Privacy Policy
Last updated: 26 March 2026
1. Data controller
The data controller is Harbix. Contact: bookkeep@harbix.app.
2. What we collect
Account data: e.g. email address and login identifiers (via Supabase Auth, etc.).
Business data you enter: e.g. ledger names, transactions, categories, amounts, currencies, notes.
Files you upload: e.g. receipt images (stored in Supabase Storage).
Technical data: e.g. IP, device type, browsing logs (depends on hosting/analytics setup; keep MVP minimal).
Payment data: card details are handled directly by Stripe; we do not store full card numbers on our servers; we may receive subscription status and customer IDs from Stripe.
3. Why we collect it
To provide, maintain, and improve bookkeeping features; to handle subscriptions and trials; to send service emails (e.g. email verification / password reset, trial/subscription reminders, day-30 reminder after trial end); for fraud prevention, security, and legal compliance; to respond to enquiries from forms (via a transactional email provider, using bookkeep@harbix.app for related notifications).
4. Legal basis and regional applicability
We process data under applicable personal data protection laws, including but not limited to Hong Kong PDPO, Singapore PDPA, and Taiwan’s Personal Data Protection Act. Processing is based on performance of our service contract, your consent where required, or legitimate interests (such as system security).
5. Third-party processors
We use (or may use) services that may process data outside Hong Kong, including Stripe (payments), Supabase (database, auth, file storage), a transactional email provider (e.g. Resend), Vercel (hosting), and others. Each has its own privacy policy.
6. Retention (including after trial)
After trial ends (T+30): we send an email reminder.
After trial ends (T+60): if still unsubscribed, we may delete the account and related business data.
After trial ends (T+90): we fully purge remaining backups or receipt image files (Supabase Storage).
Manual deletion: via the Account page; once triggered, the system starts the purge process immediately.
7. Security
We use reasonable technical and organisational measures (e.g. HTTPS, access controls, vendor security features). Transmission over the internet is not 100% secure.
8. Your rights
You may contact bookkeep@harbix.app to request access, correction, or (where law allows) deletion.
After sign-in, open the Account page to delete your account: we remove your login, business data (ledgers, transactions, categories), and uploaded receipts, and we cancel Stripe subscriptions and delete the Stripe customer record linked to this app where possible; Stripe may retain some billing records under its own policies.
9. Cookies
We use necessary cookies for sign-in and security; if we add analytics/marketing cookies later, we will update this policy and obtain consent where required.
10. Children
The service is not intended for people under 18; if we learn we collected data by mistake, contact us to delete it.
11. Policy changes
We may update this policy; material changes will be notified on the site or by email.