HarborIO, Inc. ("Harbor", “us”, “we”, or “our”) operates the http://www.hrbr.io, http://app.hrbr.io and http://dev.hrbr.io website and the Harbor mobile application (collectively, the “Services”). This page informs you of our policies and practices regarding the collection, use and disclosure of information which personally identifies you (“Personal Information”) when you use our Services. We will not use or share your information with anyone except as described in this privacy policy (the “Privacy Policy”). We use your Personal Information for providing and improving the Services. By using the Services, you agree to the collection and use of your Personal Information in accordance with this Privacy Policy.

1. Information Collection and Use; Personal Information

  1. We may ask you to provide us, or third parties may provide us, with certain Personal Information that can be used to contact or identify you. Personal Information may include, but is not limited to, your name, postal address, email address, and employer. We collect Personal Information for the purpose of providing the Services, identifying and communicating with you about the Services, responding to your requests/inquiries, servicing your purchase orders, improving our Services, and communicating with you about our Services, discounts, and promotions.

2. How Long We Keep Your Personal Information

  1. How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

    Account Information
    We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. We also retain your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, and to continue to develop and improve our Services. Where we retain information for Service improvement and development, it will be anonymized and used to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.

    Managed Accounts
    If the Services are made available to you through an organization (e.g., your employer), we retain your information as long as required by your employer under our agreement with your employer as required by the administrator of your account. If your account is deactivated, your information and conversations you may have had and actions you may have taken on the Services will remain in order to allow your team members to make full use of the Services.

    Marketing Information
    If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services. Every marketing email we send will provide you with the option to opt out of receiving future emails.

3. Accessing and Correcting Your Personal Information

  1. We acknowledge individuals’ rights to access their personal information. You may access, update, correct or have removed from our systems and records the Personal Information you provided to us by emailing a request to privacy@hrbr.io or contacting us by telephone or postal mail as further specified in the How to Contact Us clause of this Privacy Policy. To protect your privacy and security, we will also take reasonable steps to verify your identity before updating or removing your information.

4. Information Collected Directly from You

  1. We collect information about you when you provide it to us and automatically when you use the Services.

    Log Data
    We collect information that your browser sends whenever you visit our website or use our Services (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages and other statistics. In addition, we use third party services such as Google Analytics that collect, monitor and analyze this type of information in order to increase our Services’ functionality. These third-party service providers have their own privacy policies addressing how they use such information. When you access the Services by or through a mobile device, we collect certain information automatically, including the type of mobile device you use, your mobile device’s unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, and your general location information as described further below.

    Location Information
    We use and store information about your general location. We use this information to provide features of our Services and to improve and customize our Services.

    Cookies
    Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and transferred to your device. We use cookies to collect information in order to improve our Services. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The “Help” feature on most browsers provide information on how to accept cookies, disable cookies or to notify you when receiving a new cookie. If you do not accept cookies, you may not be able to use some features of our Services and we recommend that you leave them turned on.

    Do Not Track Disclosure
    We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the “Preferences” or “Settings” page of your web browser.

5. Information Collected from Other Sources

  1. We will enrich your Personal Information with additional Personal Information received from publicly accessible sources. We may also receive your information from services you integrate with Harbor, from other users of Harbor, or from our partners.

    Integrations
    You may enhance the Services by enabling Harbor integrations with third-party products. If you provide third-party account credentials to us, you understand some content and/or information in those accounts (“Third Party Account Information”) will be transmitted into your account with us, and that Third Party Account Information transmitted to our Services is covered by this Privacy Policy. Further, Harbor software may request permissions to take actions on your behalf using your third-party account credentials. For example, if you choose to integrate Harbor Services with Slack, Harbor software will request authority to access certain parts of Slack as well as your data to succesfully enable the service.

    Other Users of the Services
    Other users of our Services may provide information about you when they use the Services. For example, we receive your email address from other Service users when they provide it in order to invite you to the Services.

    Partners
    We work with partners who may market, sell, or support our Services. These partners may provide us your Personal Information so that we can contact you. We also may receive your Personal Information from advertising, market research, or data enrichment partners with whom we engage to identify prospective customers.

6. Service Providers who may Receive Your Personal Information

  1. We may employ third-party companies and individuals (our “agents”) to facilitate our Services, to provide the Services on our behalf, to perform complementary services and/or to assist us in analyzing how our Services are used. Examples may include storing data, delivering messages, processing credit card payments, analyzing data, providing marketing assistance, managing our agreements with you, supplementing the information you provide us in order to provide you with better service, and providing customer service. We do not transfer data to non-agent third parties. These third parties have access to your Personal Information only to perform specific tasks on our behalf and are under written obligation not to disclose or use your Personal Information for any purpose other than those disclosed in this Privacy Policy.

    Notwithstanding such legal and contractual obligations between us and such service providers, we remain potentially liable for any misuse of your Personal Information. We will only disclose Personal Information when we are required to do so in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

7. Communications; Your Options

  1. We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send, or by emailing privacy@drift.com.

8. Security of Personal Information

  1. The security of your Personal Information is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure. However, please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure and we are unable to guarantee the absolute security of the Personal Information we have collected from you.

9. International Transfer of Personal Information

  1. Your Personal Information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you are located outside the United States and choose to provide Personal Information to us, please note that we transfer Personal Information to the United States and process it there pursuant to our Privacy Shield Certification.

