Harness Digital Solutions Start Your Climb Contact
Legal

Harness Hub Privacy Policy

The data we collect, why we collect it, who we share it with, and how to get it out — including the storm-intelligence module for roofing contractors.

Effective date: 2026-05-20
Last updated: 2026-05-20

Harness Hub is a co-managed software platform operated by Harness Digital Solutions ("Harness", "we", "us", "our"). This Privacy Policy explains what personal information we collect when you use Harness Hub or any module that ships inside it, how we use that information, who we share it with, and the rights you have over your data.

This policy applies to the entire Harness Hub product family, including the marketing-collaboration workspace, the Pagestorm landing-page module, the Harness Agent contact-center module, the Harness AIM call-intelligence module, and the storm-intelligence module we operate for roofing contractors (hail and severe-weather detection, alerting, canvassing, and adjuster reporting). Where a module collects information that is materially different from the rest of the platform, this policy says so explicitly.

If you do not agree with this policy, please do not use Harness Hub.

1. Who this policy applies to

This policy covers personal information processed in connection with:

  • The Harness Hub web application at hub.harness10.com and any sub-domain we use to host the same application;
  • The Harness Hub mobile applications for iOS and Android (including the storm-intelligence module's mobile companion);
  • Public-facing marketing pages at harness10.com and the pages nested beneath it;
  • Public share links generated by Harness Hub customers (for example, adjuster-facing event pages with revocable tokens);
  • Operator-facing admin surfaces, restricted to authorized Harness staff and named partner-organization administrators;
  • Outbound integrations Harness Hub operates on a customer's behalf — Slack, AccuLynx, JobNimbus, Stripe, Twilio, SendGrid, Meta (Facebook and Instagram), X (Twitter), Google Business Profile, and generic outbound webhooks.

It does not cover third-party sites or services we link to. Those sites operate under their own privacy policies and we encourage you to read them.

2. The short version

We collect the data we need to deliver the product — your account identity, the brand assets and content you upload, the geographies you ask the storm module to monitor, the alerts and notifications we send you, the leads and campaigns you create, the audit trail of your privileged actions, and a normal amount of server logs.

We do not sell your data. We do not use it to train AI models. We do not share it with advertising networks. We do not embed third-party advertising trackers on the application surface.

You can download a complete export of everything we know about you from /account/privacy/export. You can schedule deletion of your account from /account/privacy with a 30-day cancel window. You can also request deletion at any time by emailing team@harness10.com.

When the storm-intelligence module uses public social-media posts as a signal, we treat the post as a signal, never as content. The original post text is never republished anywhere customer-visible — only the existence of the signal at a particular latitude/longitude and time.

The longer version of all of that follows.

3. Information we collect

3.1 Information you give us directly

Account information. When you sign up we collect your name, email address, password (stored as a salted bcrypt hash; we never see the plaintext), company name, and optional phone number. The phone number is required only if you opt in to SMS alerts or voice-escalation.

Profile information. Anything you add to your profile (photo, title, time zone, alert preferences) is collected when you add it.

Brand and marketing assets you upload to Harness Hub. Logos, color systems, photos, video clips, customer reviews, technician headshots, seasonal offer copy, draft articles, campaign briefs, and any other file you place in your workspace. These are stored with role-aware access controls and are visible only to your team and to the assigned Harness account team.

Monitor zones (storm-intelligence module). The polygons and labels you draw or import defining the geographies you want to be alerted about. Polygons are stored as PostGIS geometries; we use them only to determine whether a hail or severe-weather event intersects an area you have asked us to monitor.

Leads, notes, and appointments (storm-intelligence module). Every lead row, status change, note, and appointment you create. These are tied to your member ID and your team and are visible only to teammates with the appropriate role.

Field-notes photos (storm-intelligence module). Photos you upload during a canvass or inspection. Stored on Vercel Blob with a randomly suffixed pathname known only to your team. We do not share these with adjusters or insurers without your explicit per-share consent.

Payment information. Handled by Stripe. We never receive or store your raw card number. Stripe sends us a customer ID, the last four digits, the card brand, and the expiry date for display purposes only.

Communications with us. Emails, support tickets, and chat messages you send us. We retain these for the life of the account plus seven years for legal and tax compliance reasons.

3.2 Information we generate about your usage

Audit log. Every privileged action you take (sign-in, role change, share-link creation, export download, member removal, monitor-zone edit, asset deletion, integration connect/disconnect) is recorded in an append-only audit_log table with the timestamp, your member ID, your IP address, your user-agent, and the before/after values where applicable. We use this log for security investigations, compliance evidence, and incident review.

