Privacy Policy
Last updated: 18 de febrero de 2026
At Harmony, we take your privacy seriously. This policy describes what information we collect, how we use it, and your rights regarding your data.
1. Information We Collect
1.1 Information you provide
- —Account data: name, email address, and password when you register.
- —Profile information: job title, department, and company (optional).
- —Daily check-ins: responses about your emotional state, energy level, workload.
1.2 Automatically collected information
- —Usage data: check-in frequency, application usage patterns.
- —Technical data: IP address, browser type (for security purposes).
- —Cookies: essential cookies for app functionality. See our Cookie Policy.
2. How We Use Your Information
- —Calculate your wellbeing index and detect potential burnout signs.
- —Show your progress and trends over time.
- —Generate aggregated reports for your team (visible only to authorized managers).
- —Send personalized reminders and alerts based on your preferences.
3. How We Share Your Information
Within your organization
- —Managers: can see aggregated team metrics, NEVER identifiable individual data without your consent.
With third parties
We do NOT sell or share your personal data with third parties for marketing purposes.
4. Data Security
- —Encryption in transit (HTTPS/TLS) and at rest.
- —Passwords hashed with secure algorithms (bcrypt).
- —Two-factor authentication available.
5. Your Rights
- —Access: request a copy of all data we have about you.
- —Rectification: correct inaccurate or incomplete data.
- —Deletion: request deletion of your personal data.
- —Portability: receive your data in a structured, readable format.
- —Opposition: object to the processing of your personal data at any time.
- —Automated decisions: not be subject to decisions based solely on automated processing that produce legal effects on you.
To exercise these rights, contact: theharmonyapp@hotmail.com
If you believe your rights have not been properly addressed, you may file a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.
6. Subprocessors and Third-Party Services
We use the following third-party services to operate Harmony. Each processes data according to their own privacy policies:
| Service | Purpose | Data | Location |
|---|---|---|---|
| Stripe | Payments and subscriptions | Billing data | EU/US (SCC) |
| Cloudinary | Image storage | Profile photos, documents | EU |
| Vercel | Hosting | Access logs, IP | EU/US (SCC) |
| Neon | Database | All user data | EU (Frankfurt) |
| Upstash | Rate limiting and cache | IP, counters | EU |
| Resend | Transactional emails | Email, name | US (SCC) |
| Sentry | Error monitoring | Anonymized errors (no PII) | EU |
| Google Analytics | Web analytics | Anonymized data (with consent) | US (SCC) |
SCC = European Commission Standard Contractual Clauses for international data transfers.
7. Data Retention Periods
We retain your personal data only for as long as necessary for the purposes for which it was collected:
| Data type | Period | Justification |
|---|---|---|
| User account | While account is active + 30 days after deletion | Necessary for service provision |
| Check-ins and wellbeing | While account is active | Core service functionality |
| Psychologist sessions | 5 years after last session | Healthcare legal obligation |
| Billing data | 5 years | Spanish tax obligation |
| Security logs | 1 year | Security and fraud prevention |
| Session cookies | 7-30 days | Authentication |
| Anonymized data | Indefinite | Not personal data |
8. Security Breach Notification
In the event of a security breach affecting your personal data, we will notify you within a maximum of 72 hours in accordance with Article 33 of the GDPR.
Notification will be sent to the email address registered on your account.
You may also contact the AEPD (Spanish Data Protection Agency) to file a complaint at www.aepd.es.
9. Contact
Questions about this policy? Contact us at theharmonyapp@hotmail.com