Privacy Policy

UPDATED: December 2021

This is the Privacy Policy for Harlow and its Affiliates. This Privacy Policy is meant to be read in conjunction with Harlow’s Terms of Service. Any capitalized terms used in this Privacy Policy, but not defined, have the meaning assigned to such terms in the Terms of Service.


As used in this Agreement, the following defined terms apply:

1.1 Affiliate(s) means, with respect to Harlow, any entity which directly or indirectly controls, is controlled by, or is under common control with such party, where “control” means the power, directly or indirectly, to direct, or to cause the direction of, the management and policies of an entity, through majority ownership of voting securities or equity interests.

1.2 CCPA means the California Consumer Protection Act. If you are a California resident, you should read this Privacy Policy together with the Additional Privacy Details for California Residents section below, which provides additional information about our California information practices, including a description of CCPA rights available to some Californians.

1.3 Controller means the entity that has certain legal rights to determine the purposes for which Personal Data will be Processed and the means by which that Processing will happen.

1.4 Customer means the individual or entity who has contracted with Harlow to receive a Trial or Subscription to the Services.

1.5 GDPR means the EU General Data Protection Regulation.

1.6 Personal Data means any information about an identified or identifiable individual, such as their name or contact information.

1.7 Platform means the work management and collaboration platform on and any associated desktop or mobile applications.

1.8 Privacy Shield means EU-U.S. and Swiss-U.S. Privacy Shield Principles described at

1.9 Process, Processed, and Processing refer to any operation or set of operations that can be performed on Personal Data or on sets of Personal Data. This includes, for example, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, and destruction.

1.10 Processor means an entity that Processes Personal Data on behalf of a Controller.

1.11 Service Data is Personal Data or other information that Users: input directly into the Platform; create within the Platform; send to the Platform through any applications or integrations; or provide to Harlow through authorized methods as part of other Service Offerings.

1.12 Service Offerings means the Platform, including the generally available Harlow software-as-a-service offerings inclusive of any services delivered through any unified, hosted Harlow service delivery platform, including any Updates, as well as associated technical support services to maintain the Services. The Services also includes features of Harlow’s website, regardless of whether included in a Subscription, such as Harlow’s blog. Harlow or its authorized agents may update the Services with Updates at any time in its sole discretion. Services are of an electronic nature delivered to you remotely via a technology infrastructure and with minimal or no human intervention.

1.13 Subscription means the access to the Service Offerings purchased by Customer for a specific period of time.

1.14 User means an individual that is authorized by Customer to access the Services through Customer’s assignment of a single user ID.

1.15 Harlow means Harlow, Inc., a Delaware corporation, whose contact information is at the end of this Privacy Policy.

1.16 Updates means any corrections, bug fixes, features or functions added to or removed from the Services, but shall not include any new Service(s) not generally included with the Services purchased.


Where indicated, this Privacy Policy applies to Service Data. We do not control the content of Service Data, and, in most cases we are unable to read such content. Under the GDPR and similar laws, Harlow is considered the Customer’s Processor of any Personal Data in the Service Data.

Harlow Processes Personal Data in the Service Data under the instructions of the relevant Customer or as required by applicable law, as described in the Harlow Terms of Service.

Harlow may disclose any Service Data, including certain deleted Service Data, or data previously received from deactivated Users, to the relevant Customer, and Harlow provides the Customer with certain tools for modifying, deleting or taking other steps with Service Data. Accordingly, Users and other individuals should contact the relevant Customer with any requests relating to Personal Data about them that may appear in that Customer’s Service Data. If Harlow receives a request from a User to exercise rights in Service Data, we will refer the User’s request to the relevant Customer and cooperate with that Customer’s handling of the request, subject to any special contractual arrangement with that Customer. For requests from Customer account administrators relating to their own Personal Data, Harlow may handle the request directly.

The Privacy Policy also applies to our handling of Personal Data that is not Service Data, such as Personal Data about:

  • Visitors to our websites and events;
  • Prospective customers and their personnel;
  • People who sign up for our newsletters or other marketing; and
  • Current Customers and Users, in relation to their procurement of Service Offerings and management of the relationship with Harlow.

However, this Privacy Policy does not cover any data we Process in the context of our own recruiting and human resources management activities.



Because we designed the Platform to be content- and data-agnostic, our Customers are empowered to provide us with any kind of Personal Data in the Service Data, subject to certain restrictions as set forth in our Terms of Service.  

