Legal
Privacy Policy
Last updated: June 9, 2026
We take your privacy seriously. This policy explains what we collect, how we use it, and how we protect your information when you use HarborDesk.
Information we collect
HarborDesk is available at harbordeskapp.com. We collect only what we need to run your workspace:
- Account information — name, email address, and authentication credentials provided through secure OAuth sign-in.
- Email and communication data — when you connect Gmail or Outlook, we access and synchronize your mailbox through the Gmail API and Microsoft Graph. We cache metadata (such as sender, snippet, timestamps, and routing headers) needed to display conversations in your dashboard.
- Instagram and Messenger data — when you connect Instagram or Facebook Messenger, we receive and store direct messages, sender identifiers, timestamps, and OAuth tokens needed to send replies on your behalf. We do not access your Instagram feed, stories, or unrelated Facebook profile data. This data is collected and processed only for the purpose of enabling messaging functionality within the HarborDesk inbox. We do not use Meta user messages for analytics training, profiling, or advertising purposes.
- Billing information — payments are processed by Stripe. We do not store full credit card numbers on our servers.
How we use your data
We use collected data only to operate and improve HarborDesk:
- Authenticate your account and secure access.
- Group, display, and manage client email conversations.
- Display and reply to Instagram and Messenger direct messages in your client workspace.
- Apply subscription and billing tier logic.
We do not sell, rent, or trade your email content, metadata, or personal information to advertising networks or data brokers.
We process messages received through Meta platforms solely to enable customer communication between businesses and their end users. Messages are not used for profiling, advertising, or unrelated data processing.
Data security and protection mechanisms
Security procedures are in place to protect the confidentiality of your data. We use encryption to protect your information both in transit and at rest:
- Encryption in Transit: All data transmitted between HarborDesk, our users, and external application APIs (such as the Gmail API) is strictly encrypted using industry-standard Transport Layer Security (TLS 1.2 or higher) and secure HTTPS protocols.
- Encryption at Rest: We use encryption to protect your information while stored on our servers. Any cached email content, connection tokens, metadata, or application data stored within our databases is completely encrypted at rest using advanced cryptographic standards (AES-256 encryption).
- Access Controls: Internal security procedures restrict data access to authorized systems and automated synchronization workflows, protecting your data from unauthorized exposure.
Data retention and deletion
You own your data.
If you disconnect an email account or delete your HarborDesk profile, associated cached messages and application state are removed from our systems in line with your account actions and our deletion workflows.
If you remove HarborDesk from your Instagram or Facebook account, Meta notifies us automatically. We delete your connected Instagram and Messenger data (messages, conversations, and OAuth tokens) from HarborDesk. You can check the status of a Meta-initiated deletion request at harbordeskapp.com/meta/data-deletion using the confirmation code Meta provides. You can also email support@harbordeskapp.com to request removal of your Meta-related data at any time.
Meta messaging data is retained only as long as necessary to provide messaging and customer support functionality to the connected business. Users may permanently delete all Meta-related messaging data at any time by disconnecting their account or requesting deletion.
Instagram and Messenger (Meta)
HarborDesk uses Meta's Instagram and Facebook APIs to connect your business accounts and manage direct messages. We request only the permissions needed for messaging and account connection.
- We store OAuth tokens securely (encrypted at rest) to maintain your connection and send replies you initiate.
- We cache direct message content and metadata to display conversations in your dashboard.
- We do not sell Meta user data or use it for advertising.
To disconnect, remove HarborDesk from your Instagram or Facebook account settings, or disconnect the channel in HarborDesk Settings. Meta may also send us a data-deletion request on your behalf when you remove the app.
We support human agent-assisted messaging workflows, where responses initiated by a user within HarborDesk may be tagged appropriately using Meta's messaging types (including human agent tagging where permitted by Meta policies). These tags are applied strictly according to Meta's platform rules and messaging window limitations.
Meta Platform Compliance
HarborDesk uses Meta's Messenger Platform and Instagram Messaging API in accordance with Meta Platform Terms and Developer Policies. Our application is designed to comply with Meta's messaging rules, including the 24-hour messaging window and permitted messaging tags such as HUMAN_AGENT when applicable.
All messages sent or received through Instagram Direct Messages and Facebook Messenger are processed in compliance with Meta's platform requirements and are only used to provide inbox and customer support functionality initiated by the connected business.
Google API Services User Data Policy
HarborDesk's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including Limited Use requirements.
- No routine human reading — we do not allow human review of raw Google user data unless you give explicit consent for specific messages, it is necessary for security (such as abuse investigation), required by law, or needed for internal operations on aggregated and anonymized data.
- No AI training — Google API user data is not sold, transferred, or used to train generalized artificial intelligence or machine learning models.
Contact us
Questions about this policy or a data removal request? Email support@harbordeskapp.com.