Your privacy matters

1.4 Data Retention

• Harborleaf retains personal data only as long as necessary for operational, legal, and regulatory purposes.
• Teen Account monitoring data is retained temporarily for safety enforcement and legal compliance.
• Deleted data may persist in backups for disaster recovery or as required by law (typically up to 90 days).
• Users can request access, correction, or deletion of their data under DPDP Act 2023.

1.5 Data Security

• Harborleaf implements strong security measures to protect user data:
• Encryption: TLS/HTTPS for data in transit, AES-256 for data at rest.
• Access Controls: Restricted access to authorized employees and partners.
• Monitoring & Incident Response: Continuous detection of unauthorized access, phishing, or breaches.
• Periodic Security Audits: Regular assessments of systems, applications, and third-party vendors.
• Account Protection Tools: Two-factor authentication in Phase 2, login alerts, and password management guidelines.

1.6 Cookies & Tracking

• Cookies improve platform performance, security, and personalization.
• Types of cookies:
• Essential Cookies: Required for app functionality.
• Performance Cookies: Track platform usage for optimization.
• Advertising Cookies: Serve personalized ads to adult accounts.
• Users can manage cookies via browser or app settings and opt-out of non-essential cookies.
• Teen Accounts do not receive targeted advertising.

1.7 Automated Decision-Making & Profiling

• Harborleaf uses AI and algorithms for:
• Content recommendations, feed ranking, and trend analysis.
• Detecting unsafe content, grooming, or CSAE/CSAM activity.
• Teen Accounts have stricter AI moderation and filtering.
• Users may request a review of automated decisions affecting account restrictions, content visibility, or recommendations.

1.8 User Rights

Data Deletion Requests: Users can request deletion of their data through the in-app "Privacy Settings" or via email at grievance@harborleaf.in. Upon verification, data deletion requests are honored within 15 working days, unless retention is required by law. For transparency, Harborleaf provides a public-facing data deletion form at www.harborleaf.in/privacy/delete (optional to implement later).

Users have the following rights:

• 1. Access your personal information.
• 2. Correct inaccurate or incomplete data.
• 3. Delete personal data, subject to legal retention requirements.
• 4. Restrict processing for specific purposes.
• 5. Withdraw consent for optional data use (marketing, cookies).
• 6. Data portability for applicable personal information.
• 7. Manage Teen Account parental controls (Phase 2), including privacy, messaging, and screen time.
• Requests can be submitted to: support@harborleaf.in

1.9 Cross-Border Data Transfer

• Data may be stored or processed outside India by trusted service providers.
• Transfers comply with Indian laws and ensure adequate data protection measures.
• Data is handled securely and used only for legitimate operational purposes.

1.10 Updates to Privacy Policy

Google Play Data Safety Compliance Summary: In accordance with Google Play's Data Safety requirements, Harborleaf transparently discloses how user data is collected, used, shared, and protected:

• Data Collected: Account info, content data, usage data, device info, and permissions-based data (e.g., location, camera).
• Purpose: Service functionality, personalization, safety monitoring, and analytics.
• Data Sharing: Only with trusted service providers or legal authorities under compliance.
• Security Measures: AES-256 encryption at rest, TLS/HTTPS in transit.
• User Rights: Access, correction, deletion, opt-out, and data portability.
• Storage: Encrypted AWS India servers.
• Transparency: Users can review the full policy via in-app "Data Safety" section.

Harborleaf updates this policy periodically to reflect new services, legal requirements, or security improvements. Material changes are communicated via in-app notifications, email, or website announcements. Continued use of Harborleaf constitutes acceptance of updated policies.

2. Cookie Policy

Harborleaf uses cookies and similar technologies to enhance your experience, ensure platform functionality, analyze usage, and provide personalized content and advertising where applicable. This policy explains the types of cookies we use, their purpose, and how users can manage them.

2.1 Types of Cookies

1. Essential Cookies

• These cookies are necessary for the core functionality of the Harborleaf platform.
• They enable users to log in, navigate the app, access secure areas, and maintain session integrity.
• Without these cookies, essential services such as account verification, login persistence, and in-app interactions may not function properly.
• Examples include session identifiers, authentication tokens, and security cookies.

2. Performance & Analytics Cookies

• These cookies help Harborleaf measure and analyze platform usage.
• They collect anonymous information about user behavior, such as pages visited, time spent on features, and interaction patterns.
• The data is used to:
• Optimize the app and website experience
• Monitor performance and detect errors or slowdowns
• Understand which features are most popular
• No personally identifiable information (PII) is stored for these purposes.

