Harbor

Privacy Policy

Last updated: February 6, 2026

1. Overview

Harbor (“we,” “us,” or “our”) is a private publishing platform designed for children to create and share content with a parent-approved audience. We are committed to protecting the privacy of all our users, especially children. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

2. Children's Privacy (COPPA Compliance)

Harbor is designed to comply with the Children's Online Privacy Protection Act (COPPA). We take the following measures to protect children's privacy:

  • Parental consent required. Children do not create their own accounts. A parent or guardian creates and manages the account on the child's behalf. By setting up a child's publication, the parent provides verifiable consent for the limited collection of their child's information.
  • Minimal data collection from children. We collect only what is necessary to provide the Service: the child's display name (which can be a nickname or pseudonym), and the content they create (text, audio, images). We do not collect email addresses, phone numbers, or other direct identifiers from children.
  • Parent controls everything. Parents control who can see their child's content, moderate all comments, approve all followers, and can review or delete any content at any time.
  • No advertising or tracking of children. We do not serve ads to children, do not build behavioral profiles of children, and do not share children's data with third-party advertisers.
  • Right to review and delete. Parents can review all information collected about their child and request deletion at any time by contacting us or deleting the publication from their dashboard.

3. Information We Collect

From Parents and Followers (adults)

  • Account information: Email address, name, and authentication data (managed via Clerk, our authentication provider)
  • Publication settings: Publication name, description, and configuration preferences
  • Usage data: Basic analytics such as pages visited and features used, collected to improve the Service

From Child Creators (via their parent's account)

  • Display name: A name or nickname chosen by the parent for display purposes
  • Date of birth: Used only to determine age-appropriate features; stored securely and not shared
  • Content: Text posts, audio recordings, and images created by the child
  • Avatar image: An optional profile photo uploaded by the parent

Automatically collected

  • Device and browser information: Browser type, operating system, and screen resolution
  • Log data: IP address, access times, and referring URLs
  • Cookies: Essential cookies for authentication and session management only

4. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate users and manage accounts
  • Display content to approved followers
  • Send notifications to parents about pending reviews, new comments, and follower requests (via email)
  • Enforce our Terms of Service
  • Respond to support requests

We do not use personal information for advertising, and we do not sell personal information to third parties.

5. How We Share Information

We share personal information only in the following limited circumstances:

  • With approved followers: Content created by child creators is shared only with followers who have been explicitly approved by the parent.
  • Service providers: We use trusted third-party services to operate Harbor, including:
    • Clerk (authentication)
    • Supabase (database hosting)
    • Cloudflare R2 (media file storage)
    • Vercel (application hosting)
    • Resend (email notifications)
    These providers process data only as necessary to provide their services and are bound by their own privacy policies.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or government request.

6. Data Storage and Security

We take reasonable measures to protect personal information from unauthorized access, alteration, or destruction. Content and data are stored using industry-standard cloud infrastructure with encryption in transit and at rest.

Audio recordings and images are stored in private cloud storage (Cloudflare R2) and are only accessible via time-limited signed URLs generated for authenticated, authorized users.

7. Data Retention

We retain personal information for as long as your account is active or as needed to provide the Service. When a parent deletes a publication or account, we will delete associated content and personal information within a reasonable timeframe, unless we are required to retain it for legal obligations.

8. Your Rights

You have the right to:

  • Access the personal information we hold about you or your child
  • Correct inaccurate personal information
  • Delete your account and associated data
  • Withdraw consent for your child's data collection at any time
  • Export your content (contact us for assistance)

To exercise any of these rights, please contact us at hello@onharbor.app.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the “Last updated” date. For changes that affect how we handle children's information, we will provide notice to parents and obtain any additional consent required by law.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, especially regarding children's data, please contact us at:

hello@onharbor.app