Privacy Policy

Last updated: 16 February 2025

1. Introduction

Harbour AI ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our platform, website, and related services (the "Service"). We comply with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and other applicable data protection legislation.

2. Data Controller

Harbour AI is the data controller responsible for your personal data. If you have any questions about how we handle your data, please contact us at support@harbour-ai.com.

3. Data We Collect

We collect the following categories of data:

  • Account information: Name, email address, organisation name, and authentication credentials (including via Google OAuth).
  • Business and customs data: Product catalogues, tariff classifications, historical import records, MSS reports, CDS entries, and related trade documentation that you upload or that we retrieve through authorised integrations (e.g. Shopify).
  • Usage data: Information about how you interact with the Service, including pages visited, features used, and session duration.
  • Technical data: IP address, browser type, device information, and operating system.
  • Communications: Any correspondence you send to us, including support requests.

4. How We Use Your Data

We process your data for the following purposes:

  • Providing the Service: To analyse your customs data, generate tariff classification recommendations, identify duty recovery opportunities, and deliver compliance insights.
  • Account management: To create and maintain your account, authenticate your identity, and manage your subscription.
  • Service improvement: To improve the accuracy and performance of our AI models and platform features.
  • Communication: To send you service-related notifications, updates, and respond to your enquiries.
  • Legal compliance: To comply with applicable laws, regulations, and legal processes.

5. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract: Processing necessary to perform our contract with you and provide the Service.
  • Legitimate interests: Processing necessary for our legitimate business interests, such as improving the Service, provided these do not override your rights.
  • Consent: Where you have given explicit consent for specific processing activities.
  • Legal obligation: Processing necessary to comply with our legal obligations.

6. Data Security

We take security seriously. We are SOC 2 compliant and ISO 27001 certified. All data is encrypted at rest and in transit. We implement strict access controls, regular security audits, and follow industry best practices to protect your data against unauthorised access, alteration, disclosure, or destruction. Our infrastructure is hosted on secure cloud services with enterprise-grade security measures.

7. Data Sharing

We do not sell your personal data. We may share your data with the following categories of recipients:

  • Service providers: Third-party providers that help us operate the Service, including cloud hosting (Microsoft Azure), database services (Supabase), and analytics providers. These providers are contractually obligated to protect your data.
  • Professional advisors: Where necessary for duty recovery filings, legal rulings, or compliance matters, and only with your authorisation.
  • Legal requirements: Where required by law, regulation, or legal process.

8. International Data Transfers

Your data may be processed in countries outside the UK or the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner's Office, to protect your data to the same standard as within the UK and EEA.

9. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. We also retain data as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer required, it is securely deleted or anonymised.

10. Your Rights

Under applicable data protection law, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Restriction: Request that we limit the processing of your data in certain circumstances.
  • Portability: Request your data in a structured, commonly used, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, withdraw your consent at any time.

To exercise any of these rights, please contact us at hello@harbour-ai.com. We will respond within one month of receiving your request.

11. Cookies and Analytics

We use cookies and similar technologies to improve your experience, analyse usage patterns, and provide relevant content. You can manage your cookie preferences through your browser settings. For more information on the specific cookies we use, please contact us.

12. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will promptly delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

14. Complaints

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO). In the EU, you may contact the supervisory authority in your member state.

15. Contact

If you have any questions about this Privacy Policy, please contact us at support@harbour-ai.com.