Harness Inc. (“Harness,” “We,” “Our,” “Us”) is committed to protecting the privacy of its customers, business partners, event attendees, job applicants and website visitors. This Harness Privacy Statement(“Privacy Statement”) reflects our global privacy practices and standards as of the Last Updated date and 12 months prior. This Privacy Statement details our privacy practices for the collection, use, processing, storage, hosting, transfer, and disclosure of information that we may collect about you through interacting directly with Harness or our websites, including, but not limited to the website or subdomains of https://www.harness.io (e.g., our public facing sites and support site), other websites or applications owned and controlled by Harness (collectively, the “Website”), along with our subsidiaries, products, and services that link to this Privacy Statement (collectively, the “Service”).
Harness as the Data Controller
Harness serves as the Data Controller of your Personal Data, as described in this Privacy Statement, unless otherwise stated. As the Data Controller Harness is responsible for and controls the processing of your personal information collected through our Service.
Harness as the Data Processor
Harness serves as the Data Processor on our customers behalf. We will process information in accordance with the agreements we enter with our customers, who serve as the Data Controller. Please note, Harness is not responsible for the privacy or security practices of our customers, which may differ from those set forth in this Privacy Statement. For information regarding how Personal Data is managed or protected by Harness customers or to exercise your privacy rights, for information provided to us by your employer, please contact your employer.
Information We Collect
- Contact Information and Identifiers such as your name, email address, mailing address, or telephone number.
- Professional and Business Data such as employer, job title, or certifications, business phone, business email address, or industry.
- Online Identifiers such as IP address, location details, username, social media identifiers and profiles, device OS, or internet browser.
- Marketing, Sales, Training and Demo related information such as products and services of interest, calendar details, video and audio recordings.
- Account Registration, Customer Account, and Financial Information such as account ID, authentication credentials, products in use, payment information, or billing details.
- Support and Communication such as email communications or service tickets.
- Employment Application Data such as resume, work experience, education, salary, or background check information. Please note, if an offer is extended sensitive information may be requested such as Social Security Number, passport, or other government identifier, racial or ethnic origin.
- Single Sign-On Data such as authentication tokens. WE DO NOT receive your login credentials.
- Analytics and Log Data such as the most used features, time spent on a page, and page visits pages.
- Web Session Data such as cookies, beacons, application and website usage activity.
How We Collect Information
- Provided By You – We collect information you provide to us when you:
○ Sign up for or request information regarding our products and services;
○ Communicate with us for support, information requests, or demos;
○ Provide feedback or post on community forums;
○ Register for, attend, or participate in a Harness event, training, or promotions;
○ Visit our offices; or
○ Inquire about or apply for employment.
- Provided By 3rd Parties – We collect information from 3rd parties:
○ When you register for, attend, or participate in events where we are a sponsor or website forms hosted by third parties that may provide content about us;
○ When you apply for a job or we receive an employment referral;
○ When you participate in an open-source project or our public bug bounty program,
○ From companies such as information aggregators and entities from whom we have licensed business contact information;
○ From our partners or affiliates for sales leads; or
○ When partnering, investing, or acquiring your employing or retaining company.
- Automatically Collected – We automatically collect information (via Cookies & Beacons):
○ When you interact with our websites; or
○ When you utilize our products and services.
Harness automatically collects information via cookies and beacons. Cookies are small pieces of information that are stored on your hard drive or in device memory. We may use both session Cookies(which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Website. The categories of cookies used are described below:
Strictly Necessary Cookies - These cookies are necessary for the website to function as intended and cannot be turned off.
Functional Cookies - We use functional cookies to help enhance our websites’ performance, functionality and personalisation. Disabling use of these cookies may prevent services from functioning properly.
Performance Cookies - These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.
Targeting Cookies - We use targeting and advertising cookies to help us understand our marketing efforts and to reach potential customers across the web. If you do not allow these cookies, you will experience less targeted advertising.
Beacons - We use beacons in our websites and in email communications to you. Beacons provide us with information about your activity and help us to improve our business operations and strategy such as by understanding our email communications’ functionality and improving our Website and content. For example, if you click on a marketing email we send to you about a new product or service, the beacon will provide signals to us that you and your organization may be interested in learning more
How We Use Collected Information
How Harness uses the Personal Data it collects depends, in part, on how you choose to communicate with us, how you use our Websites and interact with us, and any preferences you have communicated to us. We use the information we collect for following legitimate business interests, legal obligations, and commercial purposes (e.g. Service Delivery and Fulfillment, Consent, Public Interest):
- Fulfill the original purpose for which the Personal Data was collected;
- Provide Harness products and services requested;
- Register, verify, and administer accounts;
- Process payments for services provided;
- Determine how our products and services are used and how they perform;
- Enhance and innovate our products and services;
- Improve the security of our products and services;
- Provide customer support and troubleshoot issues;
- Conduct data analysis and determine trends; or
- Communicate transactional notices, updates, security alerts, and administrative messages regarding our products and services;
- Promote and communicate marketing related information such as new products, features and enhancements;
- Support marketing promotions and contests;
- Identify and protect against misuse, policy violations, suspicious, or fraudulent activity;
- Support recruitment, employment and staffing decisions; and
- Support and comply with legal claims, regulatory obligations and audits.
