Your information, handled carefully

Privacy Policy

This policy explains what Harbor collects, why we collect it, and the choices you have when you use our website, mobile application, and security monitoring services.

Effective date
The short version

Harbor uses the information you provide to verify your identity, search for exposures, secure your account, and deliver your reports. We do not sell your personal information or share it for cross-context behavioral advertising.

1. Scope

This Privacy Policy applies to Harbor Security ("Harbor," "we," "us," or "our") and our websites, mobile applications, and related services that link to it (collectively, the "Services"). It does not govern third-party websites or services that have their own privacy policies.

By using the Services, you acknowledge the practices described here. If you do not agree with this policy, please do not use the Services.

2. Information we collect

Information you provide

  • Account information: your name, email address, and information used to verify and secure your account.
  • Identity lookup information: the email address you verify and, when you choose to provide it, a phone number used to search for matching exposure records.
  • Communications: information you include when you contact us for support, exercise a privacy right, or provide feedback.
  • Subscription information: the plan you select, subscription status, renewal dates, and related transaction identifiers. Payment card details are generally processed by the app store or payment provider and are not stored by Harbor.

Scan and exposure information

To provide the Services, Harbor compares the identity information you submit against breach archives, credential-compromise datasets, public records, data-broker listings, and other security intelligence sources. We collect the resulting matches, source details, exposed-data categories, risk assessments, and scan history associated with your account. Depending on the source, a result may indicate that sensitive information or historical credentials appeared in an exposure.

Information collected automatically

  • Device and log information: IP address, browser or device type, operating system, user agent, request timestamps, and diagnostic or security logs.
  • Usage information: interactions with the Services, feature use, scan activity, and errors.
  • Cookies and similar technologies: essential cookies or local storage used to keep you signed in, preserve security controls, remember preferences such as theme, and maintain the Services.

Information from other sources

We may receive account information from sign-in providers such as Google, subscription information from Apple, Google, or another payment provider, and exposure-related information from public, licensed, partner, or security-research sources. Information in those sources may be inaccurate, incomplete, or outdated.

3. How we use information

We use personal information to:

  • create, authenticate, secure, and support your account;
  • verify that you control the email address used for a scan;
  • perform identity lookups and generate exposure reports and posture scores;
  • monitor for new findings and send security or service notices you request;
  • provide subscriptions, maintain entitlements, and process transactions;
  • prevent fraud, abuse, unauthorized lookups, and security incidents;
  • operate, troubleshoot, analyze, and improve the Services;
  • respond to support and privacy requests; and
  • comply with law and enforce our agreements.

Where applicable law requires a legal basis, we process information to perform our contract with you, pursue legitimate interests such as securing and improving the Services, comply with legal obligations, and act with your consent where requested.

4. How we disclose information

We may disclose personal information to:

  • Service providers: hosting, database, authentication, email delivery, customer support, security, monitoring, and payment providers working on our behalf.
  • Sign-in and payment partners: when you choose a third-party sign-in or purchase method, subject to that provider's terms and privacy policy.
  • Professional advisers and authorities: when reasonably necessary to comply with law, protect rights and safety, investigate fraud or abuse, or establish or defend legal claims.
  • Business transaction participants: in connection with a financing, merger, acquisition, reorganization, or sale of assets, subject to appropriate safeguards.
  • Others at your direction: when you ask us to disclose information or give us consent.

Harbor does not sell personal information. Harbor also does not share personal information for cross-context behavioral advertising or use your scan information to target third-party advertisements.

5. Retention and security

Retention

We retain account information, scan reports, findings, and subscription records for as long as your account is active or as needed to provide the Services. We may keep certain records longer when reasonably necessary for security, fraud prevention, dispute resolution, legal compliance, or enforcing our agreements. Retention periods depend on the nature and sensitivity of the information, why we use it, and applicable legal requirements. We delete or de-identify information when it is no longer needed, subject to backup and legal-retention cycles.

Security

We use administrative, technical, and physical safeguards designed to protect personal information. No system is completely secure, so we cannot guarantee that information will never be accessed, used, or disclosed without authorization. Keep your account and devices secure and contact us if you suspect unauthorized activity.

6. Your privacy choices

  • Account information: you may update certain information in the Services or contact us for help.
  • Monitoring and communications: you may adjust available notification settings. We may still send non-promotional messages about your account, security, or transactions.
  • Subscriptions: you may manage or cancel a subscription through the provider you used to purchase it.
  • Access, correction, and deletion: you may request access to, correction of, or deletion of personal information associated with your account by emailing us. We may need to verify your identity before completing a request.

Some exposure information comes from third-party sources that Harbor does not control. Deleting your Harbor account or report does not remove information from the original source. We may provide source-specific guidance where available.

7. U.S. state privacy disclosures

Depending on where you live and subject to applicable exceptions, you may have the right to know or access personal information, receive a portable copy, correct inaccuracies, delete information, and appeal a decision about your request. You may also have rights to opt out of sale, targeted advertising, or certain profiling. Harbor does not sell personal information or process it for targeted advertising as those terms are defined by applicable U.S. state privacy laws.

Categories of personal information handled by Harbor
CategoryExamplesPrimary purposes
IdentifiersName, email, phone, account and device identifiersAccount access, identity matching, security, support
Customer recordsContact details and subscription statusProvide the Services and maintain subscriptions
Commercial informationPlan, purchase, renewal, and entitlement recordsBilling, account administration, fraud prevention
Internet or network activityIP address, user agent, service interactions, security logsOperate, secure, diagnose, and improve the Services
Potentially sensitive informationAccount access data or precise identity details appearing in exposure sourcesIdentify and explain potential security exposures
InferencesRisk level, posture score, and finding priorityOrganize results and recommend protective steps

We collect these categories from you, your devices, sign-in and payment providers, and security, public, licensed, partner, or research sources. We disclose them to the recipients described in Section 4 for the business purposes described in Section 3. We do not use sensitive personal information to infer characteristics about you beyond what is reasonably necessary to provide the Services.

To submit a request, email [email protected]. You may use an authorized agent where permitted by law. We will not discriminate against you for exercising a privacy right, and you may appeal a denied request by replying to our decision.

8. Other important information

Children

The Services are not directed to children under 18, and we do not knowingly collect personal information from children under 18. If you believe a child has provided information to us, please contact us so we can review and delete it as appropriate.

International use

Harbor is based in the United States. If you use the Services from another country, your information may be processed in the United States or other countries whose data protection laws may differ from those where you live. Where required, we use appropriate safeguards for cross-border transfers.

Changes to this policy

We may update this policy as our Services or legal obligations change. We will post the updated version here, revise the effective date, and provide additional notice when required by law. Your continued use after an update means the revised policy applies to future use of the Services.

9. Contact us

For privacy questions or requests, email [email protected]. For general support, email [email protected].

Harbor Security
United States