PRIVACY POLICY
Effective Date: June 15, 2026 Last Revised: June 15, 2026
Welcome, and thank you for visiting Harvest.
Daylight Labs Inc. ("Harvest," "we," "our," or "us") provides this Privacy Policy to explain our privacy and information practices for our websites that link to this Privacy Policy, including https://www.harvestapp.ai/, our Harvest web application and related software, tools, integrations, APIs, social media pages, events, and related services (collectively, the "Service").
This Privacy Policy describes the types of personal data we collect, how we use and disclose personal data, and your rights and choices regarding your personal data.
1. Scope of This Privacy Policy
This Privacy Policy applies to personal data that we collect and process in our role as a business or controller, such as personal data relating to website visitors, prospects, account users, customer representatives, support contacts, event attendees, and individuals who interact with our marketing or business operations.
This Privacy Policy does not apply to the extent we process personal data in the role of a processor or service provider on behalf of our customers, including where our customers connect, upload, or otherwise input personal data into the Service, such as advertising-account data, audiences, customer lists, conversion data, CRM records, ecommerce data, attribution data, or similar customer-controlled data. Our processing of that data is governed by our Terms of Service, any applicable data processing terms, and the instructions and privacy policies of the customer that controls the data. If you have questions about personal data controlled by one of our customers, please contact that customer directly.
Where we process connected-account data on behalf of a customer, we process it as a processor or service provider. Where we collect limited account, usage, billing, integration, or security metadata for our own account administration, security, billing, analytics, product improvement, or legal purposes, we process that information as described in this Privacy Policy.
If you have any questions about this Privacy Policy, please contact us at [email protected].
2. Personal Data We Collect
"Personal data" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an individual. Personal data does not include anonymous, de-identified, or aggregated information that cannot reasonably be linked to an individual.
We collect the following types of personal data.
2.1 Personal Data You Provide to Us
We collect personal data that you provide directly to us, including when you:
- visit our website;
- request information about Harvest;
- create or manage an account;
- use the Service;
- enter into a contract with us;
- communicate with us;
- submit support requests;
- attend or register for events;
- interact with our social media pages;
- provide feedback; or
- otherwise choose to provide information to us.
This personal data may include:
- name;
- employer or company;
- business title or role;
- work email address;
- personal email address if you provide it;
- telephone number;
- account credentials;
- billing contact information;
- payment-related information;
- communications with us;
- support requests;
- preferences;
- event registration information;
- account settings;
- configuration information;
- instructions and inputs you submit through your account;
- limited metadata from connected accounts, where processed by Harvest for our own account administration, security, billing, analytics, or service-improvement purposes.
Payment-card details may be collected and processed by our third-party payment processors. We do not intentionally store full payment-card numbers unless expressly stated at the point of collection.
Personal data that you connect, upload, or authorize us to access for the operation of your advertising campaigns is processed on your behalf as described in Section 1 and is generally not covered by this Privacy Policy.
2.2 Personal Data We Receive from Third Parties
We may collect personal data about you from third parties, affiliates, service providers, business partners, publicly available sources, marketing providers, event partners, and connected services.
This personal data may include:
- contact information;
- professional information;
- company information;
- social media or professional profile information;
- commercial information;
- limited connected-account metadata;
- marketing preferences;
- inferences about your interests or business needs.
We may combine this information with personal data that you provide to us.
If your brand has a Shopify storefront, we crawl its public product catalog at your direction during brand onboarding to collect product titles, descriptions, prices, and images. This data is stored in our Service and used to help the AI agent understand your product offerings.
To provide competitor research features, we query the Meta Ad Library on your behalf using third-party services. We submit brand names and Facebook Page IDs to retrieve metadata about competitor ads, including headlines, copy, call-to-action text, landing pages, and creative previews. No personal data about you or your end customers is included in these queries.
2.3 Personal Data We Automatically Collect
When you use the Service, we may automatically collect information about your device, browser, network, and usage of the Service.
