Privacy Policy

Privacy Policy

Effective Date: March 23, 2026

Welcome to Harlps. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application and related services.

By using Harlps, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect information you provide directly to us, as well as information collected automatically when you use the Service.

1.1 Information You Provide

  • Account information: your name and email address when you sign up via Google Sign-In or email OTP.
  • Profile details: phone number, address, city, state, country, and postal code.
  • Business information: business name, category, address, phone number, website, operating hours, services offered, and photos for your business listing.
  • Reviews and ratings: star rating, review title, written comments, and optional photos when reviewing a business.
  • Communications: any messages or feedback you send to us directly.

1.2 Information Collected Automatically

  • Location data: approximate or precise location (GPS), only when you grant permission, used to show nearby businesses.
  • Device information: device type, operating system, and unique device identifiers.
  • Usage data: how you interact with the app, including screens visited and features used.

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account.
  • Provide, operate, and improve the Harlps Service.
  • Display nearby businesses based on your location.
  • Publish business listings and reviews you submit.
  • Respond to your comments, questions, and requests.
  • Monitor and analyse usage patterns to improve the app experience.
  • Detect, prevent, and address technical issues and fraud.
  • Comply with legal obligations.

3. Location Data

Harlps requests access to your device's location solely to show you businesses near you. Location is processed on-device or on our servers and is not stored persistently or sold to third parties. You may deny or revoke location permissions at any time in your device or browser settings, though this will limit the app's ability to show nearby results.

On mobile, location is accessed via Expo Location services. On web, location is requested via the browser's Geolocation API. Business proximity is calculated using PostGIS on our Supabase database.

4. Google Sign-In

Harlps offers sign-in via Google. When you choose this option, Google shares your name, email address, and profile picture with us, subject to the permissions you grant. We do not receive your Google password. Your use of Google Sign-In is also governed by Google's Privacy Policy at policies.google.com/privacy.

We only request the minimum permissions necessary to create and manage your account.

5. Sharing of Information

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

  • Service providers: trusted third-party vendors who assist us in operating the Service (see Section 6 below).
  • Business listings: information you submit for a business listing (name, address, phone, hours, photos) is publicly visible to all Harlps users.
  • Reviews: reviews and ratings you submit are publicly visible and attributed to your display name.
  • Legal requirements: if required by law, regulation, legal process, or governmental request.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, in which case users will be notified.

6. Third-Party Services

Harlps integrates with the following third-party services, each governed by their own privacy policies:

  • Supabase — our primary backend platform, handling authentication, database storage, and file storage (business photos, review photos, and profile avatars). Supabase servers are hosted on AWS. See supabase.com/privacy.
  • Google Sign-In (Google LLC) — used for OAuth authentication. See policies.google.com/privacy.
  • OpenStreetMap / Nominatim — used on mobile to geocode business addresses into latitude/longitude coordinates for proximity search. No personal data is sent; only the address string is used. See osmfoundation.org/wiki/Privacy_Policy.

We encourage you to review the privacy policies of these third-party services.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it by law.

Business listings and reviews you have submitted may remain visible in anonymised form after account deletion, as they form part of the platform's content.

8. Data Security

We implement industry-standard measures to protect your personal information, including:

  • Encrypted data transmission (HTTPS/TLS).
  • Secure token-based authentication (JWT) with short-lived access tokens.
  • Row Level Security (RLS) policies ensuring users can only access their own data.
  • Access controls limiting which personnel can access user data.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

9. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: request a copy of the personal data we hold about you.
  • Correction: update inaccurate or incomplete data via your profile settings.
  • Deletion: request deletion of your account and associated personal data.
  • Revoke location access: disable location permissions in your device or browser settings at any time.

To exercise any of these rights, contact us at teams@harlps.com. We will respond within 30 days.

10. Children’s Privacy

Harlps is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete it promptly. If you believe we may have collected information from a child under 13, please contact us.

11. International Data Transfers

Harlps is based in India and primarily serves users in India. Your data is processed on Supabase infrastructure hosted in the Singapore region. By using Harlps, you consent to the transfer of your information to Singapore and other countries where our service providers operate.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective Date” at the top of this page and, for material changes, notify you via the app or email. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us at:

Harlps
Email: teams@harlps.com

© 2026 Harlps. All rights reserved.