Privacy Policy

Last updated: February 1, 2026

This Privacy Policy explains how Harmny Inc. ("Harmny," "we," "us," or "our") collects, uses, discloses, and protects information about you when you use our website, platform, and related services (collectively, the "Services"). By using our Services, you agree to the practices described in this policy.

1. Information We Collect

We collect information in three ways: information you provide directly, information we collect automatically, and information we receive from third parties.

Information you provide:

• Account registration data: name, work email address, job title, and organization name
• Profile information: photo, biography, and career history you choose to add
• Performance and career data: goals, reviews, ratings, and feedback entered into the platform
• Communications: messages you send to our support team or through in-platform messaging
• Payment information: billing address and payment card details (processed by our payment provider; we do not store raw card numbers)

Information collected automatically:

• Log data: IP address, browser type, operating system, referring URLs, and pages visited
• Device identifiers and session tokens
• Usage data: features accessed, actions taken, and timestamps
• Cookies and similar tracking technologies (see our Cookie Policy)

Information from Google:

If you choose to sign in with Google or connect your Google Calendar, we receive the following data from Google:

• Google Sign-In: your Google account email address, display name, and profile picture (via the openid, email, and profile scopes). This data is used solely to create or authenticate your Harmny account.
• Google Calendar: if you optionally connect your Google Calendar, we access your calendar events (via the calendar.events scope) to sync 1:1 meetings between Harmny and your Google Calendar. We create, update, and delete calendar events only for meetings you schedule within Harmny. We also read calendar events to display your upcoming schedule within the platform. Calendar data is not stored permanently — only a refresh token is stored to maintain the connection. You can disconnect your Google Calendar at any time from your account settings, which immediately deletes the stored refresh token.

Harmny's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google data for advertising, do not sell it to third parties, and do not use it to train AI models.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Harmny platform
• Process transactions and send related billing information
• Send administrative messages, including product updates, security alerts, and support responses
• Send marketing communications where you have opted in or where permitted by law
• Monitor and analyze usage patterns to improve product performance and user experience
• Detect, prevent, and respond to fraud, abuse, or security incidents
• Comply with legal obligations and enforce our Terms of Service

We do not use your data to train AI models or sell it to third parties for advertising purposes.

3. How We Share Your Information

We may share your information with:

• Your organization: data you enter into Harmny is visible to authorized personnel in your organization according to the role-based permissions your administrator configures
• Service providers: trusted sub-processors who help us deliver the Services (cloud hosting, email delivery, payment processing, error monitoring). All sub-processors are contractually bound to protect your data
• Legal requirements: when required by law, court order, or to protect the rights, property, or safety of Harmny, our customers, or the public
• Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before this occurs

4. Data Retention

We retain your personal data for as long as your organization maintains an active Harmny account. If your account is closed or your organization cancels its subscription, we will provide a data export and permanently delete all personal data within 30 days of the account closure date, unless a longer retention period is required by applicable law.

Anonymized, aggregated data (such as usage statistics) may be retained indefinitely as it cannot be used to identify you.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you
• Correction: request that we correct inaccurate or incomplete data
• Deletion: request that we delete your personal data, subject to legal retention requirements
• Portability: receive your data in a structured, machine-readable format
• Objection: object to processing based on legitimate interests
• Restriction: request that we restrict processing in certain circumstances
• Opt-out: unsubscribe from marketing emails at any time via the unsubscribe link in each message
• Revoke Google access: disconnect your Google Calendar from Harmny at any time via Settings → Integrations. You can also revoke Harmny's access from your Google Account permissions page. Revoking access immediately stops all calendar syncing and deletes the stored refresh token.

To exercise these rights, contact us at [email protected]. We will respond within 30 days. Some requests may need to be directed to your organization's Harmny administrator, as Harmny acts as a data processor on behalf of your employer.

6. Security

We implement industry-standard technical and organizational measures to protect your data, including TLS 1.3 encryption in transit, AES-256 encryption at rest, role-based access controls, and regular third-party security audits. For full details, see our Security page.

7. International Transfers

Harmny is based in the United States. If you are located outside the US, your data may be transferred to and processed in the United States or other countries. For transfers from the European Economic Area, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. Enterprise customers may request a data residency configuration for EU data to remain in our eu-west-1 region.

8. Children

Harmny is designed for professional use by adults. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a notice in the platform at least 30 days before the changes take effect. Continued use of our Services after the effective date constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact:

• Email: [email protected]
• EU Representative: Harmny EU Ltd., Am Hauptbahnhof 12, 60329 Frankfurt am Main, Germany