H
arry
Login
Legal

PrivacyPolicy

Last updated: July 15, 2025

1. Introduction

At Harry, we value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our platform.

By using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree with the data practices described, you should not use our Services.

2. Information We Collect

Personal Information

We may collect personal information that you voluntarily provide when using our Services, including:

  • Contact information (name, email address, phone number, mailing address, company address)
  • Account information (username, password, authentication details, login history)
  • Billing information (credit card details, billing address, payment history, subscription plans)
  • Professional information (company name, job title, industry, business type, team size)
  • Identity verification information (for security and compliance purposes)
  • Content you upload to our platform (documents, images, videos, marketing materials)
  • Communication preferences and marketing opt-ins
  • Third-party account identifiers (when connecting Facebook, Google, or other platforms)
  • Social media account information (page IDs, account names, permissions granted)
  • Advertising account data (ad account IDs, campaign information, budget settings)
  • Feedback, survey responses, and support requests you submit
  • Any other information you provide when using our platform or communicating with us

Usage Information

We automatically collect certain information when you visit, use or navigate our Services. This information does not reveal your specific identity but may include:

  • Device and connection information
  • IP address
  • Browser and device characteristics
  • Operating system
  • Usage patterns
  • Referring URLs

3. Third-Party Access and API Integrations

Our platform integrates with third-party services to provide enhanced functionality. When you connect these services to your account, we collect and process additional data as described below.

Facebook/Meta Integration

Our application integrates with Facebook/Meta to enable marketing and advertising capabilities. When you connect your Facebook account, we request the following permissions:

  • public_profile: Basic information such as your user ID, name, and profile picture
  • email: Access to your primary email address
  • ads_management: Ability to create, manage, and analyze ads on your behalf
  • ads_read: Access to read your advertising account information
  • business_management: Ability to manage your business assets
  • pages_show_list: Access to view pages you manage
  • pages_read_engagement: Access to read engagement metrics for your pages

Google Services Integration

Our platform connects with multiple Google services to enhance functionality. When you connect Google services, we may request the following permissions:

  • Google Drive Access: We request https://www.googleapis.com/auth/drive.readonly scope to access files and folders from your Google Drive for use in marketing materials
  • Google Ads Access: We request https://www.googleapis.com/auth/adwords scope to manage Google Ads campaigns, access accounts, and perform advertising operations
  • Profile Information: We may request access to your basic profile information and email address

Authentication and Token Management: We use OAuth 2.0 for authentication with Google services. When you connect multiple Google services (like Drive and Ads), we merge the required permission scopes. Tokens are stored securely in our database and refreshed automatically when they expire. We implement a unified architecture that minimizes the data we need to collect while providing seamless service integration.

Data Usage: For Google Drive, we access file metadata and content to enable file selection and integration with marketing campaigns. For Google Ads, we access account information, campaigns, and ad groups to provide management capabilities. All data is processed according to Google's API Service User Data Policy.

Detailed Google Data Processing Practices

When you connect Google services to our platform, we handle your data as follows:

  • Data Collection: We collect only the minimum necessary data to provide our services. For Google Drive, this includes file metadata (name, type, size, thumbnails) and file content you specifically select for use. For Google Ads, this includes account information, campaign structures, and performance data.
  • Data Storage: Google authentication tokens are stored in encrypted format in our secure database. File metadata from Google Drive is cached in our systems, while actual file content is only processed when explicitly used in campaigns. Google Ads data is synchronized with our systems regularly to provide up-to-date reporting and management capabilities.
  • Data Retention: We retain Google service tokens as long as your account is active or until you disconnect the service. Google Drive file metadata is retained as long as it remains relevant to your active campaigns, with a maximum retention period of 12 months after last use. Google Ads data is retained for a period of up to 24 months to provide historical performance reporting.
  • Data Sharing: We do not sell or rent your Google data to third parties. Your Google Drive files and Google Ads data may be processed by our service providers who help us provide our services, but only as necessary to provide the functionality you've requested. These service providers are bound by strict confidentiality agreements.
  • Data Security: We implement industry-standard security measures to protect your Google data, including encryption at rest and in transit, regular security audits, and strict access controls that limit access to authorized personnel only.
  • Data Deletion: When you disconnect a Google service from our platform, we delete the associated authentication tokens within 30 days. You can request complete deletion of cached Google data by contacting our support team.

Compliance with Google API Services User Data Policy: Our use of Google API Services adheres to Google's API Services User Data Policy, including the Limited Use requirements. We access, use, and transfer user data only for the purposes described in this privacy policy, which are directly related to the functionality we provide to you. We don't use Google user data for serving advertisements, and we maintain a high standard of security for storing and processing Google user data.

4. How We Use Your Information

We use the information we collect for various purposes, including:

  • Providing, operating, and maintaining our Services
  • Improving, personalizing, and expanding our Services
  • Understanding and analyzing how you use our Services
  • Developing new products, services, features, and functionality
  • Communicating with you about updates, security alerts, and support messages
  • Processing your transactions and managing your account
  • Preventing fraudulent transactions and monitoring against errors
  • Enforcing our terms, conditions, and policies
  • Enabling integrations with third-party platforms like Facebook and Google
  • Managing and optimizing advertising campaigns on your behalf

5. Sharing Your Information

We may share information in the following situations:

  • Third-Party Service Providers: We may share your information with third-party vendors, service providers, contractors, or agents who perform services for us.
  • Third-Party Platforms: When you connect third-party services like Facebook or Google, we share information with these platforms as necessary to provide our services. This includes authentication tokens, account identifiers, and content needed for campaign management.
  • Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • Legal Requirements: We may disclose your information where required to do so by law or in response to valid requests by public authorities.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and use information about you and your interaction with our Services. We use these technologies to remember your preferences, analyze trends, administer the website, track users' movements around the website, and gather demographic information about our user base as a whole.

