How we collect, use, store, and protect your financial data, documents, and personal information.
HaraPro is operated by HaraPro Consulting & Investments LLC, a Florida limited liability company headquartered in Miami, FL ("HaraPro," "we," "us"). This Privacy Policy explains how we collect, use, store, share, and protect personal information when you use HaraPro's web app, mobile experiences, or related services (the "Service").
We use your information to:
For users in the European Economic Area, we process personal data on the following legal bases:
We do not sell your personal information. We share data only with:
| Recipient | Purpose |
|---|---|
| Plaid | Bank account connections and transaction sync |
| Stripe | Subscription billing and payment processing |
| Firebase / Google Cloud | Authentication, database, file storage, hosting |
| OpenAI / Anthropic | AI processing (transaction classification, estate extraction). Data is processed under enterprise no-training agreements; your data is not used to train AI models |
| SendGrid / Postmark | Transactional email delivery |
| Legal authorities | Only when required by law (subpoena, court order, regulatory request) |
For Partner-tier customers, your data may be visible to your authorized firm administrators (your CPA, advisor, or family office). You control this access through user role settings.
Documents you upload to the File Vault are encrypted at rest with AES-256 and stored in tenant-isolated cloud storage. Every document version is preserved with full version history. We do not access your documents except as needed to deliver the Service (AI extraction on documents you explicitly process, generating signed download URLs at your request).
You can download or delete any document at any time. Account-wide deletion permanently removes every document within 30 days.
We retain your data while your account is active. Upon account deletion:
You have the right to:
To exercise any of these rights, email privacy@harapro.com. We will respond within 30 days.
We use enterprise-grade security including TLS 1.3 encryption in transit, AES-256 encryption at rest, tenant-isolated storage, multi-factor authentication options, full audit logging, and automatic vulnerability scanning. Our infrastructure runs on Google Cloud Platform and Firebase. SOC 2 Type II audit is in progress with expected completion in Q4 2026. See our full security posture →
HaraPro is hosted in the United States. By using the Service, you consent to the transfer and processing of your data in the U.S. For users in jurisdictions with data residency requirements, please contact us before signing up.
HaraPro is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact privacy@harapro.com and we will delete it.
California residents have the right to request disclosure of categories of personal information collected, the purposes for collection, and the categories of third parties with whom information is shared — all of which is disclosed above. California residents also have the right to opt out of the sale of personal information; HaraPro does not sell personal information.
We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-app notice at least 14 days before they take effect. The most current version will always be posted at this URL.
For privacy questions, requests, or complaints, contact privacy@harapro.com. For security disclosures, contact security@harapro.com. For legal matters, contact legal@harapro.com.