Last Updated: July 27, 2023
Previous Privacy Statements / Policies can be found here.
Harness Inc. (“Harness,” “We,” “Our,” “Us”) is committed to protecting the privacy of its customers, business partners, event attendees, job applicants and website visitors.This Harness Privacy Statement (“Privacy Statement”) reflects our global privacy practices and standards as of the Last Updated date and 12 months prior. This Privacy Statement details our privacy practices for the collection, use, processing, storage, hosting, transfer, and disclosure of information that we may collect about you through interacting directly with Harness or our websites, including, but not limited to the website or subdomains of Harness.io (e.g., our public facing sites and support site), other websites or applications owned and controlled by Harness (collectively, the “Website”), along with our subsidiaries, products, and services that link to this Privacy Statement (collectively, the “Service”).
Harness as the Data Controller
Harness serves as the Data Controller of your Personal Data, as described in this Privacy Statement, unless otherwise stated. As the Data Controller Harness is responsible for and controls the processing of your personal information collected through our Service.
Harness as the Data Processor
Harness serves as the Data Processor on our customers behalf. We will process information in accordance with the agreements we enter with our customers, who serve as the Data Controller. Please note, Harness is not responsible for the privacy or security practices of our customers, which may differ from those set forth in this Privacy Statement. For information regarding how Personal Data is managed or protected by Harness customers or to exercise your privacy rights, for information provided to us by your employer, please contact your employer.
Provided By You – We collect information you provide to us when you:
Provided By 3rd Parties – We collect information from 3rd parties:
Automatically Collected – We automatically collect information (via Cookies & Beacons):
Harness automatically collects information via cookies and beacons. Cookies are small pieces of information that are stored on your hard drive or in device memory. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Website. The categories of cookies used are described below:
Strictly Necessary Cookies - These cookies are necessary for the website to function as intended and cannot be turned off.
Functional Cookies - We use functional cookies to help enhance our websites’ performance, functionality and personalisation. Disabling use of these cookies may prevent services from functioning properly.
Performance Cookies - These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.
Targeting Cookies - We use targeting and advertising cookies to help us understand our marketing efforts and to reach potential customers across the web. If you do not allow these cookies, you will experience less targeted advertising.
Beacons - We use beacons in our websites and in email communications to you. Beacons provide us with information about your activity and help us to improve our business operations and strategy such as by understanding our email communications’ functionality and improving our Website and content. For example, if you click on a marketing email we send to you about a new product or service, the beacon will provide signals to us that you and your organization may be interested in learning more.
How Harness uses the Personal Data it collects depends, in part, on how you choose to communicate with us, how you use our Websites and interact with us, and any preferences you have communicated to us. We use the information we collect for following legitimate business interests, legal obligations, and commercial purposes (e.g. Service Delivery and Fulfillment, Consent, Public Interest):
We take care to only share, transmit, or grant access to Personal Data when there is a business need. We only share personal information if there is a legitimate need to know, enabling us to deliver our products and services and ensure appropriate privacy and security controls are in place to protect personal data. The parties and scenarios in which we may share personal data with include the following:
Please note Harness does not sell Personal Information for monetary value. However, we may disclose Personal Information to third parties, such as our subprocessors, to deliver our products and services, which is considered a sale of Personal Information as defined by CCPA.
As part of the functionality we make available on our Websites and to better reach our customers and prospective customers, there may be categories of third parties that are authorized by us to operate on our Websites and access your Personal Data, such as your contact data, IP address or cookies. Depending on your location (for example, California and the European Union), Harness only shares Personal Data with such third parties if you agree to such sharing via your privacy setting selections. In other parts of the world, this information may be automatically collected when you visit our websites. At any time, you may choose to withdraw your decision to share personal data with these third parties through our websites by visiting the Privacy Rights and Choices section below.
Products and Services
As a part of our Service delivery and fulfillment obligations we may share Personal Data, such as account and financial information, with the applicable third parties. Harness only shares the Personal Data with such third parties as required to deliver services.
Your Personal Data may be collected, transferred to, and stored by us in the United States, and by our employees, subsidiaries and third parties that are based in other countries. Therefore, Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature and/or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area. To ensure that the recipient of your Personal Data offers an adequate level of data protection, standard contractual clauses (SCCs), as detailed in GDPR Article 46, are utilized when data is transferred.
