Harbor is operated by Harbor Family LLC ("Harbor," "we," "us," or "our"), a company incorporated under the laws of the State of Wyoming. Our services are accessible through the Harbor mobile application, web application, and any related software, APIs, or services we provide (collectively, the "Services").

For purposes of applicable data protection law, Harbor Family LLC is the data controller for personal information collected through the Services.

This Privacy Policy applies to all personal information we collect when you access or use the Services, whether you are a registered user, a household member invited by a registered user, or a visitor to our website. It does not apply to information that our business customers or partners collect independently using Harbor's APIs.

If you are accessing the Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers are located and where our central operations are conducted.

A. Information You Provide Directly

When you create an account, configure your household, or use our features, you may provide:

• Account information: Name, email address, password, and profile photo.

• Household profile: Household name, address or general location (city/region), household members' names and roles (e.g., parent, caregiver, nanny, grandparent), and each member's contact information.

• Scheduling data: Events, appointments, activities, recurring schedules, and calendar entries you create or import.

• Task data: To-do items, chores, errands, assignments, and reminders.

• Household knowledge & preferences: Routines, notes, preferences, and contextual information you store in Harbor's shared memory features.

• Health and dietary information: Allergies, dietary restrictions, medical appointment details, medication reminders, and similar health-adjacent information you voluntarily provide in connection with meal planning, household notes, or scheduling. We treat this category with heightened sensitivity.

• Meal and grocery data: Recipes, meal plans, grocery lists, and food preferences.

• Natural-language input: Any text or voice input you submit to Harbor's AI features, including conversational requests, descriptions, and instructions.

• Communications: Messages you send to us through support channels, feedback forms, or email.

B. Information from Third-Party Integrations

If you choose to connect third-party services to Harbor, we receive information from those services in accordance with your authorization and their own privacy policies. This may include:

• Calendar services (e.g., Google Calendar, Apple Calendar, Microsoft Outlook): Event titles, times, locations, attendees, and descriptions.

• Email services (e.g., Gmail): Email content, sender/recipient information, and metadata — but only from messages you authorize Harbor to process for the purpose of extracting events, tasks, or action items. We do not read your inbox broadly.

• Sign-in providers (e.g., Google, Apple): Name, email address, and profile photo, as provided by the authentication service.

C. Information Collected Automatically

When you use the Services, we automatically collect certain technical and usage information:

• Device information: Device type, operating system, app version, and device identifiers.

• Log data: IP address, browser type, pages visited, features used, timestamps, and referring URLs.

• Usage data: Feature interactions, session duration, and patterns of use (used to improve the product, not to profile you for advertising).

• Location: General location (city/region) inferred from IP address. We do not collect precise GPS coordinates unless you explicitly grant permission for a specific feature.

• Cookies and similar technologies: We use strictly necessary cookies for session management and authentication. We may use analytics cookies to understand how the product is used. You can control cookie preferences through your browser settings. We do not use tracking cookies for advertising purposes.

We use personal information only for the purposes described below. We do not use your information to serve you third-party advertising.

To Provide and Operate the Services

• Creating and managing your account and household profile.

• Processing and displaying tasks, events, schedules, meal plans, and household notes.

• Coordinating access and visibility among household members and authorized caregivers.

• Processing natural-language input to generate structured plans, reminders, and suggestions.

• Delivering AI-generated briefings, proactive suggestions, and conflict alerts.

• Syncing data with connected third-party calendar and email services you have authorized.

To Improve and Develop the Services

• Analyzing aggregated, de-identified usage patterns to understand how features are used.

• Diagnosing technical issues and improving reliability.

• Conducting research and testing to develop new features.

Our policy on AI training: We do not use your personal household data — including your tasks, events, household notes, or natural-language inputs — to train our AI models without your explicit, affirmative consent. If we introduce a program that allows users to voluntarily contribute data for model improvement, participation will be entirely optional and clearly disclosed.

To Communicate with You

• Sending transactional notifications (e.g., reminders, account alerts, household member invitations).

• Responding to support requests and inquiries.

• Sending product updates and announcements. You may opt out of non-transactional communications at any time.

For Safety, Legal, and Compliance Purposes

• Detecting, preventing, and responding to fraud, abuse, or security incidents.

• Complying with applicable laws, regulations, legal process, and government requests.

• Enforcing our Terms of Service and protecting the rights, property, and safety of Harbor and our users.

Legal Bases for Processing

We process your personal information on the following legal grounds: (a) performance of a contract — processing necessary to provide the Services you have agreed to use; (b) legitimate interests — improving our product, ensuring security, and preventing fraud, where these interests are not overridden by your privacy rights; (c) compliance with legal obligations; and (d) consent — where we have specifically asked for and received it (e.g., for optional features or sensitive data categories).

