Privacy Policy

Introduction

Harbor Project provides a platform for responsible vulnerability disclosure and coordinated communication. Because the service processes account data and vulnerability reports, we are committed to transparent data practices and reasonable safeguards aligned with the sensitivity of the information we handle.

Information We Collect

Account information

We may collect names, email addresses, organization details, authentication identifiers, and profile data needed to create and manage accounts.

Vulnerability submission data

We collect report titles, technical descriptions, affected assets, reproduction steps, severity context, timestamps, and status history.

Uploaded evidence

Users may upload screenshots or other files that support remediation workflows and internal review.

Disclosure communication data

We process messages, status updates, and audit events exchanged between researchers and participating organizations.

How We Use Information

We use information to operate the platform, authenticate users, route reports, facilitate responsible disclosure, provide security notifications, maintain platform integrity, and support legal and compliance obligations.

Legal Basis for Processing

Depending on jurisdiction, our legal bases may include contract performance, legitimate interests in securing systems and preventing abuse, consent where required, and compliance with applicable legal obligations.

Data Retention

We retain data for as long as reasonably necessary to provide services, preserve disclosure history, resolve disputes, enforce terms, and satisfy legal requirements. Retention periods vary by data type and program-specific compliance needs.

Third-Party Services

We may use authentication providers, email notification services, and cloud infrastructure providers to deliver core platform functionality. These providers process data under contractual safeguards and only as needed for service delivery.

Security of Data

We apply administrative, technical, and organizational controls designed to protect confidentiality and integrity, including access controls, least-privilege design, and monitoring. No method of storage or transmission is completely risk-free.

Cookies and Tracking

We may use cookies and similar technologies for authentication, session continuity, platform reliability, and aggregate analytics. You can manage cookies in browser settings, though certain features may not function properly if disabled.

International Data Transfers

Where data is transferred across borders, we implement reasonable safeguards such as contractual protections and provider security commitments consistent with applicable data protection laws.

Children's Privacy

The platform is not directed to children, and we do not knowingly collect personal information from individuals below the minimum legal age in applicable jurisdictions.

User Rights

Subject to applicable law, users may have rights to access, correct, delete, or restrict processing of personal information, and to request export of certain data. We may request verification before fulfilling rights requests.

Changes to This Policy

We may revise this Privacy Policy periodically. Material updates will be communicated through the platform or by other reasonable means, and the revised policy will become effective on posting unless otherwise stated.

Contact Information

For privacy inquiries or data rights requests, contact the Harbor Project team through the platform support channel associated with your account.