In addition to Service Data, we collect contact details, professional details such as title and name of company, information about the browsers and devices that individuals use to interact with us, information about an individual’s interactions with Harlow or our partners, payment information, and inferences drawn upon other Personal Data. 

We obtain much of this data directly from the relevant individuals, including in some cases with the technology described in the “Cookies and Automated Data Collection” section further below.  We also obtain Personal Data directly from our current or prospective Customers and from other third-party sources such as marketing companies, as well as from publicly available sources such as prospective Customer websites and third-party sites like LinkedIn.



Harlow uses personal data as follows:

    • To provide and improve our Service Offerings, including internal analysis of aggregate usage patterns;
    • To respond to questions, concerns, or customer service inquiries, and to otherwise fulfill individuals’ requests;
    • To send information about our current and future Service Offerings, including marketing communications by phone, email, online display advertising, and other channels;
    • To analyze market conditions and use of our Service Offerings;
    • To customize the content and advertising individuals see on our websites, across the Internet, and elsewhere;
    • To enforce the legal terms that govern our business and online properties; 
    • To comply with law and legal process and protect rights, safety, and property; and 
    • For other purposes requested or permitted by our Customers, Users, or other relevant individuals, such as website visitors.



We share Personal Data as follows:

    • For the uses of information described above, including to make appropriate disclosures in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements; and
    • In connection with an actual or potential business sale, merger, consolidation, change in control, transfer of substantial assets, or reorganization.

For those purposes, we may share information with:

    • Our Affiliates; 
    • Other entities that help us with any of the above, such as our sub-processes, data storage and backup providers, marketing service providers, customer relationship management providers, accounting providers, technical service providers, payment processors, and the marketing and analytics companies described in Section 7 below;
    • Other entities involved in the legal-related matters described above; or
    • Other entities involved in the significant corporate transactions described above, such as an acquirer of Harlow.


The laws in some jurisdictions require companies to tell you about the legal grounds they rely on to use or disclose your Personal Data.  To the extent those laws apply, our legal grounds for Processing Personal Data are as follows:

    • To honor our contractual commitments to an individual: Some of our Processing of Personal Data is to meet our contractual obligations to the individuals to whom the Personal Data relate, or to take steps at their request in anticipation of entering into a contract with them.  For example, when an individual purchases a Subscription to the Service Offerings, we will Process their payment information on this basis. 
    • Consent: Where required by law, and in some other cases, we handle Personal Data on the basis of consent.  For example, some of our direct marketing activities happen on the basis of opt-in consent, such as sending marketing emails to individuals who have requested them.  
    • Legitimate interests: In many cases, we handle Personal Data on the ground that it furthers our legitimate interests in commercial activities, such as the following, in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals: Customer support; marketing, including, in some cases, direct marketing such as via email; protecting our Customers, Users, personnel, and property; analyzing and improving our business and Service Offerings; and managing legal issues. We may also Process Personal Data for the same legitimate interests of our Customers and business partners.
    • Legal compliance: We need to use and disclose Personal Data in certain ways to comply with our legal obligations.


In our websites, apps (as applicable), and emails, we and third parties may collect certain information by automated means such as cookies, Web beacons, JavaScript, mobile device functionality, browser-based or plugin-based local storage, and other similar techniques and technologies. 

This information includes unique browser identifiers, unique device identifiers such as the Apple Advertising Identifier or Android Advertising ID, IP address, browser and operating system information, geolocation, other device information, Internet connection information, as well as details about individuals’ interactions with our Service Offerings, apps, websites, and emails.  Such details include, for example, the URL of the third-party website from which you came, the pages that you visit on our website, and the links you click on in our website. 

As part of this, we and third parties may use automated means to read or write information on your device, such as in various types of cookies and other local storage.  Cookies and local storage are files that can contain data, such as unique identifiers or other information, that we or a third party may transfer to or read from an individual’s device for the purposes described in this Privacy Policy. 

The cookies and other technologies described here fall into four basic categories:

    • Essential: These are strictly necessary to provide you with our online presence, such as access to secure areas that require registration.  Users cannot refuse them without impacting functionality. 
    • Functional: These allow Users to browse or benefit from some of its features, such as setting language preferences.  Similar to the essential technology described above, if these are disabled, it could impact your experience to use some functionality. 
    • Analytics: These allow us or our third-party analytics providers to collect statistics on the use of our Service Offerings and website. 
    • Advertising: These cookies and other technologies, administered primarily by our third-party advertising partners, track individuals’ online activities over time and use this information to show them ads that are tailored to their individual interests or characteristics and/or based on prior visits to certain sites or apps, or other information we or they know, infer, or have collected from them.  For example, we and these providers may use different types of cookies, other automated technology, and data to (i) recognize individuals and their devices; (ii) inform, optimize, and serve ads; and (iii) to report on our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services, including how they are related to visits to specific sites or apps.  