10. Links To Other Sites

  1. Our Services may contain links to other web sites or online locations that are not operated or controlled by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every site or location you visit. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

11. Children’s Privacy

  1. Only persons who are age 18 or older have permission to access our Services. Our Services are not intended to be used by anyone under the age of 13 (“Children”). We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you learn that your Children have provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a child under age 13 without verification of parental consent, we take steps to remove that information from our servers.

12. EU-US and Swiss-US Privacy Shield

  1. We comply with the EU-US and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. We have certified that we adhere to the Privacy Shield principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/ In addition to self-assessment, as a participant in the EU-US and Swiss-US Privacy Shield program, we are subject to the investigatory and enforcement powers and authority of the U.S. Federal Trade Commission with respect to maintenance of, and adherence to, this Privacy Policy. Under certain limited and prescribed circumstances and conditions, you have the right to invoke a “last resort” binding arbitration process between you and us to resolve a dispute related to our collection, use or disclosure of your Personal Information. In compliance with the EU-US and Swiss-US Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your Personal Information. European Union and Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact us at: privacy@dhrbr.io. We have further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

    As a last resort and under certain limited and prescribed circumstances and conditions, you have the right to invoke a “last resort” binding arbitration process between you and us to resolve a dispute related to our collection, use or disclosure of your Personal Information.

    In particular, as further specified in this Privacy Policy, we will maintain compliance with the Privacy Shield principles by adhering to the following practices:

    Notice
    When we collect your Personal Information, we’ll give you timely and appropriate notice describing what Personal Information we’re collecting, how we’ll use it, and the types of third parties with whom we may share it. This Privacy Policy serves as such notice, and any changes to our collection, use or disclosure of your Personal Information will be reflected in revisions to the Privacy Policy posted on our website.

    Choice
    As established and described in this Privacy Policy, we’ll give you choices about the ways we use and share your Personal Information, and we’ll respect the choices you make.

    Accountability for Onward Transfer
    If we transfer your Personal Information to another country, we may remain liable and will take appropriate measures to protect your privacy and the Personal Information we transfer.

    Security
    We’ll take appropriate physical, technical, and organizational measures to protect your Personal Information from loss, misuse, unauthorized access or disclosure, alteration, and destruction.

    Data Integrity and Purpose Limitation
    We’ll collect only as much Personal Information as we need for specific, identified purposes, and we won’t use it for other purposes without obtaining your consent. We’ll take appropriate steps to make sure the Personal Information in our records is accurate.

    Access
    If you wish to confirm the accuracy of your Personal Information or have it removed from our systems and records, you may contact us at the email address, telephone number or postal address provided in the How to Contact Us clause of this Privacy Policy.

    Recourse, Enforcement and Liability
    We’ll regularly review our continued adherence to these privacy obligations, and we’ll provide and maintain the independent mechanism specified in this Privacy Policy as a way to resolve complaints about our privacy practices.

    Further, we acknowledge our potential liability for misuse of your Personal Information by us or our third-party service providers, as further set forth in this Privacy Policy.

    Legal Bases for Processing EU Users’ Personal Information
    We only process your information when we have the legal basis to do so. That is, we will only process your Personal Information when:
    • We need it to provide you the Services;
    • You give us consent for a specific purpose; or
    • It satisfies Harbor’s legitimate interests (which are not overridden by your data protection interests), such as for improving, marketing, and promoting the Services and protecting our legal rights;
    • We need to process your data to comply with our legal obligations.

    Transfer of EU Users’ Personal Information Outside the EU
    We may transfer your Personal Information to Harbor-affiliated entities in third parties in the United States or other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we transfer Personal Information of customers in the European Economic Area or Switzerland to any such country, we make use of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, European Commission-approved standard contractual data protection clauses, binding corporate rules, or other appropriate legal mechanisms to safeguard the transfer. Please refer to the Section “EU-US and Swiss-US Privacy Shield” below.

    EU Users’ Rights to Control Personal Information
    You have control over your Personal Information. Below are the rights you have and the steps you can take to exercise them. Please note that your rights may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your employer are permitted by law or have compelling legitimate interests to keep, and it may take time for us to investigate your request. If you believe that we are not respecting your rights with regard to your Personal Information, you may lodge a complaint with your local supervisory authority.

    Right to Access
    You have a right to request a copy of the Personal Information that Drift holds. To request this information, please email us at privacy@hrbr.io

    Right to Rectification
    If you believe that any Personal Information that Harbor holds is incorrect, you have the right to correct that information. You can change your Harbor account information on the “Settings” page, and if you have any further concerns regarding the accuracy of your information, please email us at privacy@hrbr.io

    Right to Erasure, Restriction, or Objection to Processing
    If you believe we do not have the right to process your information or you object to our processing for a particular purpose, or if you want us to erase your Personal Information altogether, please email us at privacy@hrbr.io.

    Right to Withdraw Consent
    If you gave us consent to process your Personal Information for a particular purpose, you have the right to withdraw that consent by emailing us at privacy@hrbr.com. Your withdrawal of consent does not affect the lawfulness of our processing of your Personal Information prior to the withdrawal.

    Data Portability
    You have the right to obtain the Personal Information that you have directly submitted to Drift in a format you can transfer to another service provider. If you want to exercise this right, please email us at privacy@hrbr.io.

13. Changes to This Privacy Policy

  1. We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Services after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy. If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.

Contact Us

If you have any questions about this Privacy Policy, please contact us at: privacy@hrbr.io