Privacy policy

Version 2.0 · Effective 21 May 2026 · Last updated 21 May 2026

Please read this policy carefully before using our website or the Harriet platform.

This privacy policy (the "Policy") explains how Harriet collects and processes personal data when you use https://harriethq.com (and related domains, including legacy URLs that redirect to us), when you purchase or use Harriet products or services, or when you interact with us in other ways.

This Policy tells you about your privacy rights and how the law protects you. It applies to those visiting our website or using the Harriet platform and products (together, the "Platform").

For the purposes of applicable data protection legislation, the data controller is JustParent Ltd (company number 14338607), registered office at 17 Baalbec Road, London, N5 1QN, United Kingdom. Harriet is a trading name of JustParent Ltd ("Harriet", "us", "our" or "we").

Please note that this Policy does not apply to, or limit, our use or disclosure of non-personal information (information that does not relate to an identified or identifiable individual) we may collect via the Platform.

Related documents: Terms of use · Data Processing Addendum · Sub-processors · Cookie policy

When we act as controller vs processor

We process personal data in two main roles:

  • As controller — for example when we collect data from website visitors, customer administrators, billing contacts, trial sign-ups, event attendees, and marketing prospects. This Policy governs that processing.
  • As processor — when our customers' employees and other authorised users submit data through the Platform (for example in tickets, chats, knowledge-base content, or HRIS-synced records). In that case we process personal data only on our customer's instructions, as set out in our Data Processing Addendum. If you are an employee of one of our customers and want to exercise your data protection rights in relation to that data, please contact your employer in the first instance.

Information we may collect from you

We may collect and process the following data about you:

Information you give us. You may give us information by filling in forms on our Platform, when you log in, or by corresponding with us by phone, e-mail, chat, or otherwise. This includes information you provide when you use our services and when you report a problem. The information you give us will depend on the circumstances, but you will always know what information we are receiving. We may keep a record of that correspondence in accordance with our retention practices, for operational support, service improvement, and where required by law.

Information we collect about you. We may collect:

  • your contact details (phone number, address, email address);
  • technical information, including the Internet protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
  • information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Platform (including date and time); what you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouseovers), and methods used to browse away from the page.

Information we receive from other sources. We may receive information from third-party authentication providers (such as your email address). We may also receive information from business partners, service providers, and integration partners. If you use the Platform while working for one of our customers, we will receive information (such as your email address, to create an account for you) from that customer. If you work for an organisation, we may receive your name and contact details from partners who identify potential customers for our services (including attendees at events we sponsor).

AI and your data

Harriet uses artificial intelligence to power chat, ticketing assistance, workflow automation, and related features. To deliver those features, we send relevant Customer Data to third-party large language model (LLM) providers listed on our Sub-processors page. Those providers act as our sub-processors and process data only to provide the service, under our Data Processing Addendum and commercial API agreements.

Customer Data is not used to train Harriet's AI models, and we contractually require our LLM sub-processors not to use Customer Data to train their models. Providers may retain prompts and responses for a limited period for service delivery, abuse prevention, safety monitoring, and legal compliance, as permitted under their applicable terms.

We do not make solely automated decisions that produce legal or similarly significant effects concerning individuals. Material outputs that may affect a person's employment or access to services are designed to be reviewed by authorised human users (for example through our ticketing and approval workflows) before any consequential action is taken.

If you believe an automated suggestion materially affects you, you may contact us at privacy@harriethq.com to request human review.

Special category data

Tickets, chats, and documents uploaded to the Platform may incidentally contain special category personal data (for example health-related information in leave or absence requests). Where Harriet acts as processor, such data is processed solely on our customer's instructions and lawful basis. Customers are responsible for ensuring they have an appropriate lawful basis before submitting such data.

Cookies

Our Platform uses cookies and similar technologies. We use necessary cookies to operate the Platform, and — with your consent where required — analytics and marketing cookies.

For details of the cookies we use, their purposes, and how to manage your preferences, see our Cookie policy. You can also update your choices at any time using Update Cookie Preferences in the site footer.

Uses made of the information

We use information held about you in the following ways:

  • to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
  • to provide customer support;
  • to personalise your experience;
  • to contact you about your account;
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
  • to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about (see Marketing below);
  • to provide you with our newsletter, security updates and information about our Platform (where you have subscribed or where soft opt-in applies);
  • to notify you about changes to our services;
  • to administer our Platform and our services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to improve our Platform and our services and to ensure that content is presented in the most effective manner for you and for your device; and
  • as part of our efforts to keep our Platform safe and secure.

If you no longer wish to receive our newsletters, product updates, or other marketing communications, you may unsubscribe at any time using the link in the message or by contacting privacy@harriethq.com.

Marketing

  • Prospects and website visitors: we rely on your consent (or another valid legal basis) before sending promotional emails.
  • Existing customers: we may send you information about similar Harriet products and services under the soft opt-in rules, provided you can opt out at any time.

Sharing your information

We share personal information only with the categories of recipients listed below, on the legal bases set out in this Policy. We do not sell your personal information.