This information may include:
- IP address;
- approximate location derived from IP address;
- device type;
- browser type;
- operating system;
- network information;
- time zone;
- device identifiers;
- referring and exit pages;
- pages viewed;
- features used;
- links clicked;
- dates and times of access;
- log data;
- usage data;
- telemetry data;
- error reports;
- security and authentication information.
2.4 Cookies, Pixels, and Similar Technologies
We use cookies, pixels, web beacons, tags, SDKs, local storage, and similar technologies to operate the Service, remember preferences, understand website usage, measure performance, improve the Service, secure the Service, and market Harvest.
We may use analytics and advertising technologies, including pixels and cookies, to understand website usage, measure the effectiveness of our campaigns, improve our products and services, and advertise Harvest on third-party websites and services.
You can manage cookies through your browser settings and, where available, through our cookie banner, cookie preference center, or "Your Privacy Choices" link. If you disable cookies, some features of the Service may not function properly.
3. How We Use Personal Data
We use personal data for the following business and commercial purposes.
3.1 To Provide and Operate the Service
We use personal data to:
- provide, operate, and maintain the Service;
- create and manage accounts;
- authenticate users;
- provide requested information;
- process transactions;
- provide customer support;
- send administrative messages;
- manage contracts and business relationships;
- make features and integrations available;
- troubleshoot and debug the Service.
3.2 To Manage User Registrations and Accounts
If you register for an account, we use personal data to manage your account, provide access to the Service, manage permissions, administer billing, support account security, and perform our contract with you or your organization.
3.3 To Contact You
We may use personal data to contact you about the Service, including product updates, security alerts, billing notices, support matters, policy changes, and other administrative information.
We may also use personal data to send marketing communications, newsletters, product announcements, event invitations, or other information we believe may be of interest to you. You may opt out of marketing emails at any time by following the unsubscribe instructions in those emails or by contacting us.
3.4 To Manage Payments
We use personal data to process payments, verify billing information, manage invoices, prevent payment fraud, collect amounts owed, and perform our contract with you.
3.5 To Plan and Manage Events
If you register for or attend an event, we may use personal data to manage registration, attendance, communications, billing, event logistics, and follow-up communications.
3.6 For Security, Fraud Prevention, Legal Compliance, and Investigations
We use personal data to:
- protect the Service;
- prevent, detect, and investigate fraud, abuse, security incidents, and illegal activity;
- enforce our agreements and policies;
- comply with legal obligations;
- respond to legal process;
- protect the rights, property, safety, and interests of Harvest, our users, customers, service providers, and others;
- support audits, compliance, and risk management;
- share information in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar business transaction.
3.7 To Improve and Develop the Service
We use personal data to:
- diagnose technical problems;
- understand usage of the Service;
- improve products and features;
- develop new products and features;
- analyze trends;
- measure performance;
- conduct research;
- improve customer experience.
We may use aggregated, anonymized, or de-identified data for analytics, benchmarking, research, product improvement, and the training and improvement of machine-learning and artificial-intelligence systems. We do not use personal data that identifies you or any individual to train or improve generally available, cross-customer artificial-intelligence or machine-learning models except in de-identified or aggregated form or as otherwise permitted by applicable law.
3.8 To Personalize and Market the Service
We may use personal data to personalize your experience on our websites and to present content, products, features, or advertising that may be relevant to you.
We and our service providers may use website tracking technologies to display ads for Harvest on third-party websites and services and to measure the effectiveness of those ads. Where required by law, we will provide choices regarding these activities.
3.9 Automated Decision-Making
We do not use personal data to engage in solely automated decision-making that produces legal or similarly significant effects concerning you. Where we use automated tools to support analytics, security, or personalization, we apply appropriate safeguards and, where required by applicable law, provide the choices described in Section 6.
4. Legal Bases for Processing
Where required by applicable law, we rely on one or more legal bases to process personal data, including:
- performance of a contract;
- our legitimate interests;
- your consent;
- compliance with legal obligations;
- protection of rights, safety, and security;
- other legal bases permitted by applicable law.
Where we rely on consent, you may withdraw consent at any time, subject to legal or contractual restrictions.
5. How We Share Personal Data
We may share personal data as described below.
