Privacy Policy

We collect the minimum information needed to run your account and your customer-facing website. We don't sell your data. We don't share your phone number or SMS opt-in data with anyone for marketing or promotional purposes. Anything we do share goes only to subprocessors that help us deliver the service (hosting, email, payments, SMS) — and only to the extent they need to do that job.

Harland is operated by Harland, LLC. You can reach us at support@tryharland.com.

When you sign up and use Harland, we collect:

• Account info: your name, email, phone, business name, trade, service area, and anything else you enter while setting up your business profile.
• Content you create: photos you upload, copy you write or that the AI generates for your site, your logo, and any leads or messages you exchange with customers through the platform.
• Customer contact info you submit on behalf of your customers: when a customer fills out the contact form on your website, we collect their name, phone number, optional email, and message — and pass that to you.
• Payment info: processed by Stripe. We never see your card number — we only see the last four digits, expiry, and a token from Stripe.
• Connected-service credentials: if you connect Google Business Profile, we store an encrypted OAuth token so we can read your reviews and post replies on your behalf. We never see or store your Google password.
• Usage data: standard log info (IP address, browser, what pages you visited) and product analytics events so we can fix bugs and understand what features are useful.

• To run your account, build and host your website, and process payments.
• To send you transactional emails and text messages — magic-link sign-in emails, lead notifications when a customer fills out your contact form, and account or billing notices.
• To respond when you contact us for support.
• To improve the product (bug fixes, feature decisions).

We don't use any of this for third-party advertising and we don't sell any of it.

When you sign up and provide your mobile number, you're consenting to receive SMS notifications about leads and account events. Message frequency varies — you'll get one message for each lead that comes through your website plus the occasional account notice. Message and data rates may apply. Reply STOP to opt out, HELP for help.

No mobile information sharing. Mobile information and SMS opt-in data will not be shared with third parties or affiliates for marketing or promotional purposes. The categories of personal information described in this section exclude text-messaging originator opt-in data and consent — this information will not be shared with any third party.

We pass the messages themselves through Twilio (our SMS provider) so they can be delivered to your carrier, and we keep a log of what we sent for your records and ours. That's the only sharing that happens.

We use these vendors to deliver the service. They process data on our behalf:

• Vercel — application hosting and DNS
• Neon — Postgres database hosting
• Stripe — payment processing
• Resend — transactional email
• Twilio — SMS delivery
• Sentry — error monitoring (no message content, just stack traces and request metadata)
• PostHog — product analytics (event-level, no message content)
• OpenAI and Anthropic — for AI-generated copy and logos
• Google — Google Business Profile API (when a customer connects their listing, we read their reviews and post replies via Google's APIs)

We use cookies for two things: (1) keeping you signed in via a secure session cookie, and (2) anonymous product analytics through PostHog. We don't use third-party advertising cookies.

Data is encrypted in transit (HTTPS/TLS) and at rest in our Postgres database. Connected-service credentials — like the OAuth tokens we use to sync your Google reviews — are additionally encrypted with AES-256-GCM before they're stored, so even if the database were exposed, the tokens wouldn't be usable. Access to production systems is restricted to the operator and is logged.

No system is bulletproof. If we ever discover a breach affecting your personal information, we'll notify you promptly and explain what was affected.

We keep account data for as long as your account is active. To delete your data, email support@tryharland.com — we'll remove your business profile, customers, leads, and messages and confirm when it's done. Some records (billing receipts, transaction logs) are retained longer where required by law.

You can request a copy of your data, ask us to correct something, or ask us to delete your account at any time. Email support@tryharland.com and we'll respond within 30 days. If you're in a jurisdiction with formal data-rights laws (GDPR, CCPA), those apply on top of this policy.

Harland is for businesses. We don't knowingly collect data from anyone under 13. If you believe a child has signed up, email us and we'll delete the account.

If we change this policy in a way that materially affects how we handle your data, we'll email you before it takes effect. The latest version always lives at this URL with the effective date at the top.

Questions, requests, or concerns: support@tryharland.com.