Harbor Labs Privacy Policy


Effective: October 2022


Last Updated:  October 2022


1. INTRODUCTION


Harbor Labs LLC (“Harbor Labs,” the “Company,” “we,” “our,” or “us”) is committed to protecting your privacy. This privacy policy (“Privacy Policy” or the “Policy”) describes how Harbor Labs collects, uses, shares, and stores personal information of users of its website, located at https://www.harbor.com/ (the “Website” or “Site”). This Policy applies to visitors of the Site and users of Harbor Labs’s applications, products, and services (including associated plug-ins and mobile applications) (collectively, “Services” or “Harbor Labs Services”). 


By using the Services, you accept the terms of this Policy and our Terms of Use and consent to our collection, use, disclosure, and retention of your information as described in this Policy.  If you have not done so already, please also review our Terms of Use and Cookie Policy, which are incorporated herein by reference. The Terms of Use contain provisions that limit our liability to you and require you to resolve any dispute with us on an individual basis and not as part of any class or representative action. IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY OR OUR TERMS OF USE, THEN PLEASE DO NOT USE ANY OF THE SERVICES.


Please note that this Policy does not apply to information collected through third-party websites or services that you may access through the Services or that you submit to us through email, text message, or other electronic message or offline. We are not responsible for the privacy practices of these third-party services or applications. We recommend carefully reviewing the user terms and privacy statement of each third-party service, website, and/or application prior to use.


Depending on applicable law of your jurisdiction, you may be able to assert certain rights related to your personal information. Please note that rights are not absolute and may be subject to conditions. Please see the additional notices below for California and Vermont residents. If you are visiting the Site from the European Economic Area (EEA), Switzerland, or the United Kingdom (UK), see our Notice to Certain European Data Subjects below for our legal bases for processing and transfer of your data. To the extent we collect personal information from such users, Harbor Labs is the “controller” of such data for purposes of GDPR.


2. TABLE OF CONTENTS

  • What We Collect
  • Use of Personal Information
  • Sharing of Personal Information
  • How Information is Secured
  • Information Choices and Changes
  • Eligibility
  • Notice to California Residents
  • Notice to Certain European Data Subjects
  • Notice to Vermont Residents
  • Changes to this Privacy Policy
  • Contact Information

3. WHAT WE COLLECT


We may get information about you in a range of ways, though we currently do not contemplate the collection of users’ personal information. We may collect certain non-personally identifiable information from you and other information collected automatically. Further, we may collect non-personally identifiable information about you that can be linked with other information to reasonably identify you. In any regard, we aim to provide the Services in a manner that collects no personal information from users or as little personal information as possible if we collect personal information in the future or when you voluntarily provide it to us.


Information You Give Us. Information we collect from you may include:

  • Identity information (if applicable or provided pursuant to a notice or exercise of rights described in the sections below), such as your first name, last name, username or similar identifier, title, date of birth, and gender;
  • Contact information, such as your postal address, email address, and telephone number (depending on how you contact us);
  • Profile information, such as your username or alias, interests, preferences, feedback, and survey responses;
  • Feedback and correspondence, such as information you provide in your responses to surveys, when you participate in market research activities, report a problem with Service, receive customer support, or otherwise correspond with us;
  • Marketing information, such as your preferences for receiving marketing communications and details about how you engage with them;

When you create a wallet through our Services, encrypted wallet public key and private key pairs are automatically generated by the software and stored in encrypted form. We do not store the passwords required to decrypt public or private keys. In no event will we ask you to share your private keys or wallet seed. Never trust anyone or any website that asks you to enter your private keys or wallet seed. YOU ARE SOLELY RESPONSIBLE FOR KEEPING YOUR WALLET PASSWORD, PRIVATE KEYS, AND SECRET RECOVERY/BACKUP PHRASE SAFE AND CONFIDENTIAL.


