Last Updated: July 27, 2023
Previous Privacy Statements / Policies can be found here.
Harness Inc. (“Harness,” “We,” “Our,” “Us”) is committed to protecting the privacy of its customers, business partners, event attendees, job applicants and website visitors.This Harness Privacy Statement (“Privacy Statement”) reflects our global privacy practices and standards as of the Last Updated date and 12 months prior. This Privacy Statement details our privacy practices for the collection, use, processing, storage, hosting, transfer, and disclosure of information that we may collect about you through interacting directly with Harness or our websites, including, but not limited to the website or subdomains of Harness.io (e.g., our public facing sites and support site), other websites or applications owned and controlled by Harness (collectively, the “Website”), along with our subsidiaries, products, and services that link to this Privacy Statement (collectively, the “Service”).
Harness as the Data Controller
Harness serves as the Data Controller of your Personal Data, as described in this Privacy Statement, unless otherwise stated. As the Data Controller Harness is responsible for and controls the processing of your personal information collected through our Service.
Harness as the Data Processor
Harness serves as the Data Processor on our customers behalf. We will process information in accordance with the agreements we enter with our customers, who serve as the Data Controller. Please note, Harness is not responsible for the privacy or security practices of our customers, which may differ from those set forth in this Privacy Statement. For information regarding how Personal Data is managed or protected by Harness customers or to exercise your privacy rights, for information provided to us by your employer, please contact your employer.
Information We Collect
- Contact Information and Identifiers such as your name, email address, mailing address, or telephone number.
- Professional and Business Data such as employer, job title, or certifications, business phone, business email address, or industry.
- Online Identifiers such as IP address, location details, username, social media identifiers and profiles, device OS, or internet browser.
- Marketing, Sales, Training and Demo related information such as products and services of interest, calendar details, video and audio recordings.
- Account Registration, Customer Account, and Financial Information such as account ID, authentication credentials, products in use, payment information, or billing details.
- Support and Communication such as email communications or service tickets.
- Employment Application Data such as resume, work experience, education, salary, or background check information. Please note, if an offer is extended sensitive information may be requested such as Social Security Number, passport, or other government identifier, racial or ethnic origin.
- Single Sign-On Data such as authentication tokens. WE DO NOT receive your login credentials.
- Analytics and Log Data such as the most used features, time spent on a page, and page visits pages.
- Web Session Data such as cookies, beacons, application and website usage activity.
How We Collect Information
Provided By You – We collect information you provide to us when you:
- Sign up for or request information regarding our products and services;
- Communicate with us for support, information requests, or demos;
- Provide feedback or post on community forums;
- Register for, attend, or participate in a Harness event, training, or promotions;
- Visit our offices; or
- Inquire about or apply for employment.
Provided By 3rd Parties – We collect information from 3rd parties:
- When you register for, attend, or participate in events where we are a sponsor or website forms hosted by third parties that may provide content about us;
- When you apply for a job or we receive an employment referral;
- When you participate in an open-source project or our public bug bounty program;
- From companies such as information aggregators and entities from whom we have licensed business contact information;
- From our partners or affiliates for sales leads; or
- When partnering, investing, or acquiring your employing or retaining company.
Automatically Collected – We automatically collect information (via Cookies & Beacons):
- When you interact with our websites; or
- When you utilize our products and services.
Cookies & Beacons
Harness automatically collects information via cookies and beacons. Cookies are small pieces of information that are stored on your hard drive or in device memory. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Website. The categories of cookies used are described below:
Strictly Necessary Cookies - These cookies are necessary for the website to function as intended and cannot be turned off.
Functional Cookies - We use functional cookies to help enhance our websites’ performance, functionality and personalisation. Disabling use of these cookies may prevent services from functioning properly.
Performance Cookies - These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.
Targeting Cookies - We use targeting and advertising cookies to help us understand our marketing efforts and to reach potential customers across the web. If you do not allow these cookies, you will experience less targeted advertising.
