The short version: We do not log your DNS queries, fax contents, resume submissions, or bank credentials. Harbor Money never connects to your bank — you forward us transaction emails and we parse them locally. We do not sell data. We do not share data with third parties except what is strictly required to deliver the service you paid for. The third parties we use are listed in full below.
1. Who We Are
Harbor Privacy operates five products: a DNS-based network protection service (Harbor Privacy DNS), a scheduling platform (Harbor Booking), a personal budgeting tool that reads forwarded transaction emails (Harbor Money), a secure anonymous fax service (Harbor Privacy Fax), and an AI-powered career document tool (Career by Harbor Privacy). All products are operated under the Harbor Privacy brand from Pembroke, MA.
Questions: privacy@harborprivacy.com
2. What We Collect and Why
Harbor Privacy DNS
DNS queries are processed in memory only and never written to disk or retained. We collect:
- Your email address (to create and manage your account)
- Payment information (processed entirely by Stripe -- we never see or store your card details)
- Your assigned AdGuard client ID (to provision your DNS endpoint)
Harbor Privacy Fax
- Your document is uploaded, converted, and transmitted to the destination fax number via Telnyx
- The file is permanently deleted the moment Telnyx confirms delivery via webhook
- We do not store the fax number dialed, document contents, or cover page message after transmission
- No account is required to send a fax
- Payment is processed by Stripe. We do not store card details.
- The only record retained is a Stripe transaction ID, amount, and timestamp for billing reconciliation
Career by Harbor Privacy
- Resume and job description text is submitted to Anthropic's Claude API to generate your document
- Submitted content is not retained after your document is delivered
- We do not use your resume content to train AI models
- Payment is processed by Stripe via access codes
Harbor Booking
- Scheduling data (client names, email addresses, phone numbers, appointment times) is stored to operate the service
- Scheduling notes are for coordination only — do not enter medical or clinical information
- We do not sell, share, or use scheduling data for advertising or analytics
- Appointment data is deleted within 30 days of account closure
- A single session cookie is used for login — no advertising or tracking cookies
- Confirmation and reminder emails are sent via Resend. Email addresses are not shared beyond delivery
- Payment is processed by Stripe. We do not store card details
- Harbor Booking is a scheduling tool only and is not a HIPAA-covered service. Do not use it to store protected health information without a signed Business Associate Agreement
Harbor Money
We never connect to your bank. Harbor Money does not request, store, or transmit any banking credentials. Instead you forward bank-issued transaction emails to a private address we generate for you.
- Your email address (account login + outbound notifications)
- Your unique inbound address (e.g.
tx-XXXX@money.harborprivacy.com) — rotate it any time from Settings - Forwarded transaction emails: from address, subject, plaintext body (truncated to 64KB) — kept for audit and re-parse only
- Parsed transaction fields: date, amount, merchant, last-four digits of the card if the email mentions it
- Account labels you create (e.g. "Chase Sapphire ····4582")
- Optional uploaded CSV statements — used to reconcile and find missing transactions
- Categories, goals, and recurring-bill expectations you configure
What we explicitly do not store:
- Bank usernames, passwords, account numbers (only last-four when present in an email)
- Account balances pulled from your bank (we don't have your bank)
- Anything from emails you do not forward to your Harbor Money address
If we send your transaction text to an AI model as a fallback parser (when our built-in parsers fail), we send only the subject + plaintext body — no other account data — and the model provider's policy applies to that one request. AI parsing is opt-out in Settings.