When We Share Personal Information
We take care to only share, transmit, or grant access to Personal Data when there is a business need.We only share personal information if there is a legitimate need to know, enabling us to deliver ourproducts and services and ensure appropriate privacy and security controls are in place to protectpersonal data. The parties and scenarios in which we may share personal data with include the following:
- Partners and subsidiaries - these are companies we have created, acquired, partnered or merged with;
- Service Providers, vendors, and sub-processors - these are companies we have contracted with to provide services on our behalf including but not limited to hosting our Services, financial services, insurance providers, advertising firms, event sponsors, and background check services.
- Regulatory bodies, legal firms and advisors, or law enforcement agencies.
- With your consent.
Please note Harness does not sell Personal Information for monetary value. However, we may disclose Personal Information to third parties, such as our subprocessors, to deliver our products and services, which is considered a sale of Personal Information as defined by CCPA.
Intentional Disclosures to Third Parties
As part of the functionality we make available on our Websites and to better reach our customers and prospective customers, there may be categories of third parties that are authorized by us to operate on our Websites and access your Personal Data, such as your contact data, IP address or cookies. Depending on your location (for example, California and the European Union), Harness only shares Personal Data with such third parties if you agree to such sharing via your privacy setting selections. In other parts of the world, this information may be automatically collected when you visit our websites. At any time, you may choose to withdraw your decision to share personal data with these third parties through our websites by visiting the Privacy Rights and Choices section below.
Products and Services
As a part of our Service delivery and fulfillment obligations we may share Personal Data, such as account and financial information, with the applicable third parties. Harness only shares the Personal Data with such third parties as required to deliver services.
3. Device Data, Usage Data, and Metadata We Collect
a. Explanation of Device Data, Usage Data, and Other Metadata and Technology Used Harness collects certain Personal Data from users of its website similar to most websites, applications, and software across the Internet. This type of data collection allows us to better understand how individuals use our websites, products and services and how they perform. For example, we may collect metadata about you, including technical data about your performance or use of our website, products and services. We may also collect device data about you to help us determine that users from one type of device use our websites, products and services in different ways than users of a different type of device, which in turn allows us to improve our websites, products and services, such as through making sure our customers’ users have a more efficient user experience. Such data may also include browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit.
The three main types of cookies are:
Essential cookies.Essential cookies are required for website functionality and security. For example, authentication, security, and session cookies may be required for our website or products to work. Functional cookies. We use functional cookies to help enhance our websites’ performance, for market research, or other analytics or advertising that is not tied to a specific individual. For example, we may use Google analytics to help us track how many individuals visited our website. We may also utilize HTML5 local storage cookies for the reasons described in this section. These types of cookies are different from browser cookies in the amount and type of data they store and how they store it. Targeting or advertising cookies.We use targeting and advertising cookies to help us understand our marketing efforts and to reach potential customers across the web. For example, we contract with third-party advertising networks that may track your activity over time and across different channels, including our websites, email activity, and other websites and applications that display advertisements. They may use this tracking information to help us understand and predict your interests, to display an advertisement for Harness on another website, or email you with a marketing communication for a Harness product. A second common technology we use to collect metadata that may be considered Personal Data is beacon technology. We use beacons in our websites and in email communications to you. Beacons provide us with information about your activity and help us to improve our business operations and strategy, such as by understanding our email communications’ functionality and improving our websites and content. For example, if you click on a marketing email we send to you about a new product or service, the beacon will provide signals to us that you and your organization may be interested in learning more.
b. Data Collected from Harness Products and Ancillary Products We offer products that collect both customer related data and usage related from Harness products. Our collection of both types of data enables us to provide and innovate upon Harness products, which in turn allows us to act as a service provider to our customers and to continuously improve upon the services we provide to our customers. In conjunction with the products we make available to our customers, we may collect additional data, such as account usernames, user-agent and browser version, the URLs you visit, logs of your usage and click activities, logs about your login history, identity confirmation, and device data (such as whether your device is managed by an administrator, the operating system installed on the device, and similar device or version information). Collectively, we refer to this data as “Ancillary Data”. Some of the Ancillary Data we receive is dependent on your organization’s policies and settings and what it permits to be shared with Harness. Harness uses Ancillary Data to improve security and to provide and improve its products to customers, including to better understand customer behavior to create new features and provide threat-related insights for our customers. For example, we may use the URL you visit to let you better manage your passwords for the websites you visit.
