Data Processing Addendum

Harbor can provide a project-specific Data Processing Addendum for managed pilots and production deployments that require one. The public site should not imply that every visitor automatically receives a pre-signed DPA or a finished enterprise privacy package.

A DPA applies only when Harbor and the customer execute it through an order form, MSA, or other written agreement. Until then, this page is informational only.

Today Harbor has a protected operator console, restricted internal APIs, provider transport security, call logging, and manual operator review. Do not assume SOC 2, HIPAA, PCI, blanket residency, or audit-report availability unless those controls are explicitly committed in writing.

The vendor stack used for a given deployment depends on the chosen voice provider, hosting path, and integrations. The subprocessor page is a working reference for demos and pilots, not a universal contractual schedule.

Breach notification timelines, audit rights, and privacy assistance obligations should be negotiated in the signed commercial paperwork for the relevant deployment. Harbor should not imply fixed enterprise timelines on the public site before those terms exist.

For DPA requests tied to a real pilot or customer deployment, contact legal@harbor.ai.