started with the Substly Extension

What it does, how it works, and how we protect user privacy

Ola Stål avatar
Written by Ola Stål
Updated today

🧩 TL;DR: The Substly Extension gives organizations real-time insights into SaaS usage, helps detect Shadow IT, and supports compliance with frameworks like NIS2, ISO 27001, and GDPR—all while protecting employee privacy.

The Substly Extension is a lightweight browser add-on that helps organizations gain insight into how cloud-based software is actually being used across the company. It’s designed to detect usage of SaaS tools, surface shadow IT, and identify unused accounts—without compromising personal privacy.


What the Substly Extension Does

The extension passively monitors visits to cloud-based services in Substly’s vendor database. These visits are used to provide insights such as:

Usage rates - how often and how much a service is used

Adoption rates - the percentage of those who have access to a service that actually use it

Unused user accounts - identify user accounts that are not being used

Unsanctioned usage - employees who are using services that they shouldn't have access to

Only visits to recognized B2B tools are monitored—nothing outside of that.

Why Use the Substly Extension?

Most companies can only list tools they know about. That’s not enough from a compliance perspective.

Substly’s browser extension helps fill that gap by monitoring actual usage—revealing unapproved or unknown B2B tools and enabling businesses to:

✅ Build a complete and accurate vendor inventory


✅ Evaluate services against internal compliance policies

✅ Take action on unapproved or high-risk services

⚖️ Compliance frameworks supported

  • NIS2 – EU-wide cybersecurity directive

  • DORA – Digital Operational Resilience Act

  • ISO 27001, SOC 2, GDPR – Frameworks requiring vendor transparency and data accountability

💡 Business value highlights

  • Detect shadow IT – Spot services that employees use without approval or IT awareness.

  • Support compliance efforts – Know what tools are in use to maintain control over data processing.

  • Optimize SaaS spending – Identify unused or underused tools and licenses to eliminate waste.

  • Improve IT operations – Get visibility into the actual usage of tools across teams, departments, and regions.

  • Increase decision-making confidence – Rely on objective data when negotiating renewals or onboarding new tools.

How the Extension Works

Supported browsers: The Substly Extension works with Google Chrome, Microsoft Edge, Firefox, Safari, and most Chromium-based browsers.

Substly Extension supports Google Chrome, Microsoft Edge, Safari, Mozilla Firefox and most Chromium-based browsers

Passive monitoring: It runs quietly in the background and doesn't interrupt the user.

URL-based detection: The extension checks whether the URL of a visited application matches a SaaS tool in Substly’s database.

No monitoring outside the scope: If the website isn’t a known B2B service, the extension ignores it.

Silent rollout and authentication: Using tools like Google Workspace, Microsoft Intune, or other MDM systems, the extension can be installed automatically across all employee browsers. Authentication can happen in the background based on the user's corporate profile (e.g., Google account or Azure AD).

Tamper prevention: Admins can prevent users from logging out of or uninstalling the extension.

Personal Integrity & Privacy

Core privacy principles

We only monitor B2B SaaS tools – The extension logs visits only to tools in our verified vendor database.

No personal browsing is monitored – Sites like news pages, social media, webmail, banking, etc. are ignored entirely.

No content or sensitive data – We do not log page content, search terms, file names, chat messages, or personal information.

Only part of the URL is captured – The extension captures the domain and basic path (before any query strings or parameters).

Everything happens locally – All matching happens in the browser. It is only when a match in our vendor/product database occurs that data is sent to Substly’s servers.

Compliance-ready – Our design aligns with GDPR, ISO 27001, and NIS2 requirements.

Optional anonymous monitoring

Anonymous monitoring option – Organizations with strict internal privacy policies can enable anonymous mode. This enables SaaS usage to be monitored without revealing individual user or device information.

Respecting time, not usage depth

Access frequency over time monitoring – We do not measure how long a user spends in a tool each day or week. Instead, we measure how often a service is accessed per day. This protects privacy while still helping assess actual usage.

What Data Is Captured

When a user visits a monitored B2B SaaS tool, the following data may be logged:

  • Tool accessed – Based on URL match

  • User identifier – Based on Substly user

  • Timestamped access – Date of usage

  • Frequency of visits – Aggregated daily

This helps organizations:

✅ Identify underutilized or unused licenses

✅ Detect services being used outside the approved stack

✅ Find opportunities to consolidate or reduce spending

Admin Controls & Customization

The Substly Extension offers flexible deployment and configuration options for IT administrators:

  • Deploy silently across browsers – Deploy the extension via tools like Google Workspace or Microsoft Intune without user involvement.

  • Authenticate users automatically – Seamless login using the user's corporate browser profile (e.g., Google or Azure AD).

  • Restrict uninstall or logout options – Prevent users from disabling or removing the extension.

  • Enable anonymous monitoring – Avoid collecting personal or device-level identifiers while maintaining visibility.

  • Set up policy-based notifications (coming soon) – Notify users when they access services that violate internal IT policies.

Related Help Articles


📩 Need help getting started? Contact us via chat or email, or explore our extension deployment guide.

Did this answer your question?