3. Third-Party Services — Full Disclosure
We use a minimal, carefully chosen set of third-party services. Here is every external service that touches your data across all Harbor Privacy products:
| Service | Purpose | Products | Data Shared | Their Policy |
|---|---|---|---|---|
| Stripe | Payment processing | DNS, Booking, Fax, Career, Money | Payment card details, transaction amount, email (if provided). We never see or store raw card numbers. | stripe.com/privacy |
| Cloudflare Email Routing | Receives transaction-alert emails forwarded by users to their private Harbor Money address | Money | The complete forwarded email (from address, subject, body) en route to our parser. Cloudflare acts as a conduit and does not retain forwarded mail after delivery. | cloudflare.com/privacypolicy |
| Anthropic (Claude Haiku) | Fallback transaction parser when our built-in parsers can't read an email | Money (optional, can be disabled) | Only the subject + plaintext body of the single email being parsed. No account context, balances, or other transactions are sent. | anthropic.com/privacy |
| Telnyx | Fax transmission (T.38 FoIP) | Fax | Your document (temporarily, for transmission only), destination fax number, delivery status. Telnyx operates as a conduit and does not retain document contents after transmission. | telnyx.com/privacy-policy |
| Anthropic | AI document generation (Claude API) | Career | Resume text and job description submitted for document generation. Subject to Anthropic API data handling policies. We do not send identifying information beyond document content. | anthropic.com/privacy |
| Resend | Transactional email (receipts, login links, fax delivery, parse-failure notes) | DNS, Booking, Fax, Career, Money | Your email address and the content of the transactional email (receipt or delivery notification). Not used for marketing. | resend.com/privacy |
| Umami Analytics | Privacy-respecting page view analytics (self-hosted by us) | DNS, Booking, Fax, Career, Money | Aggregate page view counts and referrer sources only. No cookies, no fingerprinting, no individual tracking, no personally identifiable information collected. | umami.is/privacy |
| Oracle Cloud | Server infrastructure hosting | DNS, Booking, Fax, Career, Money | All Harbor Privacy services run on Oracle Cloud Infrastructure (OCI) in the US. Oracle provides the compute environment but does not access application-level data. | oracle.com/legal/privacy |
| AdGuard Home | DNS filtering engine (self-hosted) | DNS | Self-hosted on our Oracle Cloud infrastructure. No data leaves our servers. AdGuard Home is open source (GPL v3). Query logs are disabled. | adguard.com/privacy |
We do not use Google Analytics, Meta Pixel, or any advertising technology on any Harbor Privacy property. We do not sell, rent, or share your data with advertisers or data brokers.
4. Cookies and Analytics
We use Umami Analytics -- a cookieless, privacy-respecting analytics platform. It collects no personally identifiable information, uses no cookies, and does not fingerprint your browser. It gives us aggregate traffic counts only.
No other cookies or tracking scripts are present on any Harbor Privacy property.
5. Data Retention
- DNS queries: Never stored. Zero retention.
- Fax documents: Deleted immediately on Telnyx delivery confirmation. Maximum 30-minute failsafe cleanup if transmission does not complete.
- Career documents: Not retained after PDF delivery.
- DNS account data: Retained for the life of your subscription plus 30 days after cancellation, then permanently deleted.
- Payment records: Stripe transaction ID, amount, and timestamp retained as required for tax and financial records (typically 7 years). No document or query content is included.
- Fax delivery confirmation emails: Sent via Resend and not stored on our servers.
6. Security
All data in transit is encrypted via TLS. Our servers run hardened Ubuntu instances on Oracle Cloud with restricted SSH access and no unnecessary open ports. API keys and secrets are stored in systemd environment variables, never in source code or logs. We do not operate shared hosting environments.
7. Your Rights
Because we collect so little, there is very little to act on -- but you have the right to request deletion of your account and associated data, ask what data we hold about you, and correct any inaccurate account information. Email privacy@harborprivacy.com and we will respond within 5 business days.
8. Law Enforcement
Because we do not log DNS queries, fax contents, or document submissions, there is nothing substantive to hand over. In the event of a valid legal request, we can only provide what we actually retain: account email addresses and Stripe payment records for DNS subscribers. We have no ability to produce browsing history, fax contents, or document contents because we do not store them.
9. Children
Harbor Privacy services are not directed at children under 13. We do not knowingly collect data from children.
10. Changes to This Policy
If we make material changes, we will update the date above and notify active DNS subscribers by email. Continued use after an update constitutes acceptance.
11. Contact
Harbor Privacy | privacy@harborprivacy.com | harborprivacy.com