3. Advertising & Personalization Cookies

• These cookies are used to deliver relevant content, advertisements, and promotions based on user interests.
• They help Harborleaf and trusted partners display content tailored to user behavior, preferences, and interactions on the platform.
• Teen Accounts (Phase 2, ages 13–17) do not receive advertising cookies, and no targeted ads are applied to ensure compliance with youth protection standards.
• Examples include tracking preferences, retargeting cookies, and ad performance measurement tools.

4. Functional Cookies (Optional / Feature-Specific)

• Functional cookies may be used for optional features like:
• Language or theme preferences
• Saving in-app settings
• Enabling premium feature access and subscription management

2.2 Cookie Management

User Control:

• Harborleaf allows users to manage cookie preferences via browser settings, device settings, or in-app controls.
• Users can choose to accept, block, or delete cookies, though blocking certain cookies may limit functionality or affect the platform experience.

Consent:

• Harborleaf requires explicit consent for non-essential cookies, including analytics and advertising cookies.
• Consent is recorded and stored securely to ensure compliance with global privacy standards and the DPDP Act, 2023.

Third-Party Cookies:

• Harborleaf may use trusted third-party services for analytics, performance monitoring, or advertising purposes.
• Third-party cookies are subject to the third party's privacy and cookie policies.
• Users are encouraged to review these third-party policies when interacting with embedded services or external advertisements.

Retention & Expiry:

• Cookies may have varying lifespans:
• Session cookies expire when the user closes the app or browser.
• Persistent cookies remain for a set period, enabling features like saved preferences or recurring login.
• Harborleaf ensures cookie data is stored securely and only for the duration required to fulfill its purpose.

Updates to Cookie Policy:

• Harborleaf may update this Cookie Policy periodically to reflect changes in technology, legal requirements, or platform functionality.
• Users will be notified of material changes through app notifications.

3. Transparency Center Policy

Harborleaf is committed to openness, accountability, and user trust. The Transparency Center serves as a public-facing hub where Harborleaf shares comprehensive insights into platform safety, moderation practices, compliance efforts, and cooperation with authorities. This initiative reflects Harborleaf's commitment to ethical digital governance and legal compliance, including the POCSO Act, IT Rules, and DPDP Act, 2023.

3.1 Purpose and Scope

The Transparency Center provides:

• Visibility into content moderation processes and decisions.
• Reports on the handling of CSAE/CSAM incidents and other safety-related issues.
• Details of law enforcement interactions and cooperation.
• Metrics related to user reports, safety escalations, and policy enforcement.
• Assurance to users, regulators, and the public that Harborleaf operates with integrity and accountability.

This policy applies to:

• All users, including adults and teens (Phase 2).
• Content moderation actions across posts, videos, thoughts, and messages.
• Platform-wide compliance and reporting activities.

3.2 Key Components

1. CSAE/CSAM Reporting Metrics

• Number of Child Sexual Abuse & Exploitation (CSAE) / Child Sexual Abuse Material (CSAM) incidents reported by users or detected by AI.
• Types of content flagged (posts, videos, chats, profiles).
• Average response and resolution times for high-priority incidents.
• Actions taken: content removal, account suspension, escalation to law enforcement.
• Collaboration with authorities: NCPCR, CERT-IN, cybercrime units, Interpol ICSE database.

2. Content Moderation Metrics

• Volume of content reviewed by AI and human moderators.
• Categories of content moderation actions: removal, restriction, or warning issued.
• Accuracy and false positive/negative rates for AI detection systems.
• Summary of appeals and reversals, if any, ensuring fairness and accountability.

3. Law Enforcement Cooperation

• Requests from law enforcement agencies and responses provided.
• Number of incidents escalated under the POCSO Act, IT Rules, and other applicable laws.
• Secure digital evidence management and compliance with legal procedures.

4. Platform Accountability Metrics

• Transparency regarding updates to community guidelines, safety policies, and platform rules.
• Insights into user reporting trends, repeated offenses, and safety escalations.
• Statistics on premium account features misuse, payment disputes, and resolutions (if applicable).

5. Reporting Frequency & Public Access

• Biannual (every six months) reports published for public viewing.
• Reports are accessible via the Transparency Center in-app and on the website (www.harborleaf.in/transparency).
• Reports include infographics, tables, and summaries for easier comprehension by users and stakeholders.

3.3 Benefits to Users and Stakeholders

• Trust & Accountability: Users can verify that Harborleaf enforces policies consistently and transparently.
• Safety Assurance: Parents, guardians, and teen users gain confidence in the platform's protective measures.
• Regulatory Compliance: Demonstrates adherence to Indian laws, global youth safety standards, and privacy regulations.
• Continuous Improvement: Transparency data informs updates to AI moderation, community guidelines, and safety features.

3.4 Commitment to Continuous Improvement

Harborleaf is committed to reviewing and updating the Transparency Center metrics and processes every six months or as necessary. User feedback, regulatory changes, and technological advancements are incorporated to enhance accuracy, clarity, and user trust.