Server logs. Standard web-server logs — IP address, user-agent, HTTP method, path, status code, latency, and a unique request ID. Retained 90 days.

Push-notification tokens. The device-specific token you grant us when you allow notifications. Used only to deliver alerts; deleted when the device is unregistered.

Crew-tracking location (storm-intelligence module, opt-in). If your administrator has enabled crew tracking and you opt in, the mobile app sends your latitude and longitude periodically (default: every 5 minutes while on shift). This is used to compute drive-time isochrones and to identify which crew member is closest to a new lead. Raw points older than 24 hours are dropped; only aggregate distance-traveled and zone-time metrics persist. Crew tracking is foreground-only — we never request continuous background-location permission.

Photo damage-analysis output (storm-intelligence module). When you upload a photo for damage analysis, we send the photo to Claude (Anthropic) via the Vercel AI Gateway, receive a JSON assessment back, and store the JSON alongside the photo. The photo and assessment are visible only to your team. The assessment is decision-support and is never used to bind insurance.

AI assistant transcripts. Your conversation history with the in-app AI assistants (the Hub creative assistant and the storm-intelligence query assistant) is retained for 90 days so you can return to past conversations. We do not use these transcripts to train models.

Cost ledger. For each LLM call made on your behalf, we record the model, the token counts, the latency, and the USD cost so the budget rails work and so you can see your spend.

3.3 Information from third-party services we ingest

The Harness Hub marketing modules can pull connected-account data from services you authorize — Google Business Profile, Google Search Console, Meta (Facebook Page Insights, Instagram Business Insights), TikTok, LinkedIn, your CRM (AccuLynx, JobNimbus, ServiceTitan), and your call-tracking provider. We pull only the scopes necessary for the feature you have enabled, and we never request read scopes broader than the displayed permission prompt.

The storm-intelligence module is built on top of public weather data. The following sources do not contribute personal information about you to our database:

  • NOAA / National Weather Service (alerts, warnings, Local Storm Reports);
  • NEXRAD radar (via NOAA MRMS MESH);
  • GOES-19 satellite (lightning and infrared imagery);
  • Storm Prediction Center outlooks;
  • NCEI Storm Events database (post-event ground truth);
  • CoCoRaHS hail-pad volunteer reports;
  • mPING crowdsourced reports;
  • Oklahoma Mesonet surface stations.

The module also ingests public social-media posts for storm signals from X, Meta (Facebook public Pages and Instagram public hashtags), curated weather/news pages, and dedicated storm-spotter feeds. See section 4.4 for our posture on social-media data — this is the section most relevant to Meta's Platform Policies and Facebook Login privacy disclosures.

3.4 Information from cookies and similar technologies

We use a minimal set of cookies:

  • sb-<project>-auth-token — Supabase Auth session cookie. Required for sign-in. Lifetime: 7 days, refreshed on each request.
  • hh_slack_oauth_state — short-lived (10-minute) signed cookie used to protect the Slack OAuth handshake against CSRF.
  • hh_meta_oauth_state — same purpose for the Meta (Facebook / Instagram) Login handshake.
  • hh_acculynx_oauth_state — same purpose for AccuLynx.
  • hh_consent — your cookie-consent choice, where applicable in your jurisdiction.

We do not use third-party advertising or behavioral-analytics cookies on the application surface (hub.harness10.com and the storm-intelligence module). The marketing surface (harness10.com) uses PostHog for product analytics and Sentry for error reporting. PostHog respects Do-Not-Track and Global Privacy Control signals; we never sell PostHog data and we do not fingerprint visitors.

3.5 Information we do not collect

  • We do not request your social-security number, driver's license, or tax identifier.
  • We do not access your contacts, calendar, or other apps on your device.
  • We do not require microphone or camera permissions outside the on-tap field photo and asset-upload flows.
  • We do not request continuous background-location permission. Crew tracking is foreground-only and opt-in.
  • We do not request friends-list or follower-graph data from Meta or X. Our social ingest reads public posts only.

4. How we use your information

4.1 To deliver the product

  • Authenticate you and keep you signed in;
  • Render the Hub asset library, content draft queues, comment threads, and approval workflow;
  • Generate direct-mail, social, and website creative against your brand kit (with you, or your account team, in the loop);
  • Compute which hail and severe-weather events intersect your monitor zones;
  • Deliver alerts on the channels you have configured (push, SMS, voice escalation, email, team chat);
  • Render the storm map, dashboard, leads kanban, and adjuster-ready reports;
  • Generate AI-assisted alert copy, event narratives, and photo assessments;
  • Process payments and apply discount or partner-organization promo codes.

