Privacy Policy

1. Introduction

Harbor SEO ("Harbor," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered SEO content generation platform.

This policy applies to all users of Harbor's services and complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our Service.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us:

• Account Information: Name, email address, password, and profile details
• Billing Information: Payment card details, billing address (processed securely by our payment processors)
• Content Data: URLs, topics, keywords, and other inputs you provide for content generation
• Generated Content: Articles, drafts, and other content created using our Service
• Communications: Messages, feedback, and support requests you send to us
• Profile Preferences: Settings, customizations, and preferences for content generation

2.2 Automatically Collected Information

When you access our Service, we automatically collect:

• Usage Data: Features used, content generated, API calls made, time spent on platform
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, pages viewed, clicks, and navigation paths
• Performance Data: Error reports, performance metrics, and debugging information
• Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy)

2.3 Information from Third Parties

We may receive information from:

• Authentication Providers: Profile information from Clerk authentication service
• Payment Processors: Transaction and payment verification data
• Analytics Services: Aggregated usage statistics and performance metrics
• AI Service Providers: Processing confirmations and usage data from OpenAI

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision

• Process your content generation requests
• Provide AI-powered SEO content and recommendations
• Manage your account and subscriptions
• Authenticate and authorize access
• Store and manage your generated content

3.2 Improvement and Development

• Analyze usage patterns to improve our Service
• Develop new features and functionality
• Train and improve our AI models
• Conduct research and analytics
• Monitor and improve system performance

3.3 Communication

• Send you service updates and notifications
• Respond to your inquiries and support requests
• Send billing and payment confirmations
• Provide important security or policy updates
• Send promotional communications (with your consent)

3.4 Security and Legal Compliance

• Detect, prevent, and address fraud and security issues
• Enforce our Terms of Service and policies
• Comply with legal obligations and respond to legal requests
• Protect the rights, property, and safety of Harbor, our users, and the public

3.5 Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

• Contractual Necessity: To provide the Service you've subscribed to
• Legitimate Interests: To improve our Service and ensure security
• Consent: For marketing communications and optional features
• Legal Obligation: To comply with applicable laws and regulations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Clerk: Authentication and user management
• Convex: Database and backend infrastructure
• OpenAI: AI content generation and processing
• Payment Processors: Payment processing and billing
• Cloud Infrastructure: Hosting and storage services
• Analytics Providers: Usage analytics and performance monitoring

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal process (subpoenas, court orders, search warrants)
• Governmental or regulatory requests
• Requests to investigate potential violations of our Terms
• Protect the safety of any person or prevent illegal activity

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service of any such change.

4.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

5. Data Retention

We retain your information for as long as necessary to provide our Service and fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.

Retention Periods

• Account Data: Retained while your account is active and for a reasonable period after deletion
• Generated Content: Retained according to your plan and storage limits
• Billing Records: Retained for 7 years for tax and accounting purposes
• Log Data: Retained for 90 days for security and debugging purposes
• Marketing Data: Retained until you withdraw consent or opt-out

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we need to retain it for legal compliance, dispute resolution, or fraud prevention.

6. Your Rights and Choices

6.1 GDPR Rights (European Users)

If you are located in the European Economic Area, you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request that we limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to our processing of your data
• Right to Withdraw Consent: Withdraw consent for processing based on consent
• Right to Lodge a Complaint: File a complaint with your local data protection authority

6.2 CCPA Rights (California Users)

If you are a California resident, you have the following rights:

• Right to Know: Request disclosure of personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (note: we do not sell personal information)
• Right to Non-Discrimination: Not be discriminated against for exercising your rights

6.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected] or through your account settings. We will respond to your request within 30 days (or as required by applicable law).

We may need to verify your identity before processing your request to protect your privacy and security.

6.4 Marketing Communications

You can opt-out of promotional emails by clicking the "unsubscribe" link in any marketing email or by updating your preferences in your account settings. Note that you cannot opt-out of transactional emails related to your account or Service.

7. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities and provide a better user experience.

For detailed information about the cookies we use and your choices regarding cookies, please see our Cookie Policy.

You can control cookies through your browser settings. However, disabling cookies may affect your ability to use certain features of our Service.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Security Measures Include:

• Encryption of data in transit (TLS/SSL) and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection and privacy
• Incident response and breach notification procedures
• Regular backups and disaster recovery planning

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.

9. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your own. These countries may have different data protection laws than your jurisdiction.

When we transfer your information internationally, we implement appropriate safeguards, including:

• Standard Contractual Clauses approved by the European Commission
• Ensuring third parties are certified under appropriate frameworks
• Implementing additional security measures for cross-border transfers

By using our Service, you consent to the transfer of your information to the United States and other countries where we or our service providers operate.

10. Children's Privacy

Our Service is not intended for children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children under these ages.

If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child, please contact us immediately at [email protected].

11. Third-Party Links and Services

Our Service may contain links to third-party websites, products, or services that are not owned or controlled by Harbor. We are not responsible for the privacy practices of these third parties.

We encourage you to review the privacy policies of any third-party services you access through our platform.

12. AI and Content Generation

When you use our AI-powered content generation features:

• Your prompts and inputs are processed by AI service providers (OpenAI)
• We may use aggregated, anonymized usage data to improve our AI models
• Generated content is stored in accordance with your plan's storage limits
• You retain ownership of all content generated using our Service

Our AI service providers are contractually prohibited from using your data to train their general models. For more information, see OpenAI's data usage policies.

13. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date
• Sending you an email notification (for significant changes)
• Displaying a prominent notice on our Service

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

14. Contact Us and Data Protection Officer

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all legitimate requests within 30 days. Occasionally, it may take longer if your request is particularly complex or you have made multiple requests.

15. Additional Information for Specific Jurisdictions

15.1 Australia

Australian users have rights under the Privacy Act 1988 (Cth). If you have a complaint about how we handle your personal information, please contact us. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

15.2 United Kingdom

UK users have rights under the UK GDPR and Data Protection Act 2018. You may lodge complaints with the Information Commissioner's Office (ICO).

15.3 Canada

Canadian users have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA). You may file complaints with the Office of the Privacy Commissioner of Canada.