The following product collects and processes Ancillary Data: the Harness browser plugin Through the Harness browser plugin, the Ancillary Data we collect includes details about your login session, IP address, user-agent, and the web application name and website address, as well as other information that is not personal in nature. In addition, we may collect interaction data about your use of the Harness browser plugin. To opt-out of this, please see the section on Information Choices below. We use the information collected through the Harness browser plugin for security purposes and to provide features, such as by allowing you to better manage your passwords for websites that you visit.
c. Intentional Disclosures to Third Parties As part of the functionality we make available on our websites and to better reach our customers and prospective customers, there may be categories of third parties that are authorized by us to operate on our websites and access your Personal Data, such as your contact data, IP address or cookies. Depending on your location, (for example, California and the European Union), Harness only shares Personal Data with such third parties if you agree to such sharing through a website banner or form. In other parts of the world, this information may be automatically collected when you visit our websites. These categories of third parties include, but are not limited to, advertising networks and social networks, including Google, Facebook, LinkedIn, Twitter, Reddit and Quora. At any time, you may choose to withdraw your decision to share personal data with these third parties through our websites by visiting the section on Information Choices below. For specific details on these companies’ privacy practices, please visit their privacy policies.
4. How We Use Personal Data
Communicate information about our products and services. We may use your Personal Data, such as contact data, Ancillary Data, and metadata, to send you transactional communications, notices, updates, security alerts, and administrative messages regarding our products and services that may be useful to you and your organization. We will respond to your questions, provide tailored communications based on your activity and interactions with us, and help you use our products and services effectively. Support safety and security. We use Personal Data, such as contact data, Ancillary Data and other metadata, about you and your use of our products and services to verify accounts and activity, monitor suspicious or fraudulent activity, assist our customers in their monitoring of suspicious or fraudulent activity, and identify violations of policies regarding the use of our products and services. We also process Personal Data for other security reasons, such as to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign. Market and promote our products and services. We use your Personal Data, such as contact data, Ancillary Data, and other metadata, about how you use the products and services to send promotional communications that may be of specific interest to you and your organization, including by email and by displaying Harness marketing communications on other companies’ websites and applications, as well as on third-party platforms like Facebook, Twitter, and Google. These communications are aimed at encouraging engagement and maximizing the benefits that you and your organization can gain from Harness’s products and services, including information about new products and features, survey requests, newsletters, and events we think may be of interest to you and your organization. Manage contests or promotions. Harness may occasionally run contests or other special promotions, and if you register for one, we may process your Personal Data, such as contact information, biographical information, and contract-related data to perform our contract with you. Harness may also use the Personal Data, such as contact data, collected in these contests and promotions to send you promotional material about Harness or our partners. Process payments. We process Personal Data, such as contact information, contract-related data, financial information, biographical information, and payment information to process payments to the extent that doing so is necessary to complete a transaction and perform our contract with you or your organization. We process your Personal Data, such as contact, job applicant, and biographical data, to assess your application and to evaluate and improve the recruitment system, our application tracking and recruitment activities. We also use your Personal Data to communicate with you regarding your application or opportunities at Harness and to send you new hire and employee experience information. We may verify your information, including through reference checks and, where allowed, background checks. Other purposes for our legitimate interests: Where required by law or where we believe it is necessary to protect our legal rights, interests, or the interests of others, we may use your Personal Data in connection with legal claims, compliance, regulatory, and audit functions, protecting against misuse or abuse of our products and services, and protecting personal property or safety. Other purposes with your consent: We may use your Personal Data if you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote our products and services, with your permission. If we process your personal data for a purpose other than that set out above, we will provide you with information prior to such processing.
Legal Bases for Processing Personal Data (for European Economic Area Individuals)
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have a legal basis or bases for doing so under applicable EU laws. The legal bases depend on the products and services that your organization has purchased from Harness, how such products and services are used, and how you choose to interact and communicate with Harness’s website, systems, and whether you attend Harness events. This means we collect and use your Personal Data only where:
We need it to operate and provide you with our products and services, provide customer support and personalized features, and to protect the safety and security of our products and services; It satisfies a legitimate interest of Harness’s (which is not overridden by your data protection interests), such as for research and development, to provide information to you about our products and services that we believe you and your organization may find useful, and to protect our legal rights and interests; You give us consent to do so for a specific purpose; or We need to comply with a legal obligation. If you have consented to our use of Personal Data about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your Personal Data because we or a third party (for example, your employer) have a legitimate interest to do so, you have the right to object to that use; however, in some cases, this may mean that you no longer use our products and services.