5.1 Affiliates and Service Providers
We may share personal data with our affiliates and third-party service providers that perform services on our behalf, such as:
- hosting and infrastructure;
- IT and security;
- customer support;
- email delivery;
- payment processing;
- analytics;
- marketing operations;
- customer relationship management;
- event management;
- data management;
- artificial-intelligence and machine-learning infrastructure;
- professional services.
These service providers are authorized to use personal data only as necessary to provide services to us or as otherwise permitted by law.
5.2 AI and Connected-Platform Providers
In operating the Service, we use AI services provided by Anthropic and Google, and may transmit limited information to other artificial-intelligence, machine-learning, infrastructure, hosting, analytics, security, and other technical providers that help us operate, secure, support, and improve the Service.
At your or your organization's direction, we may also transmit information to advertising platforms and other third-party services that you or your organization connect or authorize. If you connect a Meta, Facebook, Instagram, or other advertising-platform account to the Service, we may access and process information made available through that platform only as authorized by you or your organization and as necessary to provide the Service.
Information shared with AI or machine-learning providers in connection with our own website, marketing, and product operations may include account identifiers, inputs or prompts you submit, outputs generated by the Service, and related metadata. We impose obligations on these providers to protect the information and use it only to provide services to us.
5.3 Advertising, Analytics, and Measurement Partners
We may share personal data with advertising, analytics, and measurement partners to help us understand website usage, measure our marketing, and advertise Harvest on third-party websites and services.
This may include online identifiers, IP address, device information, browsing activity, and information about your interactions with our website or ads.
We do not sell your personal data for money. However, depending on the cookies, pixels, and advertising technologies used on our website, certain disclosures of online identifiers and browsing activity may be considered a "sale," "sharing," targeted advertising, or cross-context behavioral advertising under some privacy laws. You may exercise choices regarding this activity as described in the "Your Privacy Rights and Choices" and "California Specific Disclosures" sections below.
5.4 Legal, Safety, and Compliance Disclosures
We may share personal data if we believe disclosure is necessary or appropriate to:
- comply with applicable law;
- respond to subpoenas, court orders, legal process, or government requests;
- exercise or defend legal claims;
- enforce our Terms of Service or other agreements;
- investigate fraud, security issues, or illegal activity;
- protect the rights, property, interests, or safety of Harvest, our users, customers, service providers, or others.
5.5 Business Transfers
We may share or transfer personal data in connection with an actual or potential merger, acquisition, financing, reorganization, bankruptcy, sale of company assets, or similar corporate transaction.
5.6 With Your Consent or Direction
We may share personal data with your consent or at your direction.
6. Your Privacy Rights and Choices
Depending on where you live and subject to applicable law, you may have certain rights regarding your personal data.
These rights may include the right to:
- access personal data we hold about you;
- obtain a copy of your personal data;
- correct inaccurate personal data;
- delete personal data;
- restrict or object to certain processing;
- withdraw consent where processing is based on consent;
- request data portability;
- opt out of the sale or sharing of personal data;
- opt out of targeted advertising or cross-context behavioral advertising;
- opt out of certain profiling or automated decision-making, where applicable;
- limit the use or disclosure of sensitive personal information, where applicable;
- appeal a decision we make about your privacy request, where applicable;
- not receive discriminatory treatment for exercising privacy rights.
These rights are not absolute and may be subject to limitations or exemptions under applicable law.
6.1 How to Exercise Your Rights
To exercise your privacy rights, contact us at [email protected].
You may use an authorized agent to submit a request on your behalf, subject to verification and any requirements under applicable law.
We may need to verify your identity before fulfilling your request. If we cannot verify your identity or if an exception applies, we may deny the request in whole or in part. If we deny your request, we will explain why, where required by law.
6.2 Data Deletion Requests
You may request deletion of personal data that Harvest controls by contacting us at [email protected] with the subject line "Data Deletion Request." You may also delete your account directly through the Service, which will permanently delete your account and all associated data, including brands, campaigns, creative assets, and conversation history.
