Harbour

Privacy policy

What Harbour collects, where it lives, and who touches it — written to be read, not skimmed past. Last updated 10 July 2026.

Who we are

Harbour is operated by Launchpad Solutions ("we"). Harbour provides private AI workspaces to organizations ("your organization"); your organization controls its workspace and remains responsible for the information it puts there. Questions and requests: hello@launchpadsolutions.ca.

What we collect

Account information. Your name and email address, provided through Google sign-in. We never see or store a password.

Workspace content. The documents your organization uploads, the conversations your team has with the assistant, drafts, settings, and branding. This content belongs to your organization.

Usage records. Message counts, token counts, sign-in and administrative events (the audit trail), and feedback your team gives on answers. Administrators of your workspace can see usage numbers and flagged answers — not their colleagues' private conversations.

Billing details. Handled by Stripe. We never see or store card numbers.

We do not run advertising or analytics trackers, and we do not sell or rent personal information to anyone.

How we use it

To provide the service: answering your team's questions, grounding answers in your documents, showing administrators their workspace's activity, sending operational email (invites, weekly admin digests), and billing. That's the list.

Conversations and documents are processed by Claude, Anthropic's AI model, through the Anthropic API or Amazon Bedrock. Under both providers' commercial terms, your content is not used to train AI models.

Where it lives

Production workspaces run in AWS's Canadian region (ca-central-1, Montréal): the application, the database, uploaded documents, and model processing through Amazon Bedrock. Data residency details for your workspace are stated in your organization's Data Promise.

Who processes it for us

We use a small set of service providers, each only for what their name suggests: Amazon Web Services (hosting, storage, and model processing), Anthropic (the AI model, when not using Bedrock), Google (sign-in only), Stripe (payments), and Resend (operational email). We add a provider only when the product needs it, and this page changes when the list does.

How long we keep it

For as long as your organization's workspace is active. When your organization leaves, we export and/or permanently delete its data on request — documents, conversations, settings, all of it. Routine backups age out on a fixed schedule after deletion.

Your rights

Canadian privacy law (PIPEDA) gives you the right to access and correct personal information we hold about you. Write to us and we'll respond promptly. If your request concerns workspace content, we may route it through your organization's administrators, who control that workspace.

Security

Workspaces are isolated per organization and that isolation is tested on every release. Traffic is encrypted in transit; storage is encrypted at rest by our hosting providers. Access to production systems is limited to the people who operate the service.

Changes

If this policy changes in a way that matters, we'll tell workspace administrators directly — not bury it in a changelog.