5. Personal Data Shared by Harness
Service Providers. For all categories of information that we collect, we share Personal Data with our service providers for various business purposes, including, but not limited to, auditing interactions with users, debugging our websites, products and services, security purposes, internal research and gleaning insights through machine learning and artificial intelligence, short-term uses such as credit verification, payment processing, IT services, quality control and safety, as well as to perform other services on our behalf. For example, we may use service providers to host our customer relationship management system. Event Sponsors. If you choose to register for or attend an event or webinar that we host (such as our Unscripted conference), enter a contest or raffle with us and a sponsor, or download content (such as a whitepaper) from our website, then we will share your contact information, content interest information or other activity data, and any other information, including Personal Data, collected in the course of these activities for commercial purposes with those sponsors. In many cases, you intentionally disclose your details by providing your information to these sponsors through consent via a registration form or by scanning your badge at the applicable sponsor’s booth or entering your access code online. The treatment of this information is subject to each of these third parties’ respective privacy statements. Partners and Resellers. We share your Personal Data, such as contact information, business details, and content interest and activity details, with our partners and resellers for business purposes, such as to carry out our business or for joint marketing efforts to reach our customers and prospective customers. In many cases, you intentionally disclose your details by providing your information to these sponsors through consent via a registration form. Protection of Rights, Security and Fraud Detection. For all categories of data we collect, we share your personal data with third parties for business purposes to protect our customers, users, secure our physical and intellectual property, and to prevent or investigate security or fraudulent attempts against our users through our platform. Law Enforcement and Legal Requests. For all categories of data we collect, we may share Personal Data to comply with applicable law or respond to valid legal requests, such as a subpoena, from law enforcement or other authorities. With our Affiliates, Related to Corporate Transactions, and Provision of Professional Services. For all categories of data we collect, we share Personal Data among our affiliates and subsidiaries for business purposes, including any service providers and agents that work on our behalf. For example, we may share your Personal Data with support service providers with whom we have in place agreements to protect your Personal Data. We may also share your information as required for us to carry out a corporate transaction, such as a merger or sale of assets of all or part of our company. We will also share your Personal Data with our professional service providers (for example, our auditors, insurance providers, financial service providers, and legal advisors) as needed for us to run our business. Platform Analytics Data. We share metadata (for example, unique identifiers and usage data) collected through our platform with analytics service providers for our business purposes, such as to provide a better user experience and generally help make our products and services better. Advertising and Marketing. We share your Personal Data, such as metadata and contact data, with third-party advertising and marketing providers, to allow us to better reach our customers and prospective customers, and to sell our products and services. In some circumstances we may ask you to consent to directly disclosing your Personal Data with these third parties prior to sharing your Personal Data, such as via a consent banner on our website. Anonymous or De-identified Usage Data. We share anonymized or aggregated usage data or security threat information with third parties or the public. For example, this may include sharing trends regarding organizations’ use of Harness’s products and services to customers and prospective customers in our “Businesses at Work” report. The data shared in this category is not Personal Data. Harness Community, Help Center, and Other User Generated Content. We make available community forums, as well as blogs and other means for you to post information on our websites. This is publicly-available information that you choose to share and it may be read, collected, and used by others that visit these websites. Except for username (which may be your real name) and the details that you choose to include in your profile, the categories of data shared in these circumstances will depend on what you choose to provide. Recruitment Data. When you apply for a job at Harness, we share your Personal Data, including applicant data, biographical information, and other Personal Data we possess with our affiliate companies for business reasons, such as human resource management and internal reporting; our service providers for business reasons, such as the recruitment platform and to manage background checks; and law enforcement or government authorities, or as otherwise necessary to comply with law.
6. Harness’s Security Measures
Security is a critical priority for Harness. We maintain a comprehensive, written information security program that contains industry-standard administrative, technical, and physical safeguards designed to prevent unauthorized access to Personal Data.
However, no security system is perfect, and due to the inherent nature of the Internet, we cannot guarantee that data, including Personal Data, is absolutely safe from intrusion or other unauthorized access by others. You are responsible for protecting your password(s) and maintaining the security of your devices.
