Privacy Policy

Effective date: March 2026 · Last updated: March 2026

1. Who we are

Harbourapp.com.au. References to "Harbour", "we", "us", or "our" refer to this operator.

Harbour provides general information only and is not a licensed financial services provider (AFSL).

Contact for privacy matters:

Email: privacy@harbourapp.com.au
Website: harbourapp.com.au

2. What information we collect

We collect the following personal information when you use Harbour:

  • Account information: email and password (securely stored via Supabase Auth)
  • Forecast inputs: name, age, super balance, salary, retirement age, annual spending
  • Forecast outputs: results of retirement projections saved to your account
  • Usage data: standard server logs (IP address, browser type, pages visited)

We do not collect sensitive identifiers such as TFN, Medicare number, Centrelink numbers, or bank account details.

3. How we use your information

We use your information to:

  • Create and manage accounts
  • Run retirement forecasts based on your inputs
  • Save and display your forecasts
  • Send transactional emails (e.g., password reset)
  • Improve and maintain Harbour
  • Comply with legal obligations

We do not sell or use your data for advertising.

4. How we store and protect your information

  • Data is stored securely via Supabase (Singapore) and hosted on Vercel (USA)
  • Encryption in transit (TLS) and at rest; passwords hashed with bcrypt
  • Row-level security ensures you can only access your own forecasts

Data breach: If a data breach likely to cause serious harm occurs, we will notify affected users and the OAIC as required under the Notifiable Data Breaches scheme.

5. Who we share your information with

We share data only with:

  • Supabase — database & auth (Singapore)
  • Vercel — hosting (USA)
  • Resend — transactional email (USA)

No other third parties are used for analytics, advertising, or data sales.

6. Overseas disclosure

By using Harbour, you acknowledge that some data will be stored overseas. We take reasonable steps to ensure these providers comply with the Australian Privacy Principles.

7. Cookies

  • Session cookies are required to keep you signed in
  • No advertising or tracking cookies are used

8. Your rights

Under the Privacy Act 1988, you may:

  • Access your personal information
  • Request correction of inaccurate data
  • Delete your account and all associated forecasts
  • Make a privacy complaint

Account deletion removes data within 30 days. Server logs are retained up to 90 days for security and debugging purposes.

9. Children's privacy

Harbour is intended for adults aged 25 and over. We do not knowingly collect data from anyone under 18. If we become aware of such data, we will delete it promptly.

10. Changes to this policy

Updates will revise the effective date. Material changes will be notified via email or in-app notice. Continued use of Harbour constitutes acceptance of the updated policy.

11. Complaints

Contact us first at privacy@harbourapp.com.au.

If unsatisfied, complaints may be lodged with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.