Legal
Data Protection Policy
Last updated: April 2, 2026
1. Who We Are
HARi CRM is operated by Blackdurian Limited, Hong Kong. We act as data controller for your account information and as data processor for data you store in HARi CRM (contacts, deals, etc.) — you are the data controller for that data. We do not rent or sell your data.
2. Data We Collect
Identity
Name, company name
Contact
Email, phone number
Financial
Payment details (via Stripe)
Technical
IP, browser, OS, device
Usage
Features used, session data
Profile
Settings, preferences, language
We do not collect sensitive personal data (race, religion, health). If you store such data, you are responsible for ensuring appropriate legal basis.
3. Service Providers
| Provider | Location | Purpose |
|---|---|---|
| OVHcloud | France (EU) | Hosting |
| Stripe | International | Payments |
| x.ai | International | AI features |
| Plunk / Resend | International | Email delivery |
All providers are bound by data processing agreements.
4. Security Measures
Encryption
TLS in transit, bcrypt for passwords
Isolation
Database-per-tenant architecture
Access Control
Role-based permissions, least privilege
Backups
Daily automated, encrypted storage
5. Data Retention
| Data | Retention |
|---|---|
| Active accounts | Duration of subscription |
| After closure | 30 days, then deleted |
| Billing records | 7 years (HK tax law) |
| Server logs | 90 days |
6. Your Rights
Under GDPR (EU) and PDPO (Hong Kong), you may: access your data, rectify inaccuracies, erase your data, object to processing, restrict processing, request data portability, and withdraw consent for marketing. We respond within 30 days at no charge.
7. International Transfers
Data is primarily stored in France (EU). When transferred outside the EU, we implement safeguards including standard contractual clauses and selection of processors in jurisdictions with adequate protection.
Questions about data protection? Contact hello@haricrm.com
HARi CRM is a product of Blackdurian Limited, Hong Kong.