Privacy Policy

We collect the following categories of information:

• Account information: your name, email address, phone number, and business name when you sign up.
• Business data: customers, jobs, invoices, messages, reports, and other records you create within HarboredHQ.
• Usage data: pages visited, features used, and login times — used to improve the product.
• Payment information: processed entirely by Stripe. We never see or store your card number, CVV, or full billing information.
• SMS data: messages sent and received through the platform are stored to provide your inbox and message history.

• To provide, maintain, and improve the HarboredHQ service.
• To send you morning briefs, job alerts, and other notifications you opt into.
• To process payments and manage your subscription.
• To send product updates, feature announcements, and important account notices.
• To respond to your support requests and questions.

We do not sell your personal information. We share data only with the following service providers, who are contractually bound to protect it:

• Stripe — payment processing and subscription management
• Twilio — SMS delivery
• Resend — transactional email delivery
• Supabase — database hosting (PostgreSQL)
• Vercel — application hosting and edge delivery

We may disclose your information if required to do so by law or in response to a valid legal process.

• Data you enter about your customers (names, phones, job history, etc.) belongs to you. We are a processor of that data, not a controller.
• We process your customer data only to provide the HarboredHQ service to you.
• You can export all your data at any time from Settings → Export.
• We delete your customer data within 30 days of account termination.

• All data is encrypted in transit using TLS and at rest using AES-256.
• Our database infrastructure is hosted on Supabase, which is SOC 2 Type II compliant.
• We do not store payment card numbers — Stripe tokenizes all card data.
• Access to production systems is restricted to authorized personnel only.

• We use session cookies for authentication only — to keep you logged in.
• We do not use third-party tracking cookies.
• We do not use advertising or retargeting cookies.

• SMS features within HarboredHQ are subject to TCPA regulations and Twilio's Acceptable Use Policy.
• You, as the HarboredHQ account holder, are responsible for obtaining proper consent from your customers before sending them SMS messages.
• Opt-out requests (customers replying STOP) are handled automatically by our platform and by Twilio.

You have the following rights regarding your data:

• Access: request a copy of the personal data we hold about you.
• Correction: update or correct inaccurate information in your account settings.
• Deletion: request deletion of your account and associated data by emailing will@harboredhq.com or canceling in billing settings.
• Export: download all your data from Settings → Export at any time.

For any privacy-related questions or requests, contact us at will@harboredhq.com. We respond within 5 business days.