HarborStack
Back to Home

Privacy Policy

Last Updated: January 2025

1. Introduction

HarborStack ("Company", "we", "us", or "our") operates the HarborStack platform. This Privacy Policy explains how we collect, use, share, and protect information when you use our platform.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users within the European Economic Area.

By using the platform, you acknowledge your consent to the data practices described in this policy.

2. Information We Collect

Information You Provide to Us

  • Account information (name, email, phone number, company name)
  • Payment and billing information
  • Business data you upload (worker records, customer data, contracts)
  • Communications with our support team
  • Profile information and preferences

Information Collected Automatically

  • Device information (IP address, browser type, operating system)
  • Usage data (features used, session duration, actions performed)
  • System logs (login times, pages viewed, error reports)
  • Cookies and similar tracking technologies

Information from Third Parties

  • Partner and vendor data (when using partner portals)
  • Integration data from connected external services
  • Publicly available business information

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing, operating, and maintaining platform services
  • Processing transactions and sending related notifications
  • Responding to your requests and providing technical support
  • Sending administrative notices and operational updates
  • Analyzing usage to improve performance and services
  • Detecting and preventing fraud and security risks
  • Complying with legal and regulatory obligations
  • Sending marketing communications (with your prior consent)

4. Data Storage and Security

We implement advanced security measures to protect your data, including:

  • Encryption of data in transit (TLS 1.3)
  • Encryption of data at rest (AES-256)
  • Multi-tenant architecture with logical data isolation
  • Role-based access control systems
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance

Despite our highest protection standards, absolute security cannot be guaranteed for any electronic system.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following cases:

  • Service Providers: Entities that help us operate the platform (hosting, analytics, payments)
  • Business Partners: When you use integrations with third parties
  • Legal Obligations: When required by law or to protect our rights
  • Business Transitions: In cases of merger, acquisition, or asset sale
  • With Your Explicit Consent: When you authorize us to disclose

6. International Data Transfers

Your data may be transferred and processed outside your country of residence. We ensure appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) for EEA data transfers
  • Data processing agreements with all sub-processors
  • Compliance with local data protection requirements

7. Data Retention

We retain data as long as necessary to provide our services and fulfill the purposes described:

  • Account Data: Throughout account activity period
  • Business Data: According to subscription terms
  • Usage Logs: For 12 months
  • Financial Records: For 7 years (legal requirement)

Upon account termination, you can request data export within 30 days. Data is permanently deleted within 90 days of termination.

8. Your Rights

Depending on your location, you may have the following rights:

  • Right of Access: Obtain a copy of your data
  • Right of Rectification: Correct inaccurate data
  • Right of Erasure: Request data deletion ("right to be forgotten")
  • Right of Restriction: Restrict data processing
  • Right of Portability: Transfer data to another provider
  • Right to Object: Object to processing based on legitimate interest
  • Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact our Data Protection Officer at: privacy@harborstacks.com

9. Cookies

We use cookies to improve your experience, including:

  • Essential cookies for platform operation
  • Analytics cookies to understand usage patterns
  • Preference cookies to save settings

You can control cookie settings through your browser, noting that disabling some may affect platform functionality.

10. Children's Privacy

The platform is not intended for persons under 18 years of age. We do not knowingly collect children's data. If you suspect data collection from a child, please contact us immediately.

11. Changes to Privacy Policy

We may update this policy from time to time. We will notify you of any material changes via email or through the platform 30 days before they take effect.

Your continued use of the platform after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

For inquiries related to privacy policy or data practices, please contact:

Data Protection Officer

HarborStack

Doha, Qatar

Email: privacy@harborstacks.com

Website: www.harborstacks.com

If you reside in the European Economic Area and believe your data protection rights have been violated, you have the right to file a complaint with the relevant supervisory authority.