Legal
Privacy Policy
Last updated: April 2, 2026
Blackdurian Limited ("we", "us") is committed to protecting your privacy. This policy explains how we collect, use, and protect personal data when you use HARi CRM and visit our websites. Data Controller: Blackdurian Limited, Hong Kong.
1. Information We Collect
Information You Provide
Account data (name, email, company, password), billing data (card details via Stripe), and business data (contacts, deals, tasks you create).
Collected Automatically
Technical data (IP, browser, OS), usage data (pages visited, features used, session duration), and device data (screen size, language).
From Third Parties
AI enrichment via x.ai (when you trigger it), email metadata from Gmail/Outlook (when you connect).
2. How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Provide and operate HARi CRM | Contract |
| Process payments | Contract |
| Send service notifications | Legitimate interest |
| Improve our services | Legitimate interest |
| Prevent fraud and abuse | Legitimate interest |
| Legal and regulatory compliance | Legal obligation |
We do not sell your data. We do not use your business data for any purpose other than providing the Services to you.
3. Data Sharing
| Provider | Purpose |
|---|---|
| OVHcloud (France) | Server hosting |
| Stripe | Payment processing |
| x.ai | AI features (on-demand) |
| Plunk / Resend | Transactional email |
We do not share data with advertising networks or data brokers.
4. Security and Storage
Your data is stored on servers operated by OVHcloud in France (EU). We implement encryption in transit (TLS), password hashing (bcrypt), database-per-tenant isolation, role-based access control, and regular automated backups.
5. Data Retention
| Data | Retention |
|---|---|
| Active accounts | Duration of subscription |
| After cancellation | 30 days, then deleted |
| Billing records | 7 years (HK tax law) |
| Server logs | 90 days |
6. Cookies
HARi CRM uses minimal essential cookies: access_token (auth session, 1 hour), hari_theme (light/dark preference), hari_locale (language). We do not use third-party tracking cookies or Google Analytics in the application.
7. Your Rights
Depending on your location, you may access, correct, delete, export your data, object to processing, or withdraw consent for marketing. Contact us or use Settings > Data Privacy in your workspace.
EU residents may file complaints with their local data protection authority. Hong Kong residents may contact the PCPD at pcpd.org.hk.
8. International Transfers
Your data may be processed outside your country of residence. When transferring data outside the EU, we implement appropriate safeguards including standard contractual clauses.
Questions about privacy? Contact hello@haricrm.com
HARi CRM is a product of Blackdurian Limited, Hong Kong.