Types of Cookies We Use

We use the following types of cookies:

  • Essential/Necessary Cookies: These cookies are required for the basic functionality of our website and cannot be switched off. They are usually set in response to actions you take, such as setting your privacy preferences, logging in, or filling in forms.
  • Functionality Cookies: These cookies enable enhanced functionality and personalization, such as remembering your preferences and settings.
  • Analytics/Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site.
  • Marketing/Targeting Cookies: These cookies may be set through our site by our advertising partners to build a profile of your interests and show you relevant ads on other sites.

Cookie Consent

When you first visit our website, you will be presented with a cookie banner that allows you to accept or decline non-essential cookies. You can change your cookie preferences at any time through our Cookie Preferences tool in the footer of our website.

For users in the European Economic Area, United Kingdom, or Switzerland, we obtain your explicit consent before placing non-essential cookies on your device, in accordance with applicable data protection laws including the GDPR and ePrivacy Directive.

Essential cookies are placed regardless of consent as they are necessary for the functioning of our website. For all other cookie types, we only place them if you have given consent.

Third-Party Cookies

Some cookies are placed by third parties on our behalf. These third parties may collect information about your online activities over time and across different websites. We do not control these third-party cookies and they are subject to the third parties' privacy policies.

How to Manage Cookies

In addition to our Cookie Preferences tool, most web browsers allow some control of cookies through browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage or delete them, visit www.allaboutcookies.org.

7. Data Security

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure.

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information, including:

  • The right to access and receive a copy of your personal information
  • The right to rectify or update your personal information
  • The right to erase or delete your personal information
  • The right to restrict processing of your personal information
  • The right to object to the processing of your personal information
  • The right to data portability
  • The right to disconnect third-party integrations and revoke access

Managing API Integrations

You can manage your third-party integrations through your account settings:

  • Disconnecting Facebook/Meta: You can disconnect Facebook integration at any time through the "Integrations" section in your dashboard. This will revoke our access to your Facebook data and ad accounts.
  • Disconnecting Google Services: You can disconnect Google Drive or Google Ads integrations from the same "Integrations" section. Additionally, you can revoke access through your Google Account settings at https://myaccount.google.com/permissions.

GDPR Compliance

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional information applies regarding your personal data:

Data Controller

Harry Marketing Limited, located at 123 Tech Lane, London, EC1A 1AA, United Kingdom, is the data controller responsible for your personal information. You can contact our Data Protection Officer at privacy@useharry.com.

Legal Bases for Processing

We process your personal data under the following legal bases:

  • Contract Performance: Processing necessary for the performance of our contract with you (Terms of Service) when you use our platform.
  • Legitimate Interests: Processing necessary for our legitimate interests, such as to improve our services, prevent fraud, and ensure the security of our platform. We balance our interests against your rights and only process data based on legitimate interests where your rights don't override these interests.
  • Legal Obligation: Processing necessary to comply with our legal obligations.
  • Consent: Processing based on your specific consent, such as for marketing communications or for connecting third-party integrations like Facebook and Google.

International Data Transfers

Your data may be transferred to and processed in countries outside the EEA, UK, or Switzerland where we or our service providers operate. When transferring data internationally, we implement appropriate safeguards to ensure your data remains protected according to this privacy policy. These safeguards include:

  • Using European Commission approved Standard Contractual Clauses
  • Ensuring third-party service providers are certified under frameworks like the UK-US Data Privacy Framework
  • Implementing additional technical and organizational security measures to protect transferred data

You can request more information about these safeguards by contacting us.

Data Subject Rights Under GDPR

In addition to the rights listed above, as a data subject in the EEA, UK, or Switzerland, you have:

  • Right to Withdraw Consent: Where we process data based on consent, you can withdraw consent at any time.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where an alleged infringement of data protection law has occurred. In the UK, this is the Information Commissioner's Office (https://ico.org.uk).
  • Right Against Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

Automated Decision-Making

We do not engage in fully automated decision-making that has a legal or similarly significant effect on you. While we may use algorithms to optimize marketing campaigns and content, these processes are subject to human oversight and don't result in decisions with significant impacts on individuals.

Data Protection Impact Assessments

For processing operations that may result in high risk to your rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs) to identify and minimize data protection risks.

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected individuals without undue delay, as required by applicable law.

9. International Data Transfers

Our Services are operated in the United Kingdom. If you are located in another jurisdiction, please be aware that information you provide to us will be transferred to, stored, and processed in the UK and potentially in other countries where our service providers operate.

For transfers from the EEA, UK, or Switzerland to countries not deemed to provide an adequate level of data protection, we implement appropriate safeguards as described in our GDPR Compliance section. These safeguards are designed to ensure that your personal data receives an adequate level of protection in the countries to which it is transferred.

By using our Services, you consent to these international transfers of your personal data, but your consent is not the legal basis we rely on for EEA, UK, or Swiss data transfers. Instead, we use approved data transfer mechanisms such as Standard Contractual Clauses.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us.