4.2 To keep the product safe and reliable

  • Detect and respond to abuse, fraud, and security incidents;
  • Investigate bugs and outages;
  • Maintain the audit log;
  • Apply rate limits and anomaly detection (for both API abuse and unusual agent behaviour in the storm-intelligence module).

4.3 To improve the product

  • Anonymised, aggregated usage statistics — counts of events, alert-delivery latency, push-acknowledgement rate, asset-throughput metrics;
  • Performance metrics on the detection pipeline (precision and recall against NCEI ground truth);
  • Backtests of past automated decisions to evaluate prompt changes.

We do not use your personal information to train AI models. The LLMs we call (the Claude family from Anthropic, via the Vercel AI Gateway) receive only the specific inputs needed for the task at hand, and the provider's zero-retention terms apply to those calls.

4.4 Social-media signal posture (read this part)

The Harness Hub storm-intelligence module ingests public posts from Meta (Facebook public Pages and public Instagram hashtag streams) and from X to help identify potential storm signals. This is the section that most directly satisfies our Meta Platform Policy and Facebook Login privacy obligations. Our posture is deliberate and constrained:

  • Public data only. We do not log in as you, we do not read your private inbox or friends list, and we do not request any scope beyond public content access. The Meta Graph API tokens we hold belong to Harness as a developer, not to individual end-users.
  • Signals, not content. When a public post matches our hail hashtag set (for example #okwx, #hail) or other curated severe-weather pattern, we extract a structured signal — latitude and longitude where available, approximate hail size if mentioned, timestamp, and source platform — and store it as a SOCIAL_HAIL_REPORT row. The original post text is never republished in any customer-visible surface (storm map, event detail page, PDF report, public share link, or otherwise).
  • Counts, not citations. Our fusion engine cites the count of social signals at a location, never the post text or the author handle.
  • Hashed credibility cache. Our LLM credibility check for ambiguous posts uses a SHA-256 hash of the post text as the cache key, not the text itself. The cache expires every 7 days.
  • Admin-only archive. The internal social_posts table is visible only to Harness staff with the ADMIN role, and only for the purpose of tuning hashtag lists and credibility thresholds. It is not exported, not shared with customers, and not surfaced to ordinary users.
  • Brigade and bot detection. We run brigade-detection across sources. If a cluster of posts looks brigaded or bot-driven, the brigaded portion is silently down-weighted in the fusion engine; non-brigaded evidence still counts.
  • Deletion on request — for authors of ingested posts. If you are the author of a public Facebook, Instagram, or X post we ingested and you would like the underlying signal row deleted, email team@harness10.com with the platform URL of the post. We will delete the row within 30 days and confirm in writing. You do not need a Harness Hub account to make this request.
  • Honoring platform-side deletion. When a platform's API indicates that a post has been deleted or made non-public, we drop the corresponding signal row on next ingest sweep (within 24 hours).

We process your data as needed to comply with applicable laws, court orders, and lawful requests from regulators. We will resist overbroad requests and challenge gag orders where appropriate.

5. How we share your information

5.1 With your team

Information you create in Harness Hub — assets, drafts, comments, monitor zones, leads, notes, photos, audit entries — is visible to other members of your team according to the role-based permissions configured by your team owner (OWNER, ADMIN, EDITOR/CANVASSER, VIEWER).

5.2 With your assigned Harness account team

Harness Hub is a co-managed product. Members of your assigned Harness account team (strategist, content lead, creative, account manager) have working access to your Hub workspace so they can ship marketing alongside you. They are bound by confidentiality and by the same role-based permissions; their activity appears in your audit log just like any internal user's.

5.3 With adjusters via share links

The storm-intelligence module lets you generate revocable share links to give a third party (an insurance adjuster, a homeowner, a partner contractor) read-only access to a specific event's evidence trail. The link contains a signed 32-byte token; you control who has it. Share links can be revoked at any time. Parcel addresses are included only if you explicitly opt in at the time of sharing; homeowner names are excluded by default.