To learn more about interest-based advertising, including how to opt out from the targeting of interest-based ads by some of our current ad service partners, visit or from each of your browsers on each of your devices.  You can opt out of Google Analytics and customize the Google Display Network ads by visiting the Google Ads Settings page and installing the Google Analytics Opt-out Browser Add-on from each browser on each device.  If you replace, change, or upgrade your browser, or delete your cookies, you may need to use these opt-out tools again.  We do not respond to browser-based do-not-track signals.  Please visit your mobile device manufacturer’s website, or the website for its operating system, for instructions on any additional privacy controls in your mobile operating system, such as privacy settings for device identifiers and geolocation. 

You may be able to set your web browser to refuse certain types of cookies, or to alert you when certain types of cookies are being sent.  Some browsers offer similar settings for HTML5 local storage, and Flash storage can be managed as described here.


All Users can:

    • Review and update certain User information by logging in to the relevant portions of the Platform. 
    • Deactivate their accounts by contacting us at or directly through your Customer Account, subject to any contractual provisions between Harlow and the Customer responsible for the account.  Except when the Customer has requested closure of all its User accounts, information in a deactivated User account may be available to the Customer for some time.  

Controls related to cookies and other automated data collection are described in the “Cookies and Automated Data Collection” section above.  Anybody can unsubscribe from marketing emails by clicking the unsubscribe link they contain.

Residents of the European Economic Area, the United Kingdom, and many other jurisdictions have certain legal rights to do the following with Personal Data we control:

    • Obtain confirmation of whether we hold Personal Data about them, and to receive information about its Processing; 
    • Obtain a copy of the Personal Data, and in some cases, receive it in a structured, commonly used, and machine-readable format, or have it transmitted to a third party in such form;
    • Update, correct, or delete the information;
    • Object to our Processing of the information for direct marketing purposes;
    • Object to other Processing of the information; and/or
    • Withdraw consent previously provided for the Processing of the information. 

Residents of the European Economic Area, the UK, and Switzerland also have certain rights under the Privacy Shield, as described in the “International Data Transfers” section below.

To exercise any of those rights with respect to the Personal Data Harlow controls, individuals should contact us as described at the end of this Privacy Policy. 

Many of the rights described above are subject to significant limitations and exceptions under applicable law.  For example, objections to the Processing of Personal Data, and withdrawals of consent, typically will not have retroactive effect.

Every individual also has a right to lodge a complaint with the relevant supervisory authority.


To provide security for Service Data within the Platform, we maintain physical, organizational, and technical safeguards, which are subject to periodic changes. Communications with Harlow through other methods such as email or phone are not subject to those protections.  THIRD-PARTY SOFTWARE AND SERVICES INTEGRATED INTO OUR SERVICE OFFERINGS, SUCH AS GOOGLE DRIVE AND ANY OTHER INTEGRATIONS, ARE HANDLED BY SUCH THIRD PARTIES SUBJECT TO THEIR OWN PRIVACY AND SECURITY PROCEDURES, WHICH WE DO NOT CONTROL. 

We use different safeguards to help secure the other Personal Data we handle.  

No security method is perfect, and we cannot guarantee that any data will remain secure. 


We hold Personal Data for as long as necessary to fulfill the purposes set forth in this Privacy Policy.  Information may persist in copies made for backup and business continuity purposes for additional time.


We are headquartered in the United States, and recipients of the data disclosures described in this Privacy Policy are located in the United States and elsewhere in the world, including where privacy laws may not provide as much protection as those of your country of residence.

Customers also may transfer Service Data to Harlow on the basis of legal mechanisms approved by the European Commission and other relevant authorities for cross-border data transfers. These include Standard Contractual Clauses.

Harlow makes its own international transfers of personal data, in many cases through the use of European Commission-approved Standard Contractual Clauses and other data protection contract language.  Our Service Offerings may allow our Customers and Users to make international data transfers to third parties, such as to other Users, or to providers of integrations, for which they are solely responsible.