We may share your information with:

  • business partners, service providers and sub-contractors for the performance of any contract we enter into with them or you;
  • service providers acting as processors who provide IT, customer management, and system administration services (see our Sub-processors page);
  • analytics and search engine providers that assist us in the improvement and optimisation of our Platform; and
  • professional advisers, regulators, or law enforcement where required.

We may disclose your personal data in the following circumstances:

  • if we have your permission to do so;
  • third parties to whom we may choose to sell, transfer or merge parts of our business or our assets, or who may acquire us — in which case the new owners may use your personal data subject to the same protections set out in this Policy;
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of use and other agreements; or to protect the rights, property, or safety of Harriet, our users, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection; and
  • to third parties to market their products or services to you only if you have consented. We contractually require those third parties to keep personal data confidential and use it only for the purposes for which we disclose it to them.

Legal basis for processing personal data

We rely upon the following legal grounds as a basis for processing your personal data:

  • performing our obligations under a contract with you, or making pre-contract arrangements with you;
  • legal and regulatory compliance;
  • our legitimate business interests, and those of our customers — for example providing and improving the Harriet service; maintaining and improving the security and integrity of our Platform; minimising claims and financial losses; promoting the Platform and our brand; research and analytics; and sharing information with service providers who help power our operations; and
  • consent, where required — for example for non-essential cookies and certain marketing communications.

Where we store your personal data

All information you provide to us is stored on our secure servers or those of our service providers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Platform, you are responsible for keeping this password confidential.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Platform; any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorised access.

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including encryption of personal data in transit and at rest, access controls, and regular security testing. For current security certifications and controls, see our Trust Center.

International transfers

Harriet is an international business. Your personal data may be shared with service providers based outside the UK and the European Economic Area ("EEA"), including in the United States. Those countries may have data protection rules that differ from your own.

Whenever we transfer your personal data out of the UK and EEA, we ensure that a similar degree of protection is afforded to it by implementing appropriate safeguards, such as:

  • transfers to countries recognised as providing adequate protection by the UK Government or European Commission; and/or
  • the UK International Data Transfer Agreement (IDTA) and/or the EU Standard Contractual Clauses with the UK Addendum, and/or participation in the EU-US Data Privacy Framework where applicable.

See our Sub-processors page for destinations and mechanisms used for each provider. Contact us at privacy@harriethq.com if you want further information on the specific mechanism used for a transfer.

Data retention

We retain personal data only for as long as reasonably necessary to fulfil the purposes we collected it for, including to satisfy legal, regulatory, tax, accounting or reporting requirements. We may retain data for longer if there is a complaint or if we reasonably believe there is a prospect of dispute.

Category Typical retention
Customer account and billing data (controller) Life of the contract plus 12 months
Customer Data processed on behalf of customers (processor) Per customer instructions; default deletion within 30 days of contract termination unless law requires longer retention
Marketing contacts Until you unsubscribe, or 24 months of inactivity
Website and analytics logs Up to 13 months
Backups Rolling 30-day retention

Your rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. If you wish to exercise any of the rights below, contact us at privacy@harriethq.com. If we process your data as processor on behalf of your employer, we may redirect you to them.

You have the right to:

  • Access — receive a copy of the personal data we hold about you and check that we are lawfully processing it.
  • Rectification — have incomplete or inaccurate data corrected.
  • Erasure — ask us to delete personal data where there is no good reason for us to continue processing it, subject to legal exceptions we will explain if they apply.
  • Object — object to processing based on legitimate interests, or object to processing for direct marketing.
  • Restrict processing — ask us to suspend processing in certain scenarios (for example while accuracy is verified).
  • Data portability — receive automated data you provided to us in a structured, commonly used, machine-readable format, where applicable.
  • Withdraw consent — where we rely on consent, withdraw it at any time without affecting the lawfulness of prior processing.

No fee usually required

You will not usually have to pay a fee to access your personal data or exercise other rights. We may charge a reasonable fee or refuse requests that are clearly unfounded, repetitive or excessive.

What we may need from you

We may request information to confirm your identity before responding to a request.

Time limit to respond

We aim to respond to legitimate requests within one month. Complex or multiple requests may take longer; we will notify you if so.

Complaints

You have the right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority (www.ico.org.uk). We would appreciate the chance to address your concerns first at privacy@harriethq.com.

Children

The Platform is not directed at children under 16 and we do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us and we will delete it.

Stopping use of the Platform

If you want to stop using the Platform, you may do so through your account settings or by contacting us. You may also remove cookies we have placed on your device; see our Cookie policy.

Third party platforms

Our Platform may contain links to third-party websites. Those sites have their own privacy policies and we do not accept responsibility for them. Please review their policies before submitting personal data.

Changes to this Policy

We may update this Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Where appropriate, we will notify you by email or through the Platform.

Previous versions — version history will be published here as updates are made.

Contact

Questions, comments and requests regarding this Policy should be addressed to privacy@harriethq.com.

Postal address: JustParent Ltd, 17 Baalbec Road, London, N5 1QN, United Kingdom.