Harbor's core value is its AI layer. Understanding how that layer works — and what it does with your data — matters to us.

How AI Features Work

When you submit natural-language input (e.g., "we need a pediatrician appointment next Tuesday and someone to pick up the kids"), Harbor processes that input using AI models to extract structured tasks, events, and action items. This processing occurs on Harbor's infrastructure (or through vetted third-party AI providers operating under data processing agreements that prohibit them from using your data for their own purposes).

AI-Generated Suggestions

Harbor generates proactive suggestions, conflict alerts, briefings, and meal recommendations based on your household data. These are generated outputs, not editorial judgments. You are always in control: you can accept, ignore, or dismiss any AI-generated suggestion, and Harbor will not take action on your behalf without your confirmation.

No Fully Automated Decisions with Legal Effects

Harbor does not make fully automated decisions that produce legal or similarly significant effects about you. All AI outputs are presented as suggestions for you to act on. Harbor is a coordination tool — you remain the decision-maker for your household.

Third-Party AI Providers

We may use third-party AI infrastructure providers to process natural-language input and generate AI responses. Any such providers are bound by data processing agreements that (a) prohibit them from using your data to train their own general-purpose models, (b) restrict processing to the purpose of providing services to Harbor, and (c) require appropriate security safeguards.

We do not sell your personal information. We share it only in the limited circumstances below.

With Other Members of Your Household

Harbor is built for shared coordination. Information you add to a shared household — tasks, events, meal plans, household notes — is visible to other household members and caregivers you have authorized. You control who has access to your household and can revoke access at any time. Some information (e.g., personal account details, private notes you have not shared) remains visible only to you.

With Service Providers

We share information with vendors and service providers who assist us in operating the Services, including cloud hosting providers, email delivery services, analytics providers, customer support tools, and AI infrastructure providers. These parties are contractually prohibited from using your information for any purpose other than providing services to Harbor.

With Third-Party Integrations You Authorize

When you connect a third-party service (e.g., Google Calendar, Gmail), we share or receive information with that service in accordance with your authorization. We are not responsible for the privacy practices of third-party services; their use of your data is governed by their own privacy policies.

For Legal and Safety Reasons

We may disclose information if we reasonably believe disclosure is necessary to: comply with a valid legal obligation (such as a court order, subpoena, or regulatory request); enforce our Terms of Service; detect, prevent, or address fraud, security, or technical issues; or protect the rights, safety, and property of Harbor, our users, or the public.

In Connection with a Business Transaction

If Harbor is involved in a merger, acquisition, asset sale, financing, or similar corporate transaction, your information may be transferred as part of that transaction. We will provide notice before your personal information becomes subject to a different privacy policy as a result of such a transaction.

Note on household data involving children: Harbor is designed for adult users managing household coordination. Because Harbor's features are fundamentally designed around family life, we recognize that children's names, schedules, health information, and activities will naturally appear in many accounts. We take this seriously and have designed our platform accordingly.

Accounts Are for Adults

The Services are directed to individuals who are 18 years of age or older, or 13 years of age or older with verified parental consent. We do not knowingly permit children under the age of 13 ("children") to create their own Harbor accounts or to directly submit personal information through the Services.

Information About Children Entered by Adults

Adult users may enter information about children (including their children's names, schedules, dietary needs, and activities) in the course of household coordination. We treat information about children with heightened care:

• We do not use children's information for advertising or marketing purposes.

• We do not disclose children's information to third parties except as necessary to operate the Services or as required by law.

• We do not use children's information to train AI models.

• Children's information is accessible only to members of the household account the adult user controls.

If We Become Aware of a Child's Direct Account

If we discover that a child under 13 has created a direct account without verifiable parental consent, we will promptly delete that account and the associated information. Parents or guardians who believe their child has created a Harbor account without their consent should contact us immediately at privacy@harbor.app.

COPPA Compliance

Harbor complies with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information directly from children under 13. If we intend to introduce features that would collect information directly from children, we will implement verifiable parental consent mechanisms prior to any such collection, in accordance with COPPA requirements.

We retain your personal information for as long as your account is active or as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements.

Active Accounts

While your account is active, we retain your household data so that Harbor remains useful to you over time — your routines, preferences, and shared household knowledge are a core part of the product's value.

Account Deletion

When you delete your Harbor account, we will delete or de-identify your personal information within 30 days of your request, except for information we are legally required to retain (e.g., for tax, legal, or fraud prevention purposes). Backups may retain deleted data for up to 90 days before being permanently purged from backup systems.

Specific Retention Periods

• Household data (tasks, events, notes, meal plans): Retained for the life of your account; deleted within 30 days of account deletion.