5.4 With third-party processors

We rely on a small set of third-party processors. Each is contractually bound to use your data only to provide their service to us:

ProcessorPurposeData shared
SupabaseDatabase + AuthAll application data
VercelWeb hosting, AI GatewayServer logs, request payloads, LLM prompts
AnthropicLLM provider (via Vercel AI Gateway)Specific LLM call inputs, under zero-retention terms
StripePaymentsBilling identifiers; card data never reaches us
TwilioSMS + Voice escalationPhone number, message body
SendGridTransactional emailEmail address, message body
Firebase Cloud Messaging / Expo PushPush notificationsDevice token, notification payload
Vercel BlobAsset and photo storageUploaded files, content type
OpenRouteServiceDrive-time isochronesAnonymised lat/lon; no member identifier
Meta (Graph API)Social-signal ingest (public posts only); Page Insights for connected accountsOutbound: nothing about you. Inbound: public-post metadata, plus the connected-account scopes you authorized.
X (Twitter v2 API)Social-signal ingest (public posts only)Same as Meta
Google (Business Profile, Search Console)Local-visibility reporting and content publishingThe scopes you authorize during OAuth
AccuLynx, JobNimbus, ServiceTitanCRM sync (lead push, status pull-back)The scopes you authorize during OAuth
SentryError reportingStack traces with redacted PII
PostHogProduct analytics (marketing site)Anonymised page-view events

5.5 With named partner organizations

For the storm-intelligence module, our launch partner is the Oklahoma Roofing Contractors Association (ORCA). ORCA leadership has read-only access to aggregated detection-performance metrics (precision, recall, time-to-alert) for the purpose of validating the pipeline. ORCA leadership does not have access to individual contractor lead lists, monitor zones, canvassing routes, member contact info, asset libraries, or any other competitive or operational information. Any future partner-organization arrangement of the same kind will be disclosed here with the same constraints.

5.6 With law enforcement

We share information with law enforcement only in response to properly served legal process. We log every such request, publish a yearly transparency report, and notify the affected user unless prohibited by law.

5.7 With acquirers

If Harness Digital Solutions is acquired, merged, or files for bankruptcy, your data may transfer to the successor entity. We will give 30 days' written notice via email and an in-app banner before any such transfer, and the successor must honor this Privacy Policy or provide you a clean-export-and-delete option.

5.8 What we do not do

We do not sell your data. We do not share it with advertising networks. We do not embed third-party advertising trackers on the application surface. We do not use your data to train AI models.

6. Your rights and how to exercise them

You have the following rights, regardless of where you are located:

  • Access — view everything we know about you via /account/privacy/export;
  • Correction — edit your profile, monitor zones, leads, uploaded assets, and alert preferences directly in-app;
  • Deletion — schedule account deletion at /account/privacy (30-day cancel window; after that the account is unrecoverable). You can also email team@harness10.com for an immediate request;
  • Export — download a JSON archive of your data at /account/privacy/export;
  • Restrict processing — disable specific channels (SMS, push, voice, email) individually in /settings;
  • Opt out of AI features — set your account preference at /account/privacy to disable LLM-generated alert copy, generative creative suggestions, photo damage analysis, and AI-assistant suggestions;
  • Withdraw consent — for any consent-based processing, withdraw consent in the corresponding setting page.

If you are the author of a public social-media post we ingested as a weather signal and you would like the underlying row deleted, email team@harness10.com with the platform URL of the post. You do not need a Harness Hub account to make this request. We will delete the row within 30 days.

If you are in the European Union, the United Kingdom, or another GDPR-equivalent jurisdiction, you additionally have the right to lodge a complaint with your local data-protection authority. Our EU representative is reachable at team@harness10.com.

If you are in California, you additionally have the right not to be discriminated against for exercising your CCPA rights. We do not sell personal information as defined by the CCPA.

To exercise any right, email team@harness10.com. We respond within 30 days; for complex requests we may take an additional 60 days and will tell you so within the first 30.

7. Data retention

DataRetention
Account profileLife of account
Hub assets, drafts, comments, approval historyLife of account
Monitor zones, leads, notes, field photosLife of account
Hail events and evidence trailIndefinite (legal-evidence per partner-organization scope of work)
Audit logIndefinite (legal-evidence)
Alert delivery recordsIndefinite (legal-evidence)
Server logs90 days
AI assistant conversation history90 days
Crew-tracking raw GPS points24 hours
Crew-tracking aggregate metricsLife of account
Push tokensUntil device unregistered
Sentry error reports30 days
PostHog page-view events (marketing site)1 year
Social-media signal rows (counts only)90 days
LLM cost ledger13 months (monthly billing reconciliation)
Stripe billing dataAs required by tax law in your jurisdiction (typically 7 years)

After account deletion, the records flagged "legal-evidence" above are retained in an isolated, read-only state. They are inaccessible to your team, to partner organizations, and to ordinary Harness staff; access requires a dual-auth security-incident workflow that itself logs to the audit table.

