Privacy Policy
Last updated: January 2025
Scope and Application
This Privacy Policy describes how HarborTrust Inc. ("HarborTrust," "we," "us," or "our") collects, uses, shares, and protects personal information obtained through our trust-as-a-service platform, website, APIs, and related services (collectively, the "Services"). This policy applies to marketplace operators, sellers, buyers, and visitors who interact with our Services.
By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our practices, please do not use our Services.
Information We Collect
We collect various types of information to provide and improve our Services, including information you provide directly, information collected automatically, and information from third-party sources.
Identity and Verification Data: For seller verification purposes, we collect full legal names, business registration numbers, tax identification numbers, government-issued identification documents, proof of address, beneficial ownership information, and authorized representative details. This information is essential for KYC (Know Your Customer) and AML (Anti-Money Laundering) compliance.
Transaction and Financial Data: We process payment information including bank account details, payment card information (through PCI-DSS compliant processors), transaction histories, escrow account balances, payment disputes, refund records, and chargeback data necessary for secure escrow services.
Technical and Usage Information: Our systems automatically collect IP addresses, device identifiers, browser types and versions, operating systems, referring URLs, page views, click patterns, session duration, API usage logs, and performance metrics to ensure service reliability and security.
Communication Records: We retain records of your communications with us, including support tickets, email correspondence, dispute submissions, verification inquiries, and feedback provided through our platform.
How We Use Your Information
HarborTrust uses collected information for specific, legitimate business purposes aligned with providing trust infrastructure for marketplace platforms.
Service Delivery and Operations: We use your information to process identity verifications, facilitate secure escrow transactions, score fraud risk in real-time, manage dispute resolution workflows, generate trust badges for verified sellers, provide merchant dashboard analytics, and deliver API services to integrated marketplaces.
Security and Fraud Prevention: Your data enables us to detect and prevent fraudulent activities, monitor suspicious transaction patterns, verify the authenticity of identification documents, assess seller and buyer risk profiles, investigate security incidents, and comply with legal obligations under Japanese financial regulations.
Service Improvement and Analytics: We analyze usage patterns to improve our fraud detection algorithms, enhance user experience across our platform, develop new trust verification features, optimize API performance and reliability, and generate anonymized industry insights for marketplace operators.
Communications and Support: We use contact information to respond to inquiries, provide technical support, send service notifications, deliver important account updates, share regulatory compliance information, and communicate changes to our terms or policies.
Information Sharing and Disclosure
We share personal information only when necessary to provide our Services, comply with legal obligations, or with your explicit consent. We do not sell personal information to third parties.
Marketplace Partners: We share verification status, trust scores, and relevant transaction data with marketplace operators who integrate our Services. This includes identity verification results, fraud risk assessments, dispute outcomes, and trust badge qualifications necessary for marketplace operations.
Service Providers: We engage trusted third-party service providers for identity verification services, payment processing infrastructure, cloud hosting and data storage, customer support platforms, email delivery services, and analytics tools. These providers are contractually obligated to protect your data and use it only for specified purposes.
Legal and Regulatory Requirements: We disclose information when required by Japanese law, in response to valid legal processes such as court orders or subpoenas, to government authorities for tax or regulatory compliance, to protect rights and property of HarborTrust or others, to detect and prevent fraud or security threats, and in connection with investigations of illegal activity.
Business Transfers: In the event of a merger, acquisition, restructuring, or sale of assets, personal information may be transferred to successor entities, subject to the same privacy protections outlined in this policy.
Data Retention and Storage
We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, and resolve disputes. Retention periods vary based on data type and regulatory requirements.
Identity Verification Records: We retain verification documents and identity information for a minimum of seven years following account closure or transaction completion, in accordance with Japanese AML regulations and financial record-keeping requirements.
Transaction and Financial Data: Escrow transaction records, payment histories, and related financial information are retained for ten years to comply with tax laws, support audit requirements, and facilitate dispute resolution or legal proceedings.
Technical Logs and Analytics: System logs, API usage data, and security monitoring records are typically retained for 90 days to two years depending on data type, business needs, and security investigation requirements.
Data Storage: All personal information is stored on secure servers located within Japan to ensure compliance with data residency requirements under Japanese privacy laws. We employ industry-standard encryption, access controls, and security monitoring to protect stored data.
