1. Controller and Contact
Harbor ("we", "us", "our") operates the hosting platform at host-harbor.com. We are the data controller for the personal data we process in connection with our services.
For privacy-related inquiries, contact us at support@mail.hostharbor.eu. We are based in Finland. If we appoint a Data Protection Officer (DPO), their contact details will be published here.
2. Purposes and Legal Basis
We process your personal data for the following purposes:
- Account management: To create and maintain your account, authenticate you, and provide access to our services (legal basis: contract performance).
- Service delivery: To deploy your applications, manage domains, provide the website builder, and process payments (legal basis: contract performance).
- Support: To respond to your inquiries and provide technical support (legal basis: contract performance and legitimate interest).
- Compliance: To comply with legal obligations (e.g., accounting, tax, domain registry requirements) (legal basis: legal obligation).
- Security and fraud prevention: To protect our platform and users (legal basis: legitimate interest).
3. Categories of Personal Data
We process: name, email address, password (hashed), billing address, payment information (via Stripe), domain contact information (for WHOIS/registry), GitHub account linkage (for deployments), application and deployment data, and audit logs of account activity.
4. Recipients and Subprocessors
We share data with the following categories of recipients:
- Stripe — Payment processing (EU/US, with appropriate safeguards)
- OpenProvider — Domain registration and DNS (EU)
- Coolify / Hetzner — Hosting infrastructure (EU data centers)
- GitHub — Repository access for deployments (US, with Standard Contractual Clauses)
We have or are establishing Data Processing Agreements (DPAs) with these subprocessors to ensure GDPR-compliant processing.
5. Retention Periods
- Account data: Until you delete your account, plus a short period for backup retention.
- Audit logs: At least 6 months for accountability (GDPR Article 5(2)).
- Payment records: 7 years (Finnish accounting law).
- Domain/WHOIS data: Per registry requirements (ICANN, EURid, Traficom).
6. Your Rights (GDPR)
You have the right to:
- Access (Article 15): Request a copy of your data. Use the "Export My Data" feature under Account → Privacy & data.
- Rectification (Article 16): Correct inaccurate data via your account settings.
- Erasure (Article 17): Delete your account and associated data. Use "Delete My Account" under Account → Privacy & data.
- Restriction (Article 18): Request restriction of processing in certain circumstances.
- Portability (Article 20): Receive your data in a machine-readable format.
- Object (Article 21): Object to processing based on legitimate interests.
- Withdraw consent: If processing is based on consent, you may withdraw it at any time.
- Lodge a complaint: You have the right to lodge a complaint with the Finnish supervisory authority, the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto): tietosuoja.fi
7. Mandatory vs Voluntary Data
Providing account and payment data is necessary to perform our contract with you. Without it, we cannot provide our services. You may choose not to provide optional profile information (e.g., name) without affecting core functionality.
8. Cookies and Similar Technologies
We use cookies and similar technologies in accordance with Finland's Act on Electronic Communications and the ePrivacy Directive. Non-essential cookies require your explicit consent. Refusing or withdrawing consent is as easy as giving it. For details, see our Cookie Policy (if published) or contact us.
9. International Transfers
Our infrastructure is primarily in the EU (Finland, Germany). Where we use services in third countries (e.g., US), we rely on adequacy decisions, Standard Contractual Clauses, or other appropriate safeguards as required by GDPR Chapter V.
10. Changes
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.