Information Automatically Collected. We may collect certain data automatically. We use this information to administer the Services and we analyze (and may engage third parties to analyze) this information to improve and enhance the Services by expanding its features and functionality and tailoring it to our users’ needs and preferences. 


Information we collect from you automatically may include:

  • Log Data. We may automatically record certain information about how you use our Site (we refer to this information as “Log Data“). Log Data may include information such as a user’s Internet Protocol (IP) address, device and browser type, operating system, the pages or features of our Site to which a user browsed and the time spent on those pages or features, the frequency with which the Site are used by a user, search terms, the links on our Site that a user clicked on or used, and other statistics. 
  • Cookies. We may use cookies, local storage or similar technologies to analyze trends, administer the Site, track users’ movements around the Site, and to gather demographic information about our user base as a whole. Users can control the use of cookies and local storage at the individual browser level. For more information, please see our Cookies Policy.
  • Google Analytics. We also may use Google Analytics to help us offer you an optimized user experience.  You can find more information about Google Analytics’ use of your personal data here: https://www.google.com/analytics/terms/us.html
  • Blockchain and Transaction Data. We may collect and analyze transaction information, such details about transactions you make through the Services, and other blockchain data for research and development purposes, to ensure compliance with our Terms, and other purposes consistent with our Terms and this Policy. We may also collect information about your use of third-party services or decentralized applications (“dApps”) that you connect to through the Services.
  • Other Usage Data. We may collect service-related, diagnostic, and performance information. This includes high level information about your activity (such as how you use our Services and how you interact with others using our Services), and diagnostic, crash, website, and performance logs and reports. 

4. USE OF PERSONAL INFORMATION


To provide our service


We may use your personal information in the following ways:

  • To enable you to access and use the Services.
  • To provide and deliver products and services that you may request.
  • To process and complete transactions, and send you related information, including purchase confirmations and invoices.

To send information, including confirmations, technical notices, updates, security alerts, and support and administrative messages.


To communicate with you


We may use your personal information to communicate about promotions, upcoming events, and other news about products and services offered by us and our selected partners.


To optimize our platform


In order to optimize your user experience, we may use your personal information to operate, maintain, and improve our Services. We may also use your information to respond to your comments and questions regarding the Services, and to provide you and other users with general customer service. 


With your consent


We may use or share your personal information with your consent, such as when you consent to let us post your testimonials or endorsements on our Site, you instruct us to take a specific action with respect to your personal information, or you opt into third party marketing communications.


For compliance, fraud prevention, and safety


We may use your personal information to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity. We may use your information to enforce any applicable Terms of Use, exercise or defend legal claims, detect, prevent, or address security or technical issues, or otherwise protect our property, legal rights, or that of others.


Other Legitimate Interest


We may use your information for other legitimate purposes in order to provide the Services. We may use your information to fulfill our contractual obligations pursuant to the terms of such applicable contract when it is reasonably necessary to achieve our legitimate business interests. 


5. SHARING OF PERSONAL INFORMATION


We do not share the personal information that you provide us with other organizations without your express consent, except as described in this Privacy Policy. We may disclose personal information to third parties under the following circumstances: 

  • Affiliates. We may disclose your personal information to our subsidiaries and corporate affiliates (i.e. our family of companies that are related by common ownership or control) for purposes consistent with this Privacy Policy.
  • Business Transfers. We may share personal information when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
  • Compliance with Laws and Law Enforcement; Protection and Safety. We may share personal information for legal, protection, and safety purposes.
    • We may share information to comply with laws.
    • We may share information to respond to lawful requests and legal processes.
    • We may share information to protect the rights and property of the Company, our agents, customers, and others. This includes enforcing our agreements, policies, and terms of use.
    • We may share information in an emergency. This includes protecting the safety of our employees and agents, our customers, or any person.
  • Professional Advisors and Service Providers. We may share information with those who need it to do work for us. These recipients may include third party companies and individuals to administer and provide the Service on our behalf (such as bill and credit card payment processing, customer support, hosting, email delivery, and database management services), as well as lawyers, bankers, auditors, and insurers.
  • Other. You may permit us to share your personal information with other companies or entities of your choosing. Those uses will be subject to the privacy policies of the recipient entity or entities. 

