Privacy Policy

Last updated: March 2026

1. Introduction

YComplex Ltd (“we”, “us”, or “our”) operates Harmony, a project management platform available at harmony.ad. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our service.

By using Harmony, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect the following categories of information:

Account data

• Email address (provided via magic link sign-in or OAuth)
• Display name
• Avatar URL (provided by Google or GitHub when using OAuth sign-in)

Workspace and project data

• Tasks, descriptions, comments, and labels
• Epics, cycles, and milestones
• Custom fields, subtasks, and documents
• Any other content you create or upload within Harmony

Usage data

• Collected via PostHog, hosted on EU servers
• Includes page views, feature usage, and session duration
• Used to understand how the product is used and to improve it

Payment data

• Payment processing is handled by Stripe
• We do not store credit card numbers on our servers
• Stripe may collect billing name, address, and payment card details directly

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Harmony service
• Process payments and manage subscriptions
• Send transactional emails, including account verification, password resets, and workspace invitations
• Analyse product usage to improve features and user experience
• Respond to support requests and communications
• Comply with legal obligations

4. Data Storage and Security

Harmony is hosted on Supabase (PostgreSQL). We take the security of your data seriously and implement the following measures:

• All data is encrypted in transit using TLS
• Data is encrypted at rest
• Row Level Security (RLS) enforces workspace-level data isolation — users can only access data belonging to their workspaces
• API tokens are hashed before storage and are never stored in plain text

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

5. Cookies

We use cookies and similar tracking technologies to operate and improve Harmony. For full details, please see our Cookie Policy. In summary, we use:

• Authentication session cookies (Supabase) — essential for keeping you signed in
• Analytics cookies (PostHog) — used to understand product usage and improve Harmony

6. Third-Party Services

We use the following third-party services. Each service has its own privacy policy governing the data it receives:

• Supabase — database hosting and authentication; receives all workspace and account data stored in Harmony
• Stripe — payment processing; receives billing information and payment card details
• PostHog — product analytics hosted on EU servers; receives usage events and session data
• Google / GitHub — OAuth authentication; receives a request to verify your identity and provides your name, email, and avatar URL
• Resend — transactional email delivery; receives your email address and the content of transactional emails

7. Data Retention

We retain your data for as long as necessary to provide the service and comply with our legal obligations:

• Account data is retained while your account is active
• Upon account deletion, your data is deleted within 30 days
• Analytics data collected via PostHog is retained for 12 months

8. Your Rights (GDPR)

YComplex Ltd is a UK registered company. As such, we comply with the UK General Data Protection Regulation (UK GDPR). If you are in the UK or European Economic Area, you have the following rights in relation to your personal data:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate or incomplete data
• Right to erasure — request deletion of your personal data
• Right to restrict processing — request that we limit how we use your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing of your personal data in certain circumstances

To exercise any of these rights, please contact us at privacy@harmony.ad.

9. International Data Transfers

Your data may be processed in the European Union and the United States by our sub-processors, including Supabase and Stripe. Where data is transferred outside the UK or EEA, such transfers are governed by Standard Contractual Clauses or other appropriate safeguards as required by applicable data protection law.

10. Children’s Privacy

Harmony is not directed at or intended for use by anyone under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by sending an email to the address associated with your account or by posting a prominent notice within Harmony. We encourage you to review this policy periodically.

Continued use of Harmony after changes take effect constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

YComplex Ltd
Email: privacy@harmony.ad