Legal

Privacy Policy

Last updated: June 2026

1. Who We Are

Harbor Masters Advisory LLC ("Harbor Masters Advisory", "we", "us", "our") is an AI management consulting firm. We operate the website harbormasters.ai and any services offered through it.

Data Controller: Harbor Masters Advisory LLC, Wyoming, United States.
Contact: [email protected]

2. What Data We Collect

We collect personal data only when you voluntarily provide it to us. This occurs when you:

• Submit the Master-Pilot Exchange contact form (name, email address, company, role, and a description of your passage)
• Submit the Pilot Register application form (name, email address, domain expertise, AI proficiency level, and credentials statement)

We do not use cookies. We do not use analytics tools. We do not use tracking pixels or any other passive data collection mechanism. We do not collect data from visitors who do not submit a form.

3. How We Use Your Data

Data collected through the contact form is used solely to respond to your enquiry and, where relevant, to conduct a Passage Readiness Assessment and associated advisory engagement.

Data collected through the Pilot Register application is used solely to assess your application for the Harbor Masters pilot network.

We do not use your data for marketing purposes without your explicit, separate consent. We do not sell, rent, or share your personal data with third parties for their own purposes.

4. Legal Basis for Processing (GDPR)

We process personal data on the basis of legitimate interest (GDPR Article 6(1)(f)): specifically, the legitimate interest in responding to enquiries submitted to us by individuals who have voluntarily reached out. We have assessed that this interest is not overridden by your rights and freedoms, given the limited nature of the data collected and the direct relationship between the data and the purpose.

Where we enter into an engagement agreement with you, processing may additionally be based on contract performance (GDPR Article 6(1)(b)).

5. Data Retention

Enquiry data is retained for 24 months from the date of last meaningful contact. After this period, data is deleted unless we have entered into an ongoing engagement agreement with you, in which case data is retained for the duration of the engagement plus 5 years for legal and accounting purposes.

You may request deletion of your data at any time (see Section 7).

6. Third Parties

We use the following third-party services in operating this website and handling your enquiry:

• Cloudflare, Inc. — website hosting and form request processing. Cloudflare processes HTTP requests made to this website, which includes your IP address and browser information. Cloudflare's privacy policy is available at cloudflare.com/privacypolicy.
• Resend, Inc. — email delivery service used to transmit your form submission to us. Resend processes the content of your form submission in order to deliver the email. Resend's privacy policy is available at resend.com/legal/privacy-policy.

This website does not load any resources from Google, Meta, or any other third-party platform. All fonts are self-hosted. No external scripts, analytics, or advertising technologies are used.

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right of access — you may request a copy of the personal data we hold about you.
• Right to rectification — you may request correction of inaccurate data.
• Right to erasure — you may request deletion of your data, subject to any legal retention obligations.
• Right to data portability — you may request your data in a structured, machine-readable format.
• Right to object — you may object to processing based on legitimate interest. We will cease processing unless we can demonstrate compelling legitimate grounds.
• Right to restrict processing — you may request that we restrict processing of your data in certain circumstances.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the supervisory authority in your country of residence. A list of EU supervisory authorities is available at edpb.europa.eu.

8. Security

Form submissions are transmitted over HTTPS and processed by Cloudflare Pages Functions within Cloudflare's infrastructure. We do not store form submission data in any database. Submissions are delivered to us by email and retained according to the retention policy in Section 5.

9. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be noted here.

10. Contact

For any questions about this privacy policy or our data practices, contact us at [email protected].