Anonymized and Aggregated Data


We may also share aggregated and/or anonymized data with others for their own uses. In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely for any business purpose without further notice to you. Anonymization is a data processing technique that modifies personal information so that it cannot be associated with a specific individual. Types of data we may anonymize include, transaction data, click-stream data, performance metrics, and fraud indicators.


6. HOW INFORMATION IS SECURED 


We retain information we collect as long as it is necessary and relevant to fulfill the purposes outlined in this Privacy Policy. In addition, we retain personal information to comply with applicable law where required, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms of Use, and other actions permitted by law. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.


We employ industry standard security measures designed to protect the security of all information submitted through the Services. However, the security of information transmitted through the internet can never be guaranteed. We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data. Users of the Services are responsible for maintaining the security of any password, biometrics, user ID or other form of authentication involved in obtaining access to password protected or secure areas of any of our digital services. In order to protect you and your data, we may suspend your use of any of the Services, without notice, pending an investigation, if any breach of security is suspected. 


7. INFORMATION CHOICES AND CHANGES


Where appropriate or legally required, we will describe how we may use the information collected about you so that you can make choices about how your information is used. Further, depending where you are located, you may have certain rights in connection with the personal information that we obtain about you. These rights vary depending on your jurisdiction and are generally described with regards to certain individuals in Sections 9, 10 and 11 below. 


Accessing, Updating, Correcting, and Deleting your Information


You may access information that you have voluntarily provided through your account on the Services, and to review, correct, or delete it by sending a request to privacy@harbor.com. You can request to change contact choices, opt-out of our sharing with others, and update your personal information and preferences.


Please note that, by design, blockchain data is publicly available and may not be capable of being changed or deleted due to its immutable nature. This may affect your ability to exercise certain rights that may otherwise be available to you (such as the right to erasure, to object, or to restrict processing of your personal data). Although smart contracts may be used to revoke certain access rights and some content may be made invisible to others, it is not deleted.


Tracking Technologies Generally


Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers and in some instances blocked in the future by selecting certain settings. You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Sites may become inaccessible or not function properly. For more information, please see our Cookies Policy


Google Analytics


You may exercise choices regarding the use of cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout and downloading the Google Analytics Opt-out Browser Add-on.


8. ELIGIBILITY


Our Services are not intended for persons under the age of 18, and we do not knowingly or intentionally collect any personal information from, or market to, individuals under the age of 18.  Consistent with the requirements of the Children’s Online Privacy Protection Act (COPPA), if we learn that we have received any information directly from a child under age 13, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Site and subsequently we will delete that information.


9. NOTICE TO CALIFORNIA RESIDENTS


Under California Civil Code Section 1789.3, California users of the Site are entitled to the following consumer rights notice: California residents may reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, CA 95834, or by telephone at (916) 445-1254 or (800) 952-5210.


This section provides additional details about the personal information we may collect about California consumers and the rights they may have under the California Consumer Privacy Act or “CCPA.”


For more details about the personal information we collect from you, please see the “What We Collect” section above. We collect this information for the business and commercial purposes described in the “Use of Personal Information” section above. We share this information with the categories of third parties described in the “Sharing of Personal Information” section above. Harbor Labs does not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out). Please refer to our Cookies Policy for more information regarding the types of third-party cookies, if any, that we use.


Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information collected about them (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.


California consumers may make a request pursuant to their rights under the CCPA by contacting us at legal@harbor.com. Please note that you must verify your identity and request before further action is taken. As a part of this process, government identification may be required. Consistent with California law, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government issued identification, and the authorized agent’s valid government issued identification.


