Privacy Policy | Harbor Privacy

Last updated: June 2026 | Applies to Harbor Privacy DNS, Harbor Booking, Harbor Money, Harbor Privacy Fax, Career by Harbor Privacy, Harbor Neighbor, Harbor Scan, and Harbor Stickers

The short version: We do not log your DNS queries, fax contents, resume submissions, or bank credentials. Harbor Money never connects to your bank — you forward us transaction emails and we parse them locally. Harbor Neighbor does not store any browsing data and erases device names when an account is deleted. We do not sell data. We do not share data with third parties except what is strictly required to deliver the service you paid for. The third parties we use are listed in full below.

1. Who We Are

Harbor Privacy operates seven products: a DNS-based network protection service (Harbor Privacy DNS), a scheduling platform (Harbor Booking), a personal budgeting tool that reads forwarded transaction emails (Harbor Money), a secure anonymous fax service (Harbor Privacy Fax), an AI-powered career document tool (Career by Harbor Privacy), a multi-tenant neighbor portal for shared networks (Harbor Neighbor), and a data broker opt-out service that finds and removes your personal info from people-search sites (Harbor Scan). All products are operated under the Harbor Privacy brand from Pembroke, MA.

Questions: privacy@harborprivacy.com or open a ticket at help.harborprivacy.com.

2. What We Collect and Why

Harbor Privacy DNS

DNS queries are processed in memory only and never written to disk or retained. We collect:

Your email address (to create and manage your account)
Payment information (processed entirely by Stripe -- we never see or store your card details)
Your assigned AdGuard client ID (to provision your DNS endpoint)

Harbor Privacy Fax

Your document is uploaded, converted, and transmitted to the destination fax number via Telnyx
The file is permanently deleted the moment Telnyx confirms delivery via webhook
We do not store the fax number dialed, document contents, or cover page message after transmission
No account is required to send a fax
Payment is processed by Stripe. We do not store card details.
The only record retained is a Stripe transaction ID, amount, and timestamp for billing reconciliation

Career by Harbor Privacy

Resume and job description text is submitted to Anthropic's Claude API to generate your document
Submitted content is not retained after your document is delivered
We do not use your resume content to train AI models
Payment is processed by Stripe via access codes

Harbor Booking

Scheduling data (client names, email addresses, phone numbers, appointment times) is stored to operate the service
Scheduling notes are for coordination only — do not enter medical or clinical information
We do not sell, share, or use scheduling data for advertising or analytics
Appointment data is deleted within 30 days of account closure
A single session cookie is used for login — no advertising or tracking cookies
Confirmation and reminder emails are sent via Resend. Email addresses are not shared beyond delivery
Payment is processed by Stripe. We do not store card details
Harbor Booking is a scheduling tool only and is not a HIPAA-covered service. Do not use it to store protected health information without a signed Business Associate Agreement

Harbor Money

We never connect to your bank. Harbor Money does not request, store, or transmit any banking credentials. Instead you forward bank-issued transaction emails to a private address we generate for you.

Your email address (account login + outbound notifications)
Your unique inbound address (e.g. tx-XXXX@money.harborprivacy.com) — rotate it any time from Settings
Forwarded transaction emails: from address, subject, plaintext body (truncated to 64KB) — kept for audit and re-parse only
Parsed transaction fields: date, amount, merchant, last-four digits of the card if the email mentions it
Account labels you create (e.g. "Chase Sapphire ····4582")
Optional uploaded CSV statements — used to reconcile and find missing transactions
Categories, goals, and recurring-bill expectations you configure

What we explicitly do not store:

Bank usernames, passwords, account numbers (only last-four when present in an email)
Account balances pulled from your bank (we don't have your bank)
Anything from emails you do not forward to your Harbor Money address

If we send your transaction text to an AI model as a fallback parser (when our built-in parsers fail), we send only the subject + plaintext body — no other account data — and the model provider's policy applies to that one request. AI parsing is opt-out in Settings.