• AI interaction logs: Retained for up to 12 months for debugging and service improvement, then deleted or de-identified.

• Support communications: Retained for up to 3 years.

• Security logs: Retained for up to 2 years.

• Billing records: Retained as required by applicable law (typically 7 years).

We implement technical, organizational, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption of data in transit using TLS (Transport Layer Security).

• Encryption of sensitive data at rest.

• Access controls limiting who within Harbor can access personal data, based on the principle of least privilege.

• Regular security assessments and vulnerability testing.

• Incident response procedures for detecting and responding to data security events.

No method of transmission over the internet or electronic storage is completely secure. While we use commercially reasonable measures to protect your information, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected users in accordance with applicable law.

Your Privacy Rights

Depending on where you reside, you may have certain rights with respect to your personal information. Harbor honors these rights regardless of your location.

Access

You may request a copy of the personal information we hold about you. You can access much of this information directly within the Harbor app.

Correction

You may request that we correct inaccurate or incomplete personal information. You can update most information directly in your account settings.

Deletion

You may request deletion of your personal information. You may delete your account at any time through the app settings, or by contacting us. See Section 8 for details on how we handle deletion requests.

Portability

You may request an export of your personal information in a structured, machine-readable format (e.g., JSON or CSV), where technically feasible.

Restriction and Objection

You may request that we restrict the processing of your personal information in certain circumstances, or object to processing based on legitimate interests.

Withdrawal of Consent

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.

How to Exercise Your Rights

To exercise any of the rights above, you may submit a request through the in-app privacy settings, or contact us at privacy@harbor.app. We will respond to verified requests within 30 days (or within any shorter period required by law). We may need to verify your identity before processing your request.

No Retaliation

We will not discriminate against you for exercising any of your privacy rights. You will not receive degraded service or be penalized for making a privacy request.

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your personal information. This section supplements the rest of this Privacy Policy.

Categories of Personal Information Collected

We collect the following CCPA-defined categories of personal information: identifiers (name, email, device ID, IP address); personal information under Cal. Civ. Code §1798.80 (e.g., name, address); commercial information (subscription data); internet or other electronic network activity information (usage data, log data); geolocation data (general/city-level); inferences drawn from the above to create a profile about a consumer's preferences and household characteristics; and sensitive personal information (health and dietary information you voluntarily provide, as described in Section 3).

Sale and Sharing of Personal Information

We do not sell your personal information as defined under the CCPA/CPRA. We do not share your personal information with third parties for cross-context behavioral advertising.

Use of Sensitive Personal Information

We use sensitive personal information (health, dietary, and similar data) only to perform services you request, as described in this Privacy Policy. We do not use or disclose sensitive personal information for any purpose that would require us to offer a "Limit the Use of My Sensitive Personal Information" opt-out under the CPRA.

Your CCPA Rights

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, as well as the categories of sources, the business purpose for collection, and the categories of third parties to whom we have disclosed it.

• Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.

• Right to Correct: You may request correction of inaccurate personal information.

• Right to Opt-Out of Sale/Sharing: As noted above, we do not sell or share personal information for advertising purposes. No opt-out action is required.

• Right to Limit Sensitive Information Use: As noted above, no opt-out is required because we use sensitive information only for the purposes for which it was provided.

• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

Submitting a CCPA Request

California residents may submit a request to know, delete, or correct by emailing privacy@harbor.app with the subject line "CCPA Privacy Request." We will verify your identity and respond within 45 days, with one 45-day extension where reasonably necessary. You may designate an authorized agent to make a request on your behalf; we will require written authorization or a valid power of attorney, along with verification of your own identity.

Shine the Light

California Civil Code §1798.83 permits California residents to request certain information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for direct marketing purposes, and therefore no such disclosure list exists to provide.

The Services may contain links to third-party websites, or you may choose to connect third-party services (such as Google, Apple, or Microsoft). We are not responsible for the privacy practices or content of those third parties. When you connect a third-party service, that connection is governed by the third party's own privacy policy and terms of service. We encourage you to review those policies before connecting any external service.

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. When we make material changes, we will notify you by prominently posting a notice within the app, sending a notification to the email address associated with your account, or through other means we deem appropriate — with at least 30 days' advance notice before material changes take effect.

Your continued use of the Services after the effective date of an updated Privacy Policy constitutes your acceptance of the revised policy. If you do not agree to the updated policy, you may delete your account before the effective date.

The "Last Updated" date at the top of this policy reflects the date of the most recent revision. We maintain a version history of prior policies and will make previous versions available upon request.

Harbor Privacy Team

Please contact privacy@harborfamily.ai for account deletion, data export, or other privacy requests