Harness has an inherent responsibility to protect the data our customers share with us. Our Services are built with privacy in mind and are designed to be used in a manner consistent with U.S. and international data privacy regulations. We continue to look for innovative ways to improve our overall security posture, identify and mitigate any potential risks. Information Security at Harness is, therefore, a critical business function which we have incorporated into all aspects of our business practices and operations. We maintain a comprehensive, written information security program that contains industry-standard administrative and technical safeguards designed to prevent unauthorized access to or disclosure of Personal Data. Additional security related information can be found at our Trust Center.
We will retain your Personal Data for a period of time that is consistent with the original purpose of the data collection, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We determine the appropriate retention period for Personal Data by considering the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).
The information below explains your privacy rights, the choices you have regarding how your Personal Data is managed, and how to exercise your rights. Depending on your jurisdiction the privacy rights you are entitled to may differ. However, Harness respects your privacy, as such we will make our best efforts to honor your privacy rights and choices regardless of locale. All parties have the rights listed below.
Right To Know: You can request that we disclose the Personal Data we have collected. Please submit a request in our Privacy Request Center.
Right To Delete (To Be Forgotten): You can request that we delete the Personal Data we have collected. Please submit a request in our Privacy Request Center.
Please note that we reserve the right to retain limited information as needed to fulfill our business and regulatory obligations (e.g, to deliver products and services, accounting transactions, legal matters).
Right To Correct (To Rectification): If you believe that the Personal Data we have is inaccurate you can request we correct it. Please submit a request in our Privacy Request Center.
Right To Portability: You may request to have your Personal Data provided to you in a machine readable format. Please submit a request in our Privacy Request Center.
Right to Opt Out of Automated Decision-Making Technologies: You have the right to not be subject to a decision based solely on automated processing, including profiling.
Please note that Harness does not use related technologies in regards to Personal Data.
Right To Opt Out of the selling, sharing or processing: You may request we not share or continue to process your Personal Data, please submit a request at Sell Share opt-out.
Right To Opt Out of email marketing: If you wish to withdraw from direct email marketing communications from Harness, you may click the “unsubscribe” link included in our emails.
Right To Opt Out of interest-based analytics and advertising: If you wish to opt-out of interest-based advertising, please review the Cookies & Beacons section, and the Cookies link at the bottom of Harness.io.
Right To Opt Out of platform based analytics: If you are a user of the Harness online service via a subscription purchased for you by a Harness customer, and you wish to opt-out of platform-based analytics on an individual level, please submit a request at pt-out.
Right to Non-Discrimination and Non-Retaliation: You have the right not to be discriminated against for exercising any of your data rights.
Under the California Consumer Privacy Act of 2018 (CCPA), effective January 1, 2020, and the California Privacy Rights Act (CPRA), effective January 1, 2023, which amended CCPA, California residents also have the following rights (in addition those detailed in Privacy Rights and Choices):
Right to Know of Automated Decision Making: If automated decision-making technologies are in use you have the right to know how the technology works and the possible outcome. Please note that Harness does not use related technologies in regards to Personal Data.
Right to Opt In for Minors: Minors, parents or guardians have the right to manage the collection and use of Personal Data. Explicit consent via an opt-in versus an implied consent with an opt-out option is required. Please note Harness does not knowingly collect the Personal Data of minors.
Right to Limit the Use and Disclosure of Sensitive Personal Information (SPI): You have the right to limit the use of your Sensitive Personal Data for specific purposes.
Right to Authorized Agents: In certain circumstances California residents are permitted to use an authorized agent on their behalf. The Data Subject must assign an Authorized Agent via a written signed letter and must be able to verify their identity.
Under the General Data Protection Regulation (GDPR), if you are in the European Union you also have the following rights (in addition those detailed in Privacy Rights and Choices):
Right to Restrict Processing: You have the right to restrict the processing of Personal Data if
Right to Object: You have the right to object to the processing of Personal Data if the data is not being used for a legitimate purpose.
Right to Lodge a Complaint: You have the right to file a complaint with your local Data Protection Authority. The UK Information Commissioner's Office can be found here. To contact the Swiss Federal Data Protection and Information Commissioner can be reached here.
For questions regarding our Privacy Statement please email email@example.com or contact us at:
Attn: Legal Department
55 Stockton Street, 8th Floor
San Francisco, CA 94108
The addresses of our offices can be found here.