Harbor Neighbor

Harbor Neighbor is a multi-tenant portal for shared physical networks. Each neighbor gets their own VLAN, SSID, and (where supported) WireGuard VPN peer. We collect only what is needed to provision and manage your slice of the network:

Your email address (account login and invitation delivery)
The VLAN, SSID name, and WireGuard peer assignments tied to your account
Device names you optionally label in the portal (e.g. "Living Room TV") — purely for your own UI convenience
Authentication session cookie — no advertising or tracking cookies

What we explicitly do not store:

Browsing data of any kind. We do not log, retain, or have access to the websites your devices visit, DNS queries from your VLAN, or the contents of any traffic flowing through the network. DNS resolution, if used, is handled by Harbor Privacy DNS under its own no-logs policy
Bandwidth-per-site, per-device traffic histories, or any per-flow metadata
Passwords or PSKs in plaintext — SSID PSKs are stored only on the network controller, not in our application database

Account deletion. When you delete your Harbor Neighbor account, all device names you entered are permanently removed along with the rest of your record. We do not retain device labels after deletion — there is no "soft delete" archive of device names tied to a former neighbor.

Harbor Scan

Harbor Scan finds your personal information on data broker / people-search sites (Spokeo, Whitepages, BeenVerified, etc.) and files automated CCPA opt-out requests on your behalf as your authorized agent under Cal. Civ. Code § 1798.135(c). To do this we must collect, store, and transmit the identifiers brokers use to index people. We do not minimize this data because brokers will not act on partial requests.

What we collect and store:

Your full legal name and any aliases / former names you give us
Date of birth (used by brokers for disambiguation; never required)
All email addresses, phone numbers, and physical addresses (current and prior) that you want removed
Names of relatives or associates (only to help us match your record vs. someone with the same name)
A signed CCPA agent-authorization form linking your identity to Harbor Privacy
Per-broker scan findings: the listing URL we found, the broker's snapshot of your record, our confidence score, and timestamps
Per-broker opt-out request status: when we submitted, when the broker confirmed, when we verified removal
Inbound emails from brokers (to extract confirmation links) — stored for audit; never analyzed beyond URL extraction

What we send to brokers (this is the entire point of the service):

Your identifiers in the CCPA letter / opt-out form, including everything in the list above
The Harbor Privacy authorization reference for your account
A reply-to address at support@harborprivacy.app for confirmation links

What we explicitly do not do:

Sell, share, or rent your identifiers to anyone other than the specific brokers you have asked us to file against
Use your identifiers for advertising, analytics, profile-building, or AI training
Submit any request before we have a signed authorization on file for the matching profile (the engine refuses with status blocked_unauthorized)

Retention & deletion. Harbor Scan honors two automatic deletion clocks:

Free scan signups: all data is deleted 7 days after signup — your name, address, emails, phones, the listings we found for you, and any inbound broker correspondence tied to your profile. After 7 days there is no record we ever scanned you.
Paid plans: we retain your data while your subscription is active so we can keep re-scanning and re-filing. When you cancel, we delete everything within 30 days.
Inbound broker emails: the raw confirmation emails brokers send us are deleted 30 days after receipt regardless of which profile they belong to.

Deletion is enforced by an automated nightly purge — there is no human review step that could keep your data around longer. Brokers may retain previously-filed opt-out requests in their own logs; you can re-request deletion from them directly under CCPA at any point.

Harbor Stickers (Shop)

We do not run the checkout — Stripe does. When you preorder or buy a sticker, the whole payment and order form is hosted and processed by Stripe. Stripe collects your name, email address, shipping address, and payment details directly. We never see or store your card number.

From Stripe we receive only what we need to fill your order: the items purchased, your name, your shipping address, and your email
Your shipping address is used to print a mailing label and send your stickers, and for nothing else
Your email is used to send an order confirmation and a note the day your order ships. We do not add you to a marketing list
We do not sell or share any of this, and we never store payment card details at any point
The only records we keep are the order and shipping details needed to fulfill it, plus a Stripe transaction ID for billing reconciliation. These are deleted once the order is shipped and the return window has passed
Free sticker requests emailed to us contain only the mailing address you choose to give us, used once to mail your sticker and then discarded

Harbor Help (Support Tickets)

Support tickets opened at help.harborprivacy.com contain only what you write to us: your email, an optional name, a category, a subject, and a message body. We use this to reply to you and nothing else — never for marketing, never shared with third parties.

Retention. Tickets are automatically deleted 30 days after they are closed. Open tickets stay until they are resolved or you ask us to discard them. The same nightly purge that enforces the Harbor Scan deletion clocks also enforces this one.