10. NOTICE TO CERTAIN EUROPEAN DATA SUBJECTS


Personal Information


With respect to EEA and UK data subjects, “personal information,” as used in this Privacy Policy, is equivalent to “personal data” as defined in the European Union General Data Protection Regulation (GDPR). 


Sensitive Data


Some of the information you provide us may constitute sensitive data as defined in the GDPR (also referred to as special categories of personal data), including identification of your race or ethnicity on government-issued identification documents.


Legal Bases for Processing


We only use your personal information as permitted by law. Below are the legal bases of any processing of your personal information. If you have questions about the legal bases under which we process your personal information, contact us at privacy@harbor.com.


Processing PurposeLegal Basis
To provide our serviceOur processing of your personal information is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Services.
To communicate with youTo optimize our platformFor compliance, fraud prevention, and safetyTo provide our serviceThese processing activities constitute our legitimate interests. We make sure we consider and balance any potential impacts on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by any adverse impact on you (unless we have your consent or are otherwise required or permitted to by law).
To comply with lawWe use your personal information to comply with applicable laws and our legal obligations.
With your consentWhere our use of your personal information is based upon your consent, you have the right to withdraw it anytime in the manner indicated in the Services or by contacting us at privacy@harbor.com.

Use for New Purposes


We may use your personal information for reasons not described in this Privacy Policy, where we are permitted by law to do so and where the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis for that use. If we have relied upon your consent for a particular use of your personal information, we will seek your consent for any unrelated purpose.


Your Rights


In some regions like the EEA and UK, you may have certain rights regarding your personal information under applicable data protection laws. If applicable, you may ask us to take the following actions in relation to your personal information that we hold:

  • Opt-out. Stop sending you direct marketing communications which you have previously consented to receive. We may continue to send you Services-related and other non-marketing communications.
  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information.
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Restrict. Restrict the processing of your personal information.
  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You can submit these requests by email to privacy@harbor.com. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at privacy@harbor.com or submit a complaint to the data protection regulator in your jurisdiction. If you are a resident of the EEA or UK, you can find a list of data protection regulators in Europe here. If you are a resident of Switzerland, the contact details for the data protection authorities are available here.


Cross-Border Data Transfer


Please be aware that your personal data will be transferred to, processed, and stored in the United States. Data protection laws in the U.S. may be different from those in your country of residence. You consent to the transfer of your information, including personal information, to the U.S. as set forth in this Privacy Policy by visiting our Site or using our service.


Whenever we transfer your personal information out of the EEA to the U.S. or countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on a data transfer mechanism recognized by the European Commission as providing adequate protection for personal information. Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA. 


11. NOTICE TO VERMONT RESIDENTS


The Vermont Financial Privacy Act limits what we can do with your financial information and gives you rights to limit our sharing of your financial information. Under the Vermont Financial Privacy Act, Vermont residents have the right to receive notice and opt-in to sharing non-public Personal Information with non-affiliated third parties. Additionally, residents must consent to us sharing information regarding credit worthiness.


We do not share your information with affiliates and non-affiliated third parties, except for certain business purposes (e.g., to service your accounts), to market our products and services, as permitted by law, or with your consent. Additionally, we will not disclose credit information about you with our affiliates or non-affiliated third parties, except as required or permitted by law. Please review this Privacy Policy for information about our practices in accordance with the Vermont Financial Privacy Act. Please contact us using the contact information below to opt-in to, or opt-out of, sharing your non-public Personal Information.


12. CHANGES TO THIS PRIVACY POLICY 


We may change this Privacy Policy at any time. We encourage you to regularly review this page for the latest information on our privacy practices. If we make any changes, we will change the Last Updated date above. Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the changes to the Sites (or as otherwise indicated at the time of posting). In all cases, your continued use of the Sites or Services after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.


13. CONTACT INFORMATION 


We welcome your comments or questions about this Policy, and you may contact us at: privacy@harbor.com.