HHarper

Legal

Privacy Policy

Last updated: April 30, 2026

Harper ("we", "us", "our") is operated by HARPER BUSINESS CONSULTANCY LTD, a company registered in England and Wales (company number 14520200) at 9 Peakman Close, Rednal, B45 9NF, England. We provide an AI side-hustle planning service at harperbusinessconsultancy.com ("the Service"). This Privacy Policy explains what we collect, why we collect it, how long we keep it, your rights, and how to contact us. It applies to anyone who visits our website, creates a Harper account, or interacts with the Service from anywhere in the world.

Information We Collect

We collect only what we need to deliver the Service, support our users, comply with the law, and improve Harper.

Account information

When you create an account we collect your email address, password hash (we never store passwords in plaintext), display name if provided, and the timestamps of account creation, last login, and account changes.

Inputs you provide

When you use Harper, you submit goals, weekly hours, starting budgets, skills, interests, free-text descriptions, optional resume PDFs, optional photographs of your workspace, and optional reference images of competitor stores. These inputs are processed to generate your Personal Business Canvas, 30-Day Action Map, and walkthrough videos. We refer to all of this as "your inputs".

AI outputs

We store the AI outputs we generate for you (canvases, action maps, video files, daily task lists, and income forecasts) so you can return to them later, download them, and refine them.

Usage and device data

We log basic events such as page views, feature usage, button clicks, error reports, browser type, operating system, IP address, approximate location at country level (derived from IP), and timezone. These logs help us debug issues and understand how Harper is used.

Payment metadata

When you subscribe or purchase a credit pack, our payment processor (Stripe) collects your payment method details. We do not see or store full card numbers. Stripe shares with us only the metadata we need to operate your account: a customer ID, the last four digits and brand of your card, the country of the card, the amount and currency, and the timestamps of payment events.

Cookies and similar technologies

We use cookies and similar storage to keep you signed in, remember your preferences, secure your session, and measure aggregate usage. See our Cookie Policy for details and for how to manage your choices.

How We Use Your Information

We use your information to:

  • provide, operate, and maintain the Service, including generating canvases, action maps, and videos from your inputs;
  • send you transactional messages (sign-in links, receipts, billing notifications, and security alerts);
  • diagnose technical problems, prevent fraud or abuse, and protect the security of our users and our systems;
  • comply with legal obligations, respond to lawful requests from public authorities, and enforce our Terms of Service and Acceptable Use Policy;
  • improve Harper through anonymized, aggregated signals (for example, learning that a particular onboarding step has a high drop-off rate). We do not use the personal content of your inputs to train public AI models.

Legal Bases for Processing (UK / EU users)

If you are in the United Kingdom or the European Economic Area, we rely on the following legal bases under the UK GDPR and EU GDPR:

  • contract performance, to deliver the Service you have signed up for;
  • legitimate interests, to keep Harper secure, prevent abuse, and improve the Service in ways that do not override your rights;
  • consent, for non-essential cookies, marketing emails, and any optional features that ask for your permission;
  • legal obligation, where the law requires us to retain or disclose information.

How Long We Keep Information

We keep information only for as long as we need it for the purpose we collected it for, or as long as the law requires.

  • Account records are kept while your account is active and for up to 30 days after you delete your account, after which we permanently delete or anonymize them. Backup copies expire within 60 days.
  • Your inputs (resume PDFs, photographs, reference images, free-text prompts) and the AI outputs derived from them are kept for 30 days from the time they are created, after which they are automatically purged. You can request earlier deletion at any time.
  • Usage and device logs are kept for up to 12 months in identifiable form, then aggregated.
  • Payment records are kept for at least 7 years to meet UK accounting and tax-record obligations.
  • Records relating to legal claims, disputes, or regulatory investigations may be kept until the matter is fully resolved and any limitation period has expired.