3. Third-Party Services — Full Disclosure

We use a minimal, carefully chosen set of third-party services. Here is every external service that touches your data across all Harbor Privacy products:

Service	Purpose	Products	Data Shared	Their Policy
Stripe	Payment processing	DNS, Booking, Fax, Career, Money, Neighbor, Stickers (where billing applies)	Payment card details, transaction amount, email, and (for sticker orders) shipping name and address. We never see or store raw card numbers.	stripe.com/privacy
Cloudflare Email Routing	Receives transaction-alert emails forwarded by users to their private Harbor Money address	Money	The complete forwarded email (from address, subject, body) en route to our parser. Cloudflare acts as a conduit and does not retain forwarded mail after delivery.	cloudflare.com/privacypolicy
Anthropic (Claude Haiku)	Fallback transaction parser when our built-in parsers can't read an email	Money (optional, can be disabled)	Only the subject + plaintext body of the single email being parsed. No account context, balances, or other transactions are sent.	anthropic.com/privacy
Telnyx	Fax transmission (T.38 FoIP)	Fax	Your document (temporarily, for transmission only), destination fax number, delivery status. Telnyx operates as a conduit and does not retain document contents after transmission.	telnyx.com/privacy-policy
Anthropic	AI document generation (Claude API)	Career	Resume text and job description submitted for document generation. Subject to Anthropic API data handling policies. We do not send identifying information beyond document content.	anthropic.com/privacy
Resend	Transactional email (receipts, login links, fax delivery, parse-failure notes, neighbor invitations)	DNS, Booking, Fax, Career, Money, Neighbor	Your email address and the content of the transactional email (receipt or delivery notification). Not used for marketing.	resend.com/privacy
Umami Analytics	Privacy-respecting page view analytics (self-hosted by us)	DNS, Booking, Fax, Career, Money, Neighbor	Aggregate page view counts and referrer sources only. No cookies, no fingerprinting, no individual tracking, no personally identifiable information collected.	umami.is/privacy
Oracle Cloud	Server infrastructure hosting	DNS, Booking, Fax, Career, Money, Neighbor	All Harbor Privacy services run on Oracle Cloud Infrastructure (OCI) in the US. Oracle provides the compute environment but does not access application-level data.	oracle.com/legal/privacy
AdGuard Home	DNS filtering engine (self-hosted)	DNS	Self-hosted on our Oracle Cloud infrastructure. No data leaves our servers. AdGuard Home is open source (GPL v3). Query logs are disabled.	adguard.com/privacy

We do not use Google Analytics, Meta Pixel, or any advertising technology on any Harbor Privacy property. We do not sell, rent, or share your data with advertisers or data brokers.

4. Cookies and Analytics

We use Umami Analytics -- a cookieless, privacy-respecting analytics platform. It collects no personally identifiable information, uses no cookies, and does not fingerprint your browser. It gives us aggregate traffic counts only.

No other cookies or tracking scripts are present on any Harbor Privacy property.

5. Data Retention

DNS queries: Never stored. Zero retention.
Fax documents: Deleted immediately on Telnyx delivery confirmation. Maximum 30-minute failsafe cleanup if transmission does not complete.
Career documents: Not retained after PDF delivery.
DNS account data: Retained for the life of your subscription plus 30 days after cancellation, then permanently deleted.
Harbor Neighbor browsing data: Never stored. Zero retention.
Harbor Neighbor device names: Permanently deleted at account deletion — no retained archive.
Payment records: Stripe transaction ID, amount, and timestamp retained as required for tax and financial records (typically 7 years). No document or query content is included.
Fax delivery confirmation emails: Sent via Resend and not stored on our servers.

6. Security

All data in transit is encrypted via TLS. Our servers run hardened Ubuntu instances on Oracle Cloud with restricted SSH access and no unnecessary open ports. API keys and secrets are stored in systemd environment variables, never in source code or logs. We do not operate shared hosting environments.

7. Your Rights

Because we collect so little, there is very little to act on -- but you have the right to request deletion of your account and associated data, ask what data we hold about you, and correct any inaccurate account information. Email privacy@harborprivacy.com and we will respond within 5 business days.

8. Law Enforcement

Because we do not log DNS queries, fax contents, or document submissions, there is nothing substantive to hand over. In the event of a valid legal request, we can only provide what we actually retain: account email addresses and Stripe payment records for DNS subscribers. We have no ability to produce browsing history, fax contents, or document contents because we do not store them.

9. Children

Harbor Privacy services are not directed at children under 13. We do not knowingly collect data from children.

10. Changes to This Policy

If we make material changes, we will update the date above and notify active DNS subscribers by email. Continued use after an update constitutes acceptance.

11. Contact

Harbor Privacy | privacy@harborprivacy.com | harborprivacy.com