Harlo

Privacy Policy

Last updated: 21 June 2026 · Effective date: 21 June 2026

This Privacy Policy explains how Harlo ("Harlo", "we", "us", or "our") collects, uses, shares, and protects personal information in connection with our AI voice and chat agent platform, websites, APIs, and related services (collectively, the "Services"). It applies to information we process as a business and, where applicable, distinguishes our role as a controller (for our own business and website) from our role as a processor/service provider (when handling data on behalf of our business customers).

Please note: This document is a template provided for convenience and does not constitute legal advice. Harlo should have this policy reviewed and adapted by qualified privacy counsel to reflect actual data practices and applicable laws (e.g., GDPR, UK GDPR, CCPA/CPRA, and sector-specific or call-recording rules) before publication.

Contents

  1. Our Role
  2. Information We Collect
  3. Voice, Chat & Recording Data
  4. How We Use Information
  5. Legal Bases
  6. How We Share Information
  7. Subprocessors & Integrations
  8. AI Processing
  9. Data Retention
  10. Security
  11. International Transfers
  12. Your Rights
  13. Children's Privacy
  14. Cookies & Tracking
  15. Changes to This Policy
  16. Contact Us

1. Our Role

When you visit our website, create an account, or communicate with us, Harlo acts as a controller of your personal information. When our business customers ("Customers") use the Services to operate AI agents that interact with their own end users ("End Users"), Harlo generally acts as a processor/service provider that handles personal information on the Customer's behalf and under their instructions. In that case, the Customer is the controller, and their own privacy notice governs how End User data is collected and used. End Users should direct requests about such data to the relevant Customer.

2. Information We Collect

CategoryExamples
Account & contact data Name, email, phone number, company, role, billing details, and login credentials.
Configuration data Tenant and agent settings, prompts, routing rules, integration credentials and secret references, and business information you provide.
Communications content Call audio, chat messages, transcripts, summaries, tool-invocation records, and metadata such as timestamps, phone numbers, channel, and call disposition.
Usage & device data Log data, IP address, browser/device identifiers, feature usage, and diagnostic events.
Billing & usage metering Call minutes, transcription seconds, character and token counts, and derived cost estimates.
Support data Information you provide when contacting us for support or sales.

3. Voice, Chat & Recording Data

The Services answer phone calls and conduct chat and audio conversations on behalf of Customers. Depending on Customer configuration and applicable law, we may process and store audio, transcripts, and AI-generated summaries of these interactions. Where call-recording features are enabled, recording may be consent-gated, and audio captured before consent is granted is not retained. Customers are responsible for configuring consent settings, providing legally required notices, and ensuring a lawful basis for recording, transcription, and analysis in all relevant jurisdictions.

4. How We Use Information

We do not sell personal information, and we do not use End User communications content to train general-purpose foundation models without appropriate authorization.

Where the GDPR or UK GDPR applies and Harlo acts as a controller, we rely on the following legal bases: performance of a contract (to provide the Services you request); legitimate interests (to secure, improve, and operate the Services, balanced against your rights); consent (where required, e.g., certain cookies or marketing); and compliance with legal obligations. Where Harlo acts as a processor, the Customer is responsible for establishing the appropriate legal basis for processing End User data.

6. How We Share Information

We share personal information only as needed to provide the Services and as described here:

7. Subprocessors & Integrations

We engage trusted third parties to deliver the Services, which may include:

Subprocessors are bound by contractual obligations to protect personal information and to process it only as instructed. A current list of subprocessors is available on request by emailing privacy@askharlo.ai.

8. AI Processing

The Services use automated speech recognition and large language models to understand and respond to conversations. Conversation content may be transmitted to model providers to generate responses and summaries. AI output may be inaccurate; it is not a substitute for professional advice. Decisions that produce legal or similarly significant effects should involve human review. Where applicable law grants rights regarding automated decision-making, you may exercise them as described below.

9. Data Retention

We retain personal information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods for call records, transcripts, and recordings are generally governed by Customer configuration and contractual terms. When Harlo acts as a processor, we delete or return Customer Data following termination, subject to a limited export and backup-expiry window. Where a Customer has not specified a retention period, our default is to retain call records, transcripts, and recordings for 12 months, after which they are deleted or de-identified, unless a longer period is required to comply with legal obligations, resolve disputes, or enforce our agreements.

10. Security

We implement technical and organizational measures designed to protect personal information, including encryption in transit, access controls, tenant isolation, secret management (storing pointers rather than secret values where possible), and logging that avoids capturing secret values. No system is perfectly secure, and we cannot guarantee absolute security. You are responsible for safeguarding your credentials and configuring your account securely.

11. International Transfers

Our platform and data are primarily hosted in the United States, and we and our subprocessors may process personal information there and in other countries where our service providers operate. Where we transfer personal data from the EEA, the UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (together with the UK International Data Transfer Addendum) or other lawful transfer mechanisms.

12. Your Rights

Depending on your location, you may have rights to access, correct, delete, or port your personal information; to object to or restrict certain processing; to withdraw consent; and to lodge a complaint with a supervisory authority. Residents of certain U.S. states may have rights to know, delete, correct, and opt out of "sale" or "sharing" and targeted advertising (we do not sell personal information). To exercise rights, contact us using the details below. Where Harlo processes data on a Customer's behalf, we will direct End User requests to, or assist, the relevant Customer.

13. Children's Privacy

The Services are not directed to children, and we do not knowingly collect personal information from children under the age defined by applicable law. If you believe a child has provided us personal information, please contact us so we can take appropriate action.

14. Cookies & Tracking

Our website and dashboards use cookies and similar technologies for authentication, preferences, security, and analytics. Essential cookies needed to operate the site are always active. For non-essential analytics cookies we ask for your consent first: when you visit our marketing site you'll see a consent banner, and analytics remain disabled until you choose "Accept." We implement this using Google Consent Mode, which keeps analytics storage denied by default until you opt in.

When you accept, we use the following website-analytics services:

You can withdraw consent at any time by clearing this site's stored data in your browser (which removes your saved choice and shows the banner again) or by adjusting your browser's cookie settings.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with a revised "Last updated" date and, for material changes, provide additional notice where required. Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.

16. Contact Us

For privacy questions or to exercise your rights, contact:

Harlo
Privacy: privacy@askharlo.ai
Our registered company name and postal address are available on request.