Harlow may change this Privacy Policy to reflect changes in the law, our data handling practices, or the features of our business.  The updated Privacy Policy will be posted on


If you have questions, requests or complaints relating to a Customer’s handling of your Service Data, please contact the relevant Customer.  If you have questions regarding our practices or this Privacy Policy, or to send us requests or complaints relating to Personal Data, please contact us at: 

Harlow, Inc.
Attention: Privacy
5214 Diamond Heights Blvd
San Francisco, CA 94131 


The subsections below apply only to “personal information” about California residents (as that term is defined in the CCPA) and they supplement the information in the rest of our Privacy Policy above.  Data about individuals who are not residents of California is handled differently and is not subject to the same rights described below. These subsections also do not apply to Service Data (defined above), which is handled as described in Section 2 of our Privacy Policy, even when the Service Data is about a resident of California. 

The specific pieces of personal information we collect generally falls into the following categories under California law, to the extent that any of the following are personally identifiable: identifiers (such as name, address, email address, and other contact information); commercial information (such as transaction data, and information about an individual’s interactions with Harlow or our partners); financial data (such as payment card information); internet or other network or device activity, and other information described in the “Cookies and Automated Data Collection” section of our Privacy Policy; or other information that identifies or can be reasonably associated with you, and inferences drawn from any of the above. 

Harlow uses the personal information as follows:

    • To provide and improve our Service Offerings, including internal analysis of aggregate usage patterns;
    • To respond to questions, concerns, or customer service inquiries, and to otherwise fulfill individuals’ requests;
    • To send information about our current and future Service Offerings, including marketing communications by phone, email, online display advertising, and other channels;
    • To analyze market conditions and use of our Service Offerings;
    • To customize the content and advertising individuals see on our websites, across the Internet, and elsewhere;
    • To enforce the legal terms that govern our business and online properties; 
    • To comply with law and legal process and protect rights, safety and property; and 
    • For other purposes requested or permitted by our Customers, Users or other relevant individuals, such as website visitors

CCPA “sale” of California personal information

The CCPA requires businesses that “sell” personal information, as the term “sell” is defined under the CCPA, to provide an opt-out from such sales.  Though we do not receive any monetary compensation, our use of tracking technologies may be considered a “sale” under California law. You can opt-out of being tracked by these third parties by clicking the “Do Not Sell” link at the bottom of our website and selecting your preferences. Please note that your use of our website may still be tracked by Harlow and/or our service providers. We do not knowingly sell the personal information of consumers under 16 years of age.

Categories of personal information disclosed that may be considered a “sale” under California law: basic identifying information; device information and other unique identifiers; internet or other network activity; and commercial data. 

Categories of third parties to whom personal information was disclosed that may be considered a “sale” under California law: advertisers and marketing partners and data analytics provider. 

Collection and Disclosure of California Personal Information During Past 12 Months 

The chart below provides more detail on our disclosures of California personal information:

Category of personal information collected Categories of third parties to which it was disclosed for a business purpose
Identifiers, such as name, username, email address, phone number, address, IP address Affiliates, data storage and backup providers, marketing service providers, accounting providers, technical service providers, payment processors, and marketing and analytics companies; and entities involved in legal-related matters with Harlow.
Commercial information, such as information provided to us in your communications (some of which is personal information), transaction data, and information about interactions with Harlow or our partners Same as first row
Financial information such as payment card number Payment processors
Internet or other electronic network activity information, such as technical data about a device and information about a device’s interactions with our website Same as first row, with the exception of payment processors


California Privacy Rights

If you are a California resident, California law may permit you to request that we:

    • Inform you of the categories of personal information we have collected about you in the last twelve months; the categories of sources of such information; the categories of personal information that we “sold” or disclosed about you for a business purpose; the business or commercial purpose for collecting or “selling” your personal information; and the categories of third parties to whom we have “sold” or otherwise disclosed personal information for a business purpose. 
    • Provide access to and/or a copy of certain information we hold about you.
    • Delete certain information we have about you.

Certain information is exempt from such requests under applicable law.  You also have certain rights under the CCPA not to be subject to certain negative consequences for exercising CCPA rights. 

We will take steps to verify your identity before responding to your request, which may include requesting that you respond to an email that we send to you, or otherwise verifying your name, email address, or other information that will help us to confirm your identity.  

If you are an agent making a request on behalf of a consumer, you must verify that you are authorized to make that request, which may include requiring you to provide us with written proof that satisfies CCPA requirements, such as an appropriate letter signed by the consumer or a power of attorney.  We also may require the consumer to verify their identity directly with us.

To request to exercise any of these rights, please email