If you use the Harness online service via a subscription purchased for you by a Harness customer, then that customer is responsible for configuring your instance appropriately. Additional information about security settings and configurations can be found in the documentation related to our online service, which is available at https://ngdocs.harness.io/
7. International Data Transfers
Your Personal Data may be collected, transferred to, and stored by us in the United States, and by our affiliates and third parties that are based in other countries. The addresses of our offices where Harness, Inc. and its affiliates are located can be found online at https://harness.io/company/about-us/.
Your Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature and/or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area. We ensure that the recipient of your Personal Data offers an adequate level of data protection, for example, by entering into standard contractual clauses for the transfer of data as approved by the European Commission (as described in Article 46 of the General Data Protection Regulation) (if required), or we will ask you for your prior consent to such international data transfers.
9. How Long Does Harness Keep Your Data?
We will retain your Personal Data for a period of time that is consistent with the original purpose of the data collection, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We determine the appropriate retention period for Personal Data by considering the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).
10. Information Choices
a. Your Privacy Choices In the above sections, we describe how we may collect, use and share your Personal Data for providing relevant content and advertising. Below, we describe how you may unsubscribe, opt-out, or otherwise modify settings related to our processing of your Personal Data.
Direct Email Marketing. If you wish to withdraw from direct email marketing communications from Harness, you may click the “unsubscribe” button included in our emails. Please note, you cannot unsubscribe from critical transactional emails that are related to our provision of our online Service (such as those related to security and your Harness account).
Direct Marketing – Phone or Postal Mailings.If you wish to withdraw from phone call or postal mail marketing communications from Harness, please request to do so by sending us a notice at firstname.lastname@example.org.
Analytics. To opt-out of analytics on our websites, you may adjust your cookie preferences as described below. If you are a user of the Harness online service via a subscription purchased for you by a Harness customer, to opt-out of platform-based analytics on an individual level, please contact us at https://harness.io/opt-out/.
Cookie Preferences. To manage the use of targeting and advertising cookies, please see details below:
We use OneTrust as a service provider to help you manage cookies. Cookie Settings for our OneTrust preference center to opt-out of relevant advertising cookies. You may also adjust your web browser settings to opt-out of non-essential cookies. Please understand that blocking or deleting non-essential cookies may affect our websites’ functionality. Note that any choice with regards to cookie-based advertising only applies to the web browser through which you exercise that choice. You will still continue to see advertising, including potentially from Harness, even if you opt-out of personalized advertising.
b. Your European Privacy Rights Under the General Data Protection Regulation, if you are a European Union data subject, you have rights to understand and request how we collect, use, and disclose Personal Data in our capacity as a data controller, to the extent permitted by applicable law.
Right to Access. You have the right to access your Personal Data held by us.
Right to Rectification. You have the right to rectify inaccurate Personal Data and, taking into account the purpose of processing, to ensure it is complete.
Right to Erasure (or “Right to be Forgotten”). You have the right to have your Personal Data erased or deleted.
Right to Restrict Processing. You have the right to restrict our processing of your Personal Data.
Right to Data Portability. You have the right to transfer your Personal Data, when possible.
Right to Object You have the right to object to the processing of your Personal Data that is carried out on the basis of legitimate interests, such as direct marketing.
Right Not to be Subject to Automated Decision-Making. You have the right not to be subject to automated decision-making, including profiling, which produces legal effects. Harness does not currently engage in the foregoing on our websites or in our products and services.
If you would like to make a request and exercise your rights described above, please submit your request at https://preferences.harness.io/privacy or send an email to email@example.com.
c. Your California Privacy Rights Under the California Consumer Privacy Act of 2018 (“CCPA”), effective January 1, 2020, if you are a California resident, you have rights to understand and request that we disclose how we collect, use, disclose, and sell your Personal Data to the extent permitted by applicable law.
Right to Know About Personal Data Collected, Disclosed, or Sold. You have the right to request that we disclose what Personal Data we collect, use, disclose, and sell.
Right to Request Deletion of Personal Data. You have the right to request the deletion of your Personal Data collected or maintained by us as a business. Right to Opt-Out of the Sale of Personal Data. You have the right to opt-out of the sale of your Personal Data by us as a business, in the event, we sell Personal Data.
Right to Non-Discrimination for the Exercise of Your Privacy Rights. You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights conferred by the CCPA.
Authorized Agent. You may designate an authorized agent to make a request under the CCPA on your behalf by us with a copy of your power-of-attorney document granting that right.
Financial Incentives. We do not provide any financial incentives tied to the collection, sale, or deletion of your Personal Data.
11. Contacting Harness
Attn: Legal Department 55 Stockton Street, San Francisco, CA 94108
12. Changes to the Policy