8. Security measures

We align with widely accepted industry standards. Specifically:

  • All connections to Harness Hub use TLS 1.2 or better;
  • Passwords are stored as salted bcrypt hashes;
  • Service-role database credentials are never exposed to the browser; only the limited public anon key ships to the client;
  • Cron and webhook endpoints require shared secrets and are unreachable without them;
  • Admin routes are guarded server-side by a requireAdmin check that itself logs every call;
  • LLM calls go through the Vercel AI Gateway, which holds the provider keys; the application never has direct provider keys;
  • Asset and photo storage paths include a random suffix, so URLs are unguessable;
  • Public share links use 32-byte signed tokens;
  • Outbound webhook payloads are HMAC-signed so receivers can verify authenticity;
  • We run static analysis (TypeScript strict, ESLint, Prettier), dependency scanning, and pre-commit secret detection;
  • We maintain an incident-response playbook and rehearse it quarterly;
  • Backups are taken every six hours and retained for 35 days; the most recent 24 hours is hot-restorable in under 10 minutes.

No security measure is perfect. If you discover a vulnerability, please report it responsibly to team@harness10.com. We commit to acknowledging your report within two business days and to a no-retaliation policy for good-faith disclosure.

9. International data transfers

Harness Hub is hosted in the United States (Vercel region iad1, Supabase region us-east-1). If you access the product from outside the United States, your data is transferred to the United States.

For transfers from the European Union, the United Kingdom, and Switzerland, we rely on the European Commission's Standard Contractual Clauses (2021/914) and the UK International Data Transfer Addendum.

10. Children's privacy

Harness Hub is a B2B product intended for use by adult marketing and home-services professionals. It is not directed at children under 18 and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please email team@harness10.com and we will delete it.

11. Automated decision-making

The storm-intelligence module's autonomous detection agent makes automated decisions about whether a candidate hail event is real (PROMOTE / WAIT / DISMISS / HUMAN_REVIEW) and how alerts should be prioritized, channeled, and worded for each recipient. These decisions have meaningful operational consequences for our roofing-contractor customers but are not made about you as an individual — they are made about storms and about how to deliver alerts to operators who asked to be alerted.

The Hub marketing modules also use automated systems to draft direct-mail, social, article, and email creative. These drafts are always reviewable and editable by your team and your Harness account team before they ship. Nothing generated by an automated system reaches a homeowner, ZIP-code mailing list, or social audience without a human approval step.

You always have the right to:

  • See exactly which decision was made and why — every storm-module decision has a full reasoning trace at /admin/agent/<decision-id> for your team owner;
  • Request a human review of any decision that affected you;
  • Disable LLM-tuned alert copy in your preferences (alerts will then use a deterministic template);
  • See the full prompt and model version used for each decision.

The storm-intelligence agent's autonomy mode defaults to SUGGEST_ONLY on a new deployment, meaning the agent records what it would do but never enacts it without a human in the loop. The team manager can dial autonomy up as trust is established; the kill switch reverts to SUGGEST_ONLY in one click.

12. Marketing communications

We use your email to send you:

  • Transactional messages required to deliver the product (alert digests, monthly summaries, security notices, billing receipts). These cannot be opted out of without deleting your account.
  • Product updates — release notes, new features, scheduled maintenance. You can opt out in /settings → Email preferences.
  • Marketing — case studies, webinar invitations, conference meetups. Opt-in only at sign-up; opt-out at any time.

For SMS, we only send transactional alerts you have configured; there is no marketing SMS. Reply STOP to any SMS to opt out permanently; reply HELP for assistance.

13. Changes to this policy

We may update this policy as the product evolves. If we make material changes — adding a new data category we collect, adding a new processor, changing how a category is shared — we will:

  1. Update the Effective date at the top of this document;
  2. Send you an email at the address on file;
  3. Show an in-app banner for 14 days;
  4. Where required by law, request your renewed consent before the change takes effect for you.

14. Contact

For privacy questions, complaints, or rights requests:

For data-protection authority complaints:

  • EU / EEA: your local supervisory authority;
  • UK: Information Commissioner's Office (ico.org.uk);
  • California: California Privacy Protection Agency (cppa.ca.gov).

This Privacy Policy is provided for transparency and to satisfy applicable disclosure requirements, including those imposed by Meta's Platform Terms, Facebook Login, and Instagram Graph API for the storm-intelligence module's public-post ingest. It is not a substitute for legal advice. If you have a specific concern about how a piece of data is handled, please contact us — we read every privacy email.