Beacons - We use beacons in our websites and in email communications to you. Beacons provide us with information about your activity and help us to improve our business operations and strategy such as by understanding our email communications’ functionality and improving our Website and content. For example, if you click on a marketing email we send to you about a new product or service, the beacon will provide signals to us that you and your organization may be interested in learning more.
How We Use Collected Information
How Harness uses the Personal Data it collects depends, in part, on how you choose to communicate with us, how you use our Websites and interact with us, and any preferences you have communicated to us. We use the information we collect for following legitimate business interests, legal obligations, and commercial purposes (e.g. Service Delivery and Fulfillment, Consent, Public Interest):
- Fulfill the original purpose for which the Personal Data was collected;
- Provide Harness products and services requested;
- Register, verify, and administer accounts;
- Process payments for services provided;
- Determine how our products and services are used and how they perform;
- Enhance and innovate our products and services;
- Improve the security of our products and services;
- Provide customer support and troubleshoot issues;
- Conduct data analysis and determine trends; or
- Communicate transactional notices, updates, security alerts, and administrative messages regarding our products and services;
- Promote and communicate marketing related information such as new products, features and enhancements;
- Support marketing promotions and contests;
- Identify and protect against misuse, policy violations, suspicious, or fraudulent activity;
- Support recruitment, employment and staffing decisions; and
- Support and comply with legal claims, regulatory obligations and audits.
When We Share Personal Information
We take care to only share, transmit, or grant access to Personal Data when there is a business need. We only share personal information if there is a legitimate need to know, enabling us to deliver our products and services and ensure appropriate privacy and security controls are in place to protect personal data. The parties and scenarios in which we may share personal data with include the following:
- Partners and subsidiaries - these are companies we have created, acquired, partnered or merged with;
- Service Providers, vendors, and sub-processors - these are companies we have contracted with to provide services on our behalf including but not limited to hosting our Services, financial services, insurance providers, advertising firms, event sponsors, and background check services;
- Regulatory bodies, legal firms and advisors, or law enforcement agencies; or
- With your consent.
Please note Harness does not sell Personal Information for monetary value. However, we may disclose Personal Information to third parties, such as our subprocessors, to deliver our products and services, which is considered a sale of Personal Information as defined by CCPA.
Intentional Disclosures to Third Parties
As part of the functionality we make available on our Websites and to better reach our customers and prospective customers, there may be categories of third parties that are authorized by us to operate on our Websites and access your Personal Data, such as your contact data, IP address or cookies. Depending on your location (for example, California and the European Union), Harness only shares Personal Data with such third parties if you agree to such sharing via your privacy setting selections. In other parts of the world, this information may be automatically collected when you visit our websites. At any time, you may choose to withdraw your decision to share personal data with these third parties through our websites by visiting the Privacy Rights and Choices section below.
Products and Services
As a part of our Service delivery and fulfillment obligations we may share Personal Data, such as account and financial information, with the applicable third parties. Harness only shares the Personal Data with such third parties as required to deliver services.
International Data Transfers
Your Personal Data may be collected, transferred to, and stored by us in the United States, and by our employees, subsidiaries and third parties that are based in other countries. Therefore, Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature and/or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area. To ensure that the recipient of your Personal Data offers an adequate level of data protection, standard contractual clauses (SCCs), as detailed in GDPR Article 46, are utilized when data is transferred.
How We Secure Your Data
Harness has an inherent responsibility to protect the data our customers share with us. Our Services are built with privacy in mind and are designed to be used in a manner consistent with U.S. and international data privacy regulations. We continue to look for innovative ways to improve our overall security posture, identify and mitigate any potential risks. Information Security at Harness is, therefore, a critical business function which we have incorporated into all aspects of our business practices and operations. We maintain a comprehensive, written information security program that contains industry-standard administrative and technical safeguards designed to prevent unauthorized access to or disclosure of Personal Data. Additional security related information can be found at our Trust Center.
We will retain your Personal Data for a period of time that is consistent with the original purpose of the data collection, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We determine the appropriate retention period for Personal Data by considering the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).
