What We Cannot See
Your browsing history is invisible to us.
HARBOR PRIVACY HAS NO ACCESS TO
- Your DNS queries — the websites your devices look up
- Your browsing history or search terms
- Your IP address or physical location
- What sites you visit or how long you spend on them
- Any past query history — logs are off by default
- Content of any web traffic
AdGuard Home's query logging is intentionally disabled on every Harbor Privacy installation. We did not turn it on and we do not turn it on unless you specifically request help troubleshooting a site that isn't loading.
What We Can See
Only anonymous statistics.
HARBOR PRIVACY CAN SEE
- Your client ID — a random identifier like timothy4821. Not linked to your name or identity.
- Total DNS queries processed today and this week — a number only, no detail
- Total queries blocked — a number only
- Percentage of queries blocked by category — aggregated, not individual
- Your name and email — provided at signup, used only to contact you
- Payment information — handled entirely by Stripe, we never see your card details
Support & Troubleshooting
What happens if I need help?
Open a support ticket at help.harborprivacy.com — we reply within one business day. If a specific site stops loading for you and you contact us for help, we may temporarily enable query logging for that one domain so we can diagnose the issue. Here is exactly how that works:
TEMPORARY TROUBLESHOOTING LOGS
- Logging is only enabled with your knowledge and consent
- We can only see queries going forward — not historical data
- You must reproduce the issue for us to see anything
- Logs are reviewed only to fix your specific issue
- Logs are deleted immediately after the issue is resolved
- We cannot pull up past browsing history — it does not exist
- We do not retain logs after troubleshooting is complete
Legal Requests & Subpoenas
What happens if we receive a legal request?
We have nothing to give.
Harbor Privacy does not retain DNS query logs, browsing history, or any record of what websites you have visited. If we receive a subpoena or legal request for your browsing data, we cannot provide what we do not have.
The only information we retain is:
- Your name and email address
- Your subscription status
- Payment records handled by Stripe
We comply with lawful legal requests. We will always notify you if we receive a request related to your account unless prohibited by law from doing so.
Harbor Privacy Fax
Fax transmission — what we keep and what we don't.
HARBOR PRIVACY FAX — DATA HANDLING
- Your document is never stored after delivery is confirmed
- We do not retain the fax number you dialed
- We do not retain cover page contents or message text
- No account is required — nothing to link back to you
- Fax transmission is routed through Telnyx LLC, a licensed telecommunications carrier
- Telnyx may retain standard call detail records (number dialed, timestamp, duration) as required by telecommunications regulations — this is outside our control and standard for all carriers
- The only record we retain is a Stripe transaction ID, amount, and timestamp for billing reconciliation
- Documents are permanently deleted within 30 minutes maximum if delivery cannot be confirmed
Harbor Privacy Fax operates under the HIPAA conduit exception (45 CFR §164.500(b)) -- the same legal category as a telephone company or postal carrier. We transmit and immediately discard. We are not a covered entity and do not act as a business associate.
If you need absolute certainty that no metadata exists anywhere, understand that Telnyx as a carrier operates under FCC regulations that require standard call record retention. Harbor Privacy itself holds nothing beyond the Stripe transaction record.
Career by Harbor Privacy
AI career tools — what happens to your resume.
CAREER BY HARBOR PRIVACY — DATA HANDLING
- Your resume text is not stored after your document is delivered
- Your job description text is not retained
- We do not use your submitted content to train AI models
- No account is required to use the career tools
- Resume and job description text is submitted to Anthropic's Claude API for document generation
- Anthropic's API data handling policies apply to content in transit -- see anthropic.com/privacy
- Payment is processed by Stripe via access codes -- we never see your card details
- Only a Stripe transaction ID, amount, and timestamp are retained for billing
Your resume contains some of the most personal information about you. We built the career tools with the same philosophy as the rest of Harbor Privacy -- process what is needed, deliver the result, discard everything else. We are not in the business of building profiles on job seekers.
Harbor Money
We never see your bank.
Harbor Money is the only personal finance product we know of that ships without bank credentials. There is no Plaid, no MX, no screen-scrape, no third-party aggregator. You forward transaction-alert emails from your bank to a private address we issue you. We read the email. That's the entire pipeline.
- We do not have, request, or store your bank username or password
- We do not have your full account or card number — only the last four digits if the bank's email mentions them
- We do not pull balances, statements, or history from your bank
- We do not log into your email, scrape your inbox, or read anything you don't forward
- We keep parsed transaction values (date, amount, merchant, last-four) so the app works
- We keep the forwarded email body (truncated) so you can audit and re-parse if a rule changes
- You can rotate your inbound address from Settings, which invalidates anything pointed at the old one
- If our built-in parsers can't read an email, we may send just that one email's text to Anthropic's Claude Haiku for a parsing assist. Anthropic's stated policy is that it does not train on API inputs and does not retain message content beyond 30 days for trust & safety. You can disable AI fallback entirely in Settings → Privacy controls.