How We Share Information

We do not sell your personal information. We share it only with the following categories of recipients, and only as needed:

  • payment processing: Stripe Payments Europe Limited, to take payment, manage subscriptions, and process refunds;
  • account and database hosting: Supabase, Inc., for authenticated database storage of your account and your AI outputs;
  • application hosting and analytics: Vercel, Inc., to serve the Harper website and to provide aggregate, privacy-preserving traffic analytics;
  • email delivery: a transactional email provider, to send sign-in links and account notices;
  • AI processing: a third-party AI model provider that we use to generate canvases, action maps, and videos. We send only the inputs needed for that generation, and we contractually require that this provider does not use your content to train its public models;
  • legal and safety: courts, regulators, law enforcement, professional advisers, and successors-in-interest, where strictly necessary to comply with the law, protect users, or operate as a business.

We require every recipient to protect your information at a level at least equivalent to what is described in this Privacy Policy.

International Data Transfers

Harper is offered globally, which means your information may be transferred to and processed in countries other than your own, including the United Kingdom, the European Economic Area, and the United States. When we transfer personal data out of the UK or the EEA we rely on appropriate safeguards: the UK International Data Transfer Addendum, the European Commission's Standard Contractual Clauses, the UK adequacy decisions where they apply, or another lawful mechanism. You can contact us for a copy of the safeguards that apply to a specific transfer.

Your Rights Under the GDPR

If you are in the UK or the EEA, you have the following rights:

  • the right to access the personal data we hold about you;
  • the right to rectification of inaccurate or incomplete data;
  • the right to erasure of your personal data ("right to be forgotten") in certain circumstances;
  • the right to restrict our processing in certain circumstances;
  • the right to data portability of the information you provided to us;
  • the right to object to processing that we carry out on the basis of legitimate interests, including any direct marketing;
  • the right to withdraw consent at any time, where we rely on your consent;
  • the right to lodge a complaint with a supervisory authority. In the United Kingdom this is the Information Commissioner's Office (ICO) at ico.org.uk. In the EEA it is your local data protection authority.

To exercise any of these rights, email support@harperbusinessconsultancy.com. We will respond within one calendar month, and may extend that period by a further two months for complex requests, in which case we will let you know.

Your Rights Under the CCPA

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act:

  • the right to know what categories of personal information we collect, the sources we collect it from, the purposes for which we use it, and the categories of third parties we share it with;
  • the right to delete personal information we hold about you, subject to limited exceptions;
  • the right to correct inaccurate personal information;
  • the right to opt out of the sale or sharing of personal information. We do not sell your personal information, and we do not share it for cross-context behavioral advertising;
  • the right to limit the use and disclosure of sensitive personal information. Harper does not use sensitive personal information for purposes that would trigger this right;
  • the right to non-discrimination if you exercise any of these rights. We will not deny service, charge a different price, or provide a lower quality of service because you exercise a CCPA right.

To exercise these rights, email support@harperbusinessconsultancy.com. You may use an authorized agent to make a request on your behalf. We will verify the request before acting on it.

Children

Harper is not intended for children under 13. We do not knowingly collect personal information from anyone under 13. Users aged 13 to 17 must have verifiable consent from a parent or guardian before creating an account. If you believe a child under 13 has signed up for Harper, please email support@harperbusinessconsultancy.com so we can promptly delete the account and the related data.

Security

We use industry-accepted security measures: TLS 1.2 or higher in transit, AES-256 encryption at rest for sensitive data, role-based access control, hardware-backed key management for production secrets, and routine reviews of access logs. No system is perfectly secure. If we discover a personal data breach that affects you, we will notify you and the relevant supervisory authority as required by law.

Changes to This Policy

We may update this Privacy Policy. If we make a material change we will notify you by email at least 30 days before the change takes effect, and we will update the "Last updated" date at the top of this page. Continued use of the Service after the change becomes effective means you accept the updated policy.

Contact Us

For privacy questions, requests, or complaints, email support@harperbusinessconsultancy.com, call +44 7463 992869 (UK business hours), or write to:

Data Protection Contact HARPER BUSINESS CONSULTANCY LTD 9 Peakman Close, Rednal, B45 9NF, England

Questions about this policy? Email support@harperbusinessconsultancy.com.

HARPER BUSINESS CONSULTANCY LTD · Registered in England and Wales · Company No. 14520200 · 9 Peakman Close, Rednal, B45 9NF, England · +44 7463 992869