If you use Facebook, Instagram, Meta, or another third-party platform to connect to or authorize the Service, you may also request deletion of data associated with that connection through the settings or tools provided by that platform. For Meta apps, you may request deletion through your Facebook account settings by going to Settings & Privacy > Settings > Apps and Websites and selecting the applicable app.
When we receive a valid deletion request, we will delete or de-identify personal data that we control, unless we are required or permitted to retain it for legal, security, fraud-prevention, compliance, billing, dispute-resolution, backup, or other legitimate purposes.
If we process personal data on behalf of one of our customers as a processor or service provider, we may refer your request to that customer or act on that customer's instructions, as applicable.
6.3 Appeals
If applicable law gives you the right to appeal our decision regarding a privacy request, you may submit an appeal by contacting us at [email protected] and including "Privacy Appeal" in the subject line. We will respond to appeals as required by applicable law.
6.4 Marketing Communications
You may opt out of marketing emails by using the unsubscribe link in the email or by contacting us. Even if you opt out of marketing communications, we may still send administrative, transactional, security, legal, or account-related messages.
6.5 Cookie Choices
We use a single authentication cookie to operate the Service. You may disable cookies through your browser settings, but doing so will prevent you from logging in.
6.6 Global Privacy Control and Opt-Out Preference Signals
Some browsers and devices allow you to broadcast an opt-out preference signal, such as the Global Privacy Control. Where we recognize such a signal and are required to honor it, we will treat it as a valid request to opt out of the sale or sharing of personal data for the applicable browser or device.
7. International Data Transfers
Your personal data may be stored and processed in the United States and in other countries where we, our affiliates, service providers, or partners maintain facilities, personnel, or infrastructure.
When we transfer personal data internationally, we follow applicable data protection laws. Where required, we may rely on appropriate safeguards, such as the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, Swiss transfer amendments, adequacy decisions, or other lawful transfer mechanisms.
You may contact us at [email protected] if you have questions about international transfers.
If you are located in the European Economic Area, United Kingdom, or Switzerland, you may have the right to lodge a complaint with your local data protection authority.
8. Data Retention
We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
The criteria we use to determine retention periods include:
- the length of time we have an ongoing relationship with you or your organization;
- the nature of the personal data;
- the purposes for which we process the personal data;
- whether we have a legal obligation to retain the personal data;
- whether retention is advisable in light of our legal position;
- security, fraud-prevention, audit, tax, accounting, and compliance needs;
- backup and disaster-recovery requirements.
Chat and conversation history, including your messages to the AI agent and the agent's responses, is retained for the life of your account. You may delete individual chats through the Service.
We may retain aggregated, anonymized, or de-identified data in accordance with applicable law.
9. Security
We use technical, administrative, and organizational safeguards designed to protect personal data. However, no method of transmission, processing, or storage is completely secure.
You are responsible for maintaining the security of your own accounts, devices, credentials, permissions, systems, connected services, and networks.
If you believe your account or information has been compromised, please contact us promptly at [email protected].
10. Children's Privacy
The Service is not directed to children under the age of 16. We do not knowingly collect personal data from children under the age of 16. We do not knowingly sell or share the personal information of consumers under the age of 16.
If you believe that a child has provided personal data to us, please contact us at [email protected], and we will take appropriate steps to investigate and address the matter.
11. Third-Party Websites and Services
This Privacy Policy does not apply to websites, applications, platforms, or services offered by third parties, including any third-party advertising platform, analytics tool, ecommerce platform, payment processor, CRM, attribution tool, or other third-party service you connect to or use with the Service.
We encourage you to review the privacy policies and terms of any third-party website, application, or service before providing personal data or connecting that service to Harvest.
12. California Specific Disclosures
This section provides additional information for California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and related regulations.
12.1 California Privacy Rights
California residents may have the right to:
- know what personal information we collect, use, disclose, sell, or share;
- access personal information;
- correct inaccurate personal information;
- delete personal information;
- opt out of the sale or sharing of personal information;
- limit the use and disclosure of sensitive personal information, where applicable;
- not receive discriminatory treatment for exercising privacy rights.
