Skip to content

Legal

Privacy Policy

What we collect, why, where it's stored, and how to delete it.

Effective:

HarborGuard ("we", "us") provides a container vulnerability scanning platform. This privacy policy explains the categories of personal data we collect, why we collect it, how long we keep it, and how to exercise your rights as a data subject.

What we collect

  • Account data: name, email address, hashed password (bcrypt), and the organization you belong to. Required to authenticate you.
  • Scan and image metadata: registry URLs, image references, layer digests, vulnerability findings, and SBOMs. Required to deliver the product.
  • Usage telemetry: page views, feature usage, error reports. Used to improve the product. We do not sell or share telemetry with third parties beyond our infrastructure providers.
  • Billing data: handled by Stripe. We store the customer ID and the last four digits of the payment method, never the full card number.

What we do not collect

  • The contents of the container images you scan. We extract layer-level package metadata; we do not retain or transmit your application source code or runtime data.
  • Personal data of users of your applications. HarborGuard scans your container images, not your end users.

Where data is stored

All customer data is stored in PostgreSQL on Fly.io in the United States (region: iad). Backups are encrypted and retained for 30 days. Self-hosted deployments retain data wherever the operator deploys the platform.

Retention

  • Scan results: retained per the org-level reportRetentionDays setting (default 365 days).
  • Audit logs: 7 years.
  • Account data: deleted within 30 days of account closure.

Your rights

You can export, correct, or delete your data at any time from /settings/danger. For requests under GDPR or CCPA, email privacy@harborguard.co; we respond within 30 days.

Sub-processors

We list our sub-processors in our Data Processing Addendum. Notable processors include Fly.io (compute and database), Stripe (billing), SendGrid (transactional email), and Intercom (customer support).

Contact

Email privacy@harborguard.co for any privacy concern. For security issues, see our security page.