Harper

Privacy Policy

Last updated: January 31, 2026

1. Introduction

Harper ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Facebook attribution tracking platform and services.

By using Harper, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, company name, and billing information
  • Store Information: Store URL, platform type (Shopify/WooCommerce), domain name
  • Integration Data: Facebook Pixel ID, API keys, OAuth tokens (encrypted)
  • Payment Information: Processed securely through Stripe (we do not store credit card numbers)

2.2 Information Collected Automatically

  • Tracking Data: Facebook Click IDs (fbclid), IP addresses (hashed), user agents, referrer URLs
  • Conversion Data: Order IDs, purchase amounts, product information, customer email addresses (hashed)
  • Usage Data: Pages visited, features used, time spent, clicks and interactions
  • Device Information: Browser type, operating system, device type, screen resolution
  • Cookies: Session cookies, preference cookies, analytics cookies

2.3 Information from Third Parties

  • Facebook Business Manager data (with your authorization)
  • Shopify/WooCommerce store data (through app installations)
  • Payment processor information (Stripe)

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: Track ad clicks, attribute conversions, generate reports
  • Account Management: Create and manage your account, process payments
  • Communication: Send service updates, security alerts, and support messages
  • Improvement: Analyze usage patterns to improve our platform
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: Comply with legal obligations and enforce our terms
  • Marketing: Send promotional emails (with your consent, opt-out anytime)

4. Data Sharing and Disclosure

4.1 We Share Data With:

  • Facebook: Conversion data sent via Conversion API (CAPI) for attribution
  • Payment Processors: Stripe for payment processing
  • Service Providers: Hosting (AWS), email (Resend), analytics
  • Your E-commerce Platform: Shopify/WooCommerce (for order data)

4.2 We Do NOT:

  • ❌ Sell your data to third parties
  • ❌ Share personally identifiable information without consent
  • ❌ Use your data for purposes other than stated in this policy

5. Data Security

We implement industry-standard security measures:

  • Encryption: All data transmitted over HTTPS/TLS 1.3
  • Hashing: Email addresses and IP addresses are hashed
  • Access Controls: Role-based access, multi-factor authentication
  • Data Storage: Secure cloud infrastructure (AWS)
  • Regular Audits: Security assessments and penetration testing
  • Employee Training: Staff trained on data protection practices

6. Data Retention

We retain your data for as long as necessary to provide services and comply with legal obligations:

  • Account Data: Retained while your account is active + 30 days after deletion
  • Tracking Data: Retained for 13 months (default attribution window)
  • Financial Records: Retained for 7 years (tax compliance)
  • Support Tickets: Retained for 3 years

You can request data deletion at any time by contacting support@harper.com

7. Your Rights

You have the following rights regarding your data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your data ("Right to be Forgotten")
  • Portability: Export your data in machine-readable format
  • Objection: Object to processing of your data
  • Restriction: Request limitation of data processing
  • Withdraw Consent: Opt-out of marketing communications

To exercise these rights, email privacy@harper.com

8. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Required for platform functionality (authentication, sessions)
  • Performance Cookies: Analytics to improve user experience
  • Functional Cookies: Remember your preferences
  • Tracking Cookies: Attribution tracking for customer websites (not on harper.com)

See our Cookie Policy for detailed information.

9. International Data Transfers

Your data may be processed in countries other than your own. We ensure adequate protections through:

  • EU Standard Contractual Clauses for EU data
  • Privacy Shield framework compliance (where applicable)
  • Encryption in transit and at rest

10. Children's Privacy

Harper is not intended for users under 18 years of age. We do not knowingly collect information from children. If we discover we have collected data from a child, we will delete it immediately.

11. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of sale of personal information (we do not sell data)
  • Right to deletion
  • Right to non-discrimination for exercising your rights

12. GDPR Compliance

For users in the European Economic Area (EEA), we comply with GDPR requirements. See our GDPR Compliance page for detailed information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of changes by:

  • Posting the new policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for material changes

Your continued use after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

Email: privacy@harper.com

Support: support@harper.com

Website: https://harper.com

📄 Related Policies

Terms of ServiceCookie PolicyRefund PolicyGDPR Compliance