- Inbound mail is received via Cloudflare Email Routing on
harborprivacy.app. Per Cloudflare's published policy, they do not store email body content, do not data-mine inbound messages, and do not use the content for training or advertising. Cloudflare's role in our pipeline is to receive the SMTP message, hand the raw bytes to our Worker for processing, and discard the message immediately after. We do not give Cloudflare permission to retain it, and they don't.
The opposite of Harbor Money is every "free" budgeting app that asks for your bank login. They get your data; you get the budget tool. Harbor Money charges you a small fee so we can stay on the right side of that trade.
Harbor Neighbor
Your traffic is your business.
Harbor Neighbor is a portal for shared physical networks — apartment buildings, in-laws apartments, co-working setups. Each neighbor gets their own VLAN, SSID, and (where supported) WireGuard VPN. The portal exists to provision your slice of the network, not to watch what flows through it.
HARBOR NEIGHBOR — DATA HANDLING
- We do not store any browsing data — no URLs, no DNS queries, no per-flow metadata from your VLAN
- We do not retain device names after your account is deleted — labels you entered are erased with the rest of your record
- We do not log bandwidth-per-site, per-device traffic histories, or session content
- We do not store SSID passwords or WireGuard private keys in plaintext in our application database
- We store your email, your VLAN/SSID/peer assignments, and any device labels you choose to enter — only to run the portal you log into
- A single session cookie is used for login — no advertising or tracking cookies
- Network provisioning is performed on the on-premise controller (Omada / UniFi / pfSense). Operator-level controllers may keep their own short-term logs outside the portal's control
The Harbor Neighbor philosophy is the same as the rest of Harbor Privacy: collect only what is needed to deliver the feature, and delete what is no longer needed. Sharing a network with neighbors should not mean sharing your browsing with them — or with us.
Harbor Scan
Identifiers in. Brokers out. Nothing else moves.
Harbor Scan is the one product where we deliberately hold and transmit your personal identifiers — your name, addresses, emails, phones, relatives — because that's literally what we have to send brokers to get you de-listed. We treat that data as bonded cargo: only the manifest you authorize, only to the brokers you specified, and nothing rides along.
HARBOR SCAN — DATA HANDLING
- We do not share your identifiers with anyone other than the specific brokers you have asked us to file against
- We do not use your identifiers for advertising, analytics, profile-building, or AI training
- We do not file a single opt-out without your signed CCPA agent-authorization on file (the engine refuses with status
blocked_unauthorized)
- We do not retain inbound broker correspondence beyond what is needed to extract confirmation links and prove receipt
- We store your identifiers, your scan findings, your opt-out request log, and your signed authorization for as long as your account is active
- We send your identifiers to each broker exactly once per opt-out attempt (or re-attempt if you are relisted)
- Outgoing CCPA letters are sent from
privacy@harborprivacy.app via Resend. Confirmation links arrive at scan-confirm@harborprivacy.app (Resend Inbound) and are immediately webhooked into our worker
- Free scans are deleted 7 days after signup. No conversion to paid required — the deletion happens automatically on the 7th day
- Paid plan data is deleted within 30 days of cancellation. Both clocks are enforced by an automated nightly purge with no human override
- Inbound broker confirmation emails age out 30 days after we receive them, regardless of which profile they belong to
The opposite of Harbor Scan is every broker site you've ever heard of: they collect your data without asking, package it up, and sell it for $4.99. We charge you a small fee instead so we never have to do that.
Why This Matters
This is intentional, not incidental.
OUR COMMITMENT
We built Harbor Privacy specifically because we believe your browsing history is none of your ISP's business — and none of ours either.
A privacy service that logs your data is not a privacy service. We designed our infrastructure from the ground up to collect as little as technically possible while still delivering the service.
Children's Privacy (Harbor Kids)
COPPA COMPLIANCE
Harbor Kids accounts are established and managed entirely by a parent or legal guardian. We do not knowingly collect personal information from children under 13.
If you believe a child under 13 has provided us with personal information without parental consent, contact us at support@harborprivacy.com and we will delete it immediately.
Harbor Kids child profiles are identified only by a sub-account ID appended to the parent account (e.g. accountid-kid1). No names, ages, or any personal information about the child is stored. DNS filtering is applied at the network level — we do not monitor, record, or retain what sites your child visits.
Harbor Kids is not directed at children. It is a parental tool, purchased and managed by adults. Children do not create accounts, log in, or interact with our systems in any way.
If you have questions about our data practices, email us at info@harborprivacy.com. We will answer in plain English.