This Privacy Policy explains how JAMDIT Limited (trading as Harborne AI) (“we”, “us”, “our”) handles personal data. We are registered with the UK Information Commissioner’s Office (ICO) under reference ZC182609. It is written to comply with the UK GDPR and the Data Protection Act 2018.
1. Controller and processor roles
When we handle data about our own account holders, website visitors and prospects (for example your name, login and billing details), we act as a data controller.
When you use the Service to communicate with your own customers, we handle that data (call and voicemail recordings, transcripts, chat messages and contact records) as a data processor acting on your instructions. In that case you are the controller and our Data Processing Agreement governs how we process it on your behalf. This Policy mainly covers the data for which we are the controller.
2. Personal data we collect
Data you give us
- Account & profile: business name, your name, email, phone number and password.
- Billing: plan, billing contact and transaction records. Card details are handled by our payment processor; we do not store full card numbers.
- Configuration & content: knowledge-base content, agent settings and anything you submit to support.
Data we collect automatically
- Usage & device data: log data, IP address, browser/device type, pages viewed and actions taken, used to run, secure and improve the Service.
- Cookies & similar technologies: see our Cookie Policy and the consent banner shown on first visit.
Data from third parties
- Information from our payment, telephony, messaging and analytics providers needed to deliver the Service.
3. How and why we use personal data (lawful bases)
| Purpose | Lawful basis (UK GDPR Article 6) |
|---|---|
| Creating your account and providing the Service | Performance of a contract |
| Taking payment and keeping financial records | Contract; legal obligation |
| Securing the Service, preventing fraud and abuse | Legitimate interests |
| Improving and developing features | Legitimate interests |
| Service emails (e.g. confirmations, security notices) | Contract; legitimate interests |
| Marketing emails to you about our products | Consent or legitimate interests (you can opt out anytime) |
| Meeting legal and regulatory obligations | Legal obligation |
4. AI processing
To generate responses, content you and your customers submit may be sent to third-party AI model providers that process it on our behalf under contract. We do not permit those providers to use your or your customers’ content to train their general models, and we select providers that offer this protection. AI output can be inaccurate, so human oversight remains important - see our Terms of Service.
5. Who we share data with
We share personal data only as needed, with:
- Service providers (processors): hosting, telephony/SMS, AI model, email delivery, analytics and payment providers, under contracts that require appropriate safeguards.
- Professional advisers and authorities: where required by law, regulation or to establish, exercise or defend legal claims.
- Business transfers: if we reorganise, merge or sell the business, subject to this Policy.
We do not sell your personal data.
6. International transfers
Some providers are located outside the UK. Where we transfer personal data internationally, we rely on UK ‘adequacy’ regulations, the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with appropriate additional safeguards.
7. How long we keep data
- Account & billing records: the life of your account, then up to 7 years for tax and accounting records.
- Conversations, recordings & contacts: up to 24 months after creation, or until you or your customer asks us to delete them.
- Operational logs: up to 90 days.
We delete or anonymise personal data when it is no longer needed for the purposes above, unless a longer period is required by law.
8. Your rights
Under the UK GDPR you have the right to: access your data; have it corrected; have it erased; restrict or object to processing; data portability; and to withdraw consent at any time where we rely on consent. Where decisions are automated and produce legal or similarly significant effects, you have rights in relation to that too.
Account holders can exercise the most common rights themselves, without waiting on us: from Settings → Privacy & data you can download a copy of your data at any time and request deletion of your account (we process this after a short grace period during which you can cancel). For anything else, or to exercise your rights another way, email privacy@harborne.ai. We respond within one month. If your request concerns data we process on behalf of one of our business customers (the controller), we will direct you to, or assist, that customer.
9. Security
We use appropriate technical and organisational measures to protect personal data, including encryption in transit and at rest, account isolation, optional two-factor authentication, access controls and least-privilege administration, and an audit trail of sensitive account actions. See our Security page for detail. No system is completely secure, so we cannot guarantee absolute security. We will notify the ICO and affected individuals of a personal data breach where required by law.
10. Age Restriction (18+)
The Service is intended for businesses and is restricted to individuals aged 18 or over. It is not directed at anyone under the age of 18, and we do not knowingly collect personal data from minors. By using the Service, you confirm that you are at least 18 years old. If you believe we have inadvertently collected personal data from someone under 18, please contact us and we will delete it promptly.
11. Changes to this Policy
We may update this Policy from time to time. We will post the updated version here and, for material changes, give you reasonable notice.
12. Contact us and the right to complain
For privacy questions or to reach our data protection contact, email dpo@harborne.ai or write to JAMDIT Limited, Kemp House, 152-160 City Road, London EC1V 2NX, United Kingdom.
If you are unhappy with how we handle your data, you can complain to the ICO at ico.org.uk or by calling 0303 123 1113. We’d appreciate the chance to address your concerns first.