We do not sell personal information for money. Depending on the cookies, pixels, and advertising technologies used on our website, certain disclosures of online identifiers and browsing activity may be considered "sharing" or a "sale" under California law.
You may exercise your California privacy rights by contacting us at [email protected].
12.2 Categories of Personal Information We Collect and Disclose
This Privacy Policy, including the table in this Section 12.2, also serves as our notice at collection under California law. The table below describes the categories of personal information we may collect, the sources of that information, the purposes for which we use it, the categories of third parties to whom we may disclose it, and whether we may sell or share it under California law.
| Category of Personal Information | Examples | Sources | Business or Commercial Purposes | Disclosed To | Sold or Shared? |
|---|---|---|---|---|---|
| Identifiers | Name, email address, phone number, IP address, account identifiers, device identifiers | You, your organization, third parties, automatic collection | Provide the Service, manage accounts, communicate, security, billing, marketing, analytics | Service providers, affiliates, connected services at your direction | No |
| Customer Records Information | Contact details, billing contact information, account information, payment-related information | You, your organization, payment processors | Billing, account administration, support, legal compliance | Service providers, payment processors, affiliates | No |
| Commercial Information | Products or services purchased, subscription information, transaction history, business relationship information | You, your organization, payment processors, CRM tools | Provide the Service, billing, support, analytics, marketing | Service providers, affiliates | No |
| Internet or Electronic Network Activity | Website usage, pages viewed, links clicked, log data, cookie data, interactions with ads or emails | Automatic collection | Website analytics, security, product improvement | Service providers | No |
| Approximate Geolocation | Approximate location derived from IP address | Automatic collection | Security, analytics, localization, fraud prevention | Service providers | No |
| Professional or Employment-Related Information | Employer, title, role, company, business contact details | You, your organization, third parties, public sources | Sales, support, account management, marketing, business operations | Service providers, affiliates | No |
| Inferences | Business interests, product interests, marketing preferences, likely needs | Usage data, website interactions, third-party sources | Personalization, marketing, analytics, product improvement | Service providers | No |
| Account Credentials | Login credentials, authentication information, tokens, access logs | You, your organization, authentication systems | Account access, authentication, security, fraud prevention | Service providers, security providers | No |
| Sensitive Personal Information | Account credentials; payment-related information; other sensitive information only if provided or required | You, your organization, payment processors | Security, account access, payment processing, legal compliance | Service providers, payment processors, security providers | No |
We do not use or disclose sensitive personal information for purposes that would require a right to limit under California law, unless we provide you with the required notice and choice.
12.3 Retention of California Personal Information
We retain each category of personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. See Section 8 for more information.
12.4 Shine the Light
California Civil Code Section 1798.83 permits California residents who have an established business relationship with us to request information about certain disclosures of personal information to third parties for their direct marketing purposes.
To make such a request, contact us at [email protected].
12.5 Do Not Track
Some browsers transmit "Do Not Track" signals. There is no uniform standard for how to respond to Do Not Track signals, and we do not currently respond to them. Where required by applicable law, we honor recognized opt-out preference signals such as Global Privacy Control as described in Section 6.5.
12.6 Financial Incentives
We do not offer financial incentives or price or service differences in exchange for the collection, sale, or sharing of personal information.
13. Other U.S. State Privacy Rights
Residents of certain U.S. states may have additional privacy rights under applicable state privacy laws, including rights to access, correct, delete, obtain a copy of personal data, opt out of targeted advertising, opt out of the sale of personal data, opt out of certain profiling, and appeal privacy-request decisions.
You may exercise these rights by contacting us at [email protected]. We will respond as required by applicable law.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide notice as required by law, which may include updating the effective date, posting notice on our website, or sending an email or in-Service notice.
Your continued use of the Service after an updated Privacy Policy becomes effective means that you acknowledge the updated Privacy Policy.
15. Contact Us
If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us at:
Attn: Legal & Compliance – Privacy Daylight Labs Inc. ("Harvest") 3131 McKinney Ave. Suite 502 PMB 75291 Dallas, TX 75204-2426 [email protected]