International Data Transfers
While our primary data infrastructure is located in Japan, certain service providers may process data in other jurisdictions. We ensure all international transfers comply with applicable data protection laws.
For transfers outside Japan, we implement appropriate safeguards including Standard Contractual Clauses approved by relevant data protection authorities, adequacy decisions recognizing equivalent privacy protections, and explicit consent when required by law. We maintain transparency about transfer mechanisms and destination countries upon request.
Security Measures and Safeguards
HarborTrust implements comprehensive technical, physical, and administrative security measures to protect personal information from unauthorized access, disclosure, alteration, and destruction.
Technical Controls: We employ TLS/SSL encryption for data in transit, AES-256 encryption for data at rest, multi-factor authentication for system access, regular security vulnerability assessments, intrusion detection and prevention systems, automated security monitoring and alerting, and secure API authentication protocols.
Access Controls: Access to personal information is restricted to authorized personnel on a need-to-know basis, with role-based permissions, mandatory security training for all employees, strict background checks for staff handling sensitive data, regular access reviews and revocations, and comprehensive audit trails of data access.
Incident Response: We maintain an incident response plan to quickly detect, investigate, and respond to security breaches. In the event of a data breach affecting personal information, we will notify affected individuals and relevant authorities as required by Japanese law.
Your Rights and Choices
Under Japanese privacy law and our commitment to data protection, you have certain rights regarding your personal information.
Access and Portability: You may request access to the personal information we hold about you and receive a copy in a structured, commonly used format. We will provide this information within 30 days of a verified request.
Correction and Updates: You have the right to correct inaccurate or incomplete personal information. You can update certain information directly through your account settings or by contacting our support team.
Deletion and Erasure: You may request deletion of your personal information, subject to legal retention obligations and legitimate business interests. We will honor deletion requests within applicable regulatory constraints.
Objection and Restriction: You can object to certain processing activities or request restriction of processing under specific circumstances, such as when disputing data accuracy or contesting legitimate interests.
Withdrawal of Consent: Where processing is based on consent, you may withdraw that consent at any time. This will not affect the lawfulness of processing conducted before withdrawal.
To exercise these rights, please contact us at privacy@morenford.com. We will respond to verified requests within the timeframe required by applicable law.
Cookie Usage and Tracking Technologies
We use cookies and similar tracking technologies to enhance user experience, analyze usage patterns, and maintain security. For detailed information about our cookie practices, please review our Cookie Policy.
You can control cookie preferences through your browser settings and our cookie consent banner. Disabling certain cookies may limit functionality of our Services.
Children's Privacy Protection
Our Services are designed for business users and are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete that information.
Marketplace operators integrating our Services are responsible for ensuring compliance with age restrictions and obtaining appropriate parental consent where required by law.
Third-Party Links and Services
Our Services may contain links to third-party websites, applications, or services not operated by HarborTrust. We are not responsible for the privacy practices of these external parties. We encourage you to review the privacy policies of any third-party services you access.
Marketplace operators who integrate our Services maintain separate privacy policies governing their collection and use of personal information. We recommend reviewing those policies to understand how your data is handled.
Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, Services, legal requirements, or business operations. We will notify you of material changes by posting the updated policy on our website with a revised "Last Updated" date and, where appropriate, through email or in-app notifications.
Your continued use of our Services following the posting of changes constitutes acceptance of those changes. We encourage you to review this policy regularly to stay informed about our privacy practices.
Regulatory Compliance and Oversight
HarborTrust complies with Japanese privacy laws, including the Act on the Protection of Personal Information (APPI), as well as relevant financial regulations governing identity verification, transaction monitoring, and data protection.
We cooperate with regulatory authorities and supervisory bodies in accordance with legal requirements. If you have concerns about our privacy practices, you have the right to lodge a complaint with the Personal Information Protection Commission in Japan.
Data Protection Officer and Contact Information
For questions, concerns, or requests related to this Privacy Policy or our data protection practices, please contact our Data Protection Officer:
Email: privacy@morenford.com
Phone: +81 45-947-0331
Postal Address: HarborTrust Inc., 3 Chome-22-2 Nakamachidai, Tsuzuki Ward, Yokohama, Kanagawa 224-0041, Japan
We will respond to all inquiries within 30 days and work diligently to address your concerns in accordance with applicable privacy laws.