Privacy Rights and Choices
The information below explains your privacy rights, the choices you have regarding how your Personal Data is managed, and how to exercise your rights. Depending on your jurisdiction the privacy rights you are entitled to may differ. However, Harness respects your privacy, as such we will make our best efforts to honor your privacy rights and choices regardless of locale. All parties have the rights listed below.
Right To Know: You can request that we disclose the Personal Data we have collected. Please submit a request in our Privacy Request Center.
Right To Delete (To Be Forgotten): You can request that we delete the Personal Data we have collected. Please submit a request in our Privacy Request Center.
Please note that we reserve the right to retain limited information as needed to fulfill our business and regulatory obligations (e.g, to deliver products and services, accounting transactions, legal matters).
Right To Correct (To Rectification): If you believe that the Personal Data we have is inaccurate you can request we correct it. Please submit a request in our Privacy Request Center.
Right To Portability: You may request to have your Personal Data provided to you in a machine readable format. Please submit a request in our Privacy Request Center.
Right to Opt Out of Automated Decision-Making Technologies: You have the right to not be subject to a decision based solely on automated processing, including profiling.
Please note that Harness does not use related technologies in regards to Personal Data.
Right To Opt Out of the selling, sharing or processing: You may request we not share or continue to process your Personal Data, please submit a request at Sell Share opt-out.
Right To Opt Out of email marketing: If you wish to withdraw from direct email marketing communications from Harness, you may click the “unsubscribe” link included in our emails.
Right To Opt Out of interest-based analytics and advertising: If you wish to opt-out of interest-based advertising, please review the Cookies & Beacons section, and the Cookies link at the bottom of Harness.io.
Right To Opt Out of platform based analytics: If you are a user of the Harness online service via a subscription purchased for you by a Harness customer, and you wish to opt-out of platform-based analytics on an individual level, please submit a request at pt-out.
Right to Non-Discrimination and Non-Retaliation: You have the right not to be discriminated against for exercising any of your data rights.
California Privacy Rights (CCPA / CPRA)
Under the California Consumer Privacy Act of 2018 (CCPA), effective January 1, 2020, and the California Privacy Rights Act (CPRA), effective January 1, 2023, which amended CCPA, California residents also have the following rights (in addition those detailed in Privacy Rights and Choices):
Right to Know of Automated Decision Making: If automated decision-making technologies are in use you have the right to know how the technology works and the possible outcome. Please note that Harness does not use related technologies in regards to Personal Data.
Right to Opt In for Minors: Minors, parents or guardians have the right to manage the collection and use of Personal Data. Explicit consent via an opt-in versus an implied consent with an opt-out option is required. Please note Harness does not knowingly collect the Personal Data of minors.
Right to Limit the Use and Disclosure of Sensitive Personal Information (SPI): You have the right to limit the use of your Sensitive Personal Data for specific purposes.
Right to Authorized Agents: In certain circumstances California residents are permitted to use an authorized agent on their behalf. The Data Subject must assign an Authorized Agent via a written signed letter and must be able to verify their identity.
EU Privacy Rights (GDPR)
Under the General Data Protection Regulation (GDPR), if you are in the European Union you also have the following rights (in addition those detailed in Privacy Rights and Choices):
Right to Restrict Processing: You have the right to restrict the processing of Personal Data if
- The accuracy of the data is under question;
- Processing is unlawful;
- It is needed in order to establish or exercise legal claims or defenses; or
- You have exercised the right to object.
Right to Object: You have the right to object to the processing of Personal Data if the data is not being used for a legitimate purpose.
Right to Lodge a Complaint: You have the right to file a complaint with your local Data Protection Authority. The UK Information Commissioner's Office can be found here. To contact the Swiss Federal Data Protection and Information Commissioner can be reached here.
For questions regarding our Privacy Statement please email email@example.com or contact us at:
Attn: Legal Department
55 Stockton Street, 8th Floor
San Francisco, CA 94108
The addresses of our offices can be found here.