Privacy Policy

Last updated: October 9, 2025

This Privacy Policy explains how Harmix Inc. ("Harmix," "we," "us," "our") collects, uses, shares, and protects personal information when you visit our websites (including https://manager.harmix.ai) and when you join our waitlist or request a demo (together, the "Services").

If you do not agree with this Policy, please do not use the Services.

1. Who we are & how to contact us

Controller: Harmix Inc.

300 Delaware Avenue, Ste 210 #615, Wilmington, DE 19801, United States of America

Email: hey@harmix.ai

Phone: +1 437 772 4202

(We do not appoint an EU/UK representative at this time.)

2. What we collect

Information you provide to us

  • Contact & profile data: full name, email address.
  • Professional context: "What best describes you?" selection.
  • Preferences & tools: tools you use; optional "intended use case."
  • Communications: contents of messages you send us (e.g., waitlist/demo notes).

Information we collect automatically

  • Usage data: page views, clicks, element IDs/text, URLs, referrers, timestamps.
  • Technical data: IP address, approximate location inferred from IP, device & browser type/version, OS.
  • Cookies & similar technologies: We use Google Tag Manager (GTM) and Google Analytics (GA). GA sets cookies and similar technologies to measure and improve the Service. See Cookies below.

Information from third parties

Service providers: When you submit the waitlist/demo form, your data is stored in Supabase (our US-hosted database provider). We may receive derived metrics or logs from hosting, analytics, and security providers.

3. Why we process your information (legal bases)

PurposeExamplesLegal basis (GDPR)
Responding to requestsWaitlist confirmations, demo scheduling, onboardingConsent (form submission) and Contract (steps at your request)
Operating & improving the websiteDebugging, measuring engagement, preventing abuseLegitimate interests (operate, secure, improve)
Marketing communicationsProduct announcements, early-access invitesConsent (you can withdraw anytime)
Compliance & protectionEnforcing terms, legal obligations, securityLegal obligation and Legitimate interests

For visitors in the EEA/UK, analytics/marketing cookies (e.g., GA) are used only with your consent.

4. How we use your information

  • Provide and personalize the Services (including waitlist/demo flows).
  • Communicate with you (confirmations, updates, product news if you opt-in).
  • Analyze usage to improve content, usability, and performance (via GA).
  • Detect, prevent, and respond to fraud, abuse, and security incidents.
  • Comply with legal requirements.

5. Sharing your information

We do not sell your personal information.

We share personal information only with:

  • Processors/Service Providers acting on our behalf, under contract:
    • Supabase (database/storage of submissions; US-hosted).
    • Google Tag Manager & Google Analytics (tag management & analytics).
    • Hosting, security, logging, and email providers (as applicable).
  • Professional advisors (legal, accounting) under confidentiality.
  • Authorities where required by law or to protect rights and safety.
  • Business transfers (e.g., merger, acquisition), subject to this Policy.

We require processors to protect personal information and use it only as instructed.

6. International data transfers

We are based in the United States, and your information may be processed there and in other countries. Where required by law, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) for transfers from the EEA/UK to the US, along with technical and organizational measures.

7. Retention

  • Waitlist/demo data: retained until (i) you request deletion, or (ii) 24 months after your last interaction, unless we must keep it longer for legal reasons.
  • Operational logs & security records: typically up to 12 months unless needed longer for investigations.
  • Analytics data: retained according to GA settings (commonly 14 months, subject to our configuration).

We delete or anonymize data when it is no longer needed.

8. Your rights

EEA/UK (GDPR)

You may have the right to access, rectify, erase, restrict, object, data portability, and to withdraw consent at any time (without affecting prior processing). You may also lodge a complaint with your local supervisory authority.

California (CCPA/CPRA)

California residents may have rights to know/access, delete, correct, opt out of sale/share (we do not sell/share for cross-context behavioral advertising), and to non-discrimination.

To exercise rights: email hey@harmix.ai. We may need to verify your request.

9. Children's privacy

Our Services are not directed to children. We do not knowingly collect personal information from anyone under 16 (or the age required by local law). If you believe a child provided us data, contact us to delete it.

10. Security

We implement appropriate technical and organizational measures to protect personal information, including encryption in transit, access controls, and least-privilege practices with our processors. No system is 100% secure; please use strong passwords and notify us of any suspected breach.

11. Cookies & similar technologies

We use Google Tag Manager to load Google Analytics cookies and scripts.

Categories we use:

  • Strictly necessary: Required for basic site operations, security, and network management.
  • Analytics (Google Analytics): Helps us understand usage and improve the site. GA sets cookies and may collect IP address (we configure IP anonymization where available).
  • Marketing (if enabled in future): Measuring campaigns and personalization. We will update this Policy and our banner if enabled.

Consent: In the EEA/UK, we obtain your consent before activating analytics/marketing cookies. You can change your preferences at any time via our cookie banner (when available) or by adjusting browser settings.

Managing cookies: Most browsers allow you to refuse or delete cookies. Blocking cookies may impact site functionality. For GA opt-out, you can also use the Google Analytics Opt-out Browser Add-on.

Third parties used on the site now:

  • Google Tag Manager (tag management).
  • Google Analytics (analytics; cookies set).
  • Supabase (form data storage; no marketing cookies).

12. Third-party links

The site may contain links to third-party websites or services. We are not responsible for their privacy practices. Review their policies before providing personal information.

13. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date shows the latest revision. Substantial changes will be highlighted on the site or via email (if appropriate).