Privacy policy.

TL;DR

Harbor is a workspace-scoped MCP control plane operated by Zonko Labs Private Limited. We collect the minimum data needed to run the service: account info, workspace configuration, OAuth tokens for connected services, run and audit metadata, and operational telemetry. Credentials are encrypted at rest in Cloudflare KV / Secrets Store and decrypted in-memory only when needed. We do not train models on your data, do not sell it, and do not share connected-service content with third parties except as required to run the workflow you requested. OAuth tokens persist until you revoke; audit logs default to 90 days (see our Terms for the full retention contract). Subprocessors: Cloudflare, WorkOS, Sentry, Anthropic, OpenAI, Composio.

Who we are

Harbor is operated by Zonko Labs Private Limited. Our product sits between AI agents and the services you already use — such as source-control systems, communication tools, document suites, calendars, issue trackers, databases, and other SaaS products — brokering access through OAuth, API credentials, and per-tool authorization. References to “we”, “us”, or “Harbor” in this document mean Zonko Labs.

Data we collect

We keep the minimum data required to run the control plane:

• Account information. Name, email, organization membership, and sign-in metadata provided by WorkOS or another identity provider when you sign in.
• Workspace configuration. Workspace names, membership, enabled plugins or sources, saved settings, authorization grants, and other choices you make inside Harbor.
• Credentials for connected services. OAuth access and refresh tokens, API keys, or similar credentials issued by providers you connect. Credentials are encrypted at rest and only decrypted in-memory when needed to fulfill a request you authorized.
• Run and audit metadata. Records of tool invocations and executions, such as which workspace, user, agent, tool, source, authorization grant, timestamp, status, and error category were involved.
• Connected-service content. Depending on the tools and scopes you enable, responses may include messages, files, documents, calendar entries, repository data, issues, tickets, database rows, or other records from the services you connected. Harbor processes this data to complete the request and, unless you intentionally save an output or artifact, does not retain raw response bodies beyond what is required to provide the feature, troubleshoot failures, and maintain auditability.
• Operational telemetry. We collect diagnostic metadata such as request IDs, latency, status codes, and scrubbed error details to keep the service reliable. We do not intentionally log tokens, secrets, message bodies, document contents, or other raw connected service content in operational telemetry.

Connected services and integrations

Harbor is provider-neutral: integrations can cover communication tools, productivity suites, source-control systems, databases, SaaS APIs, internal tools, and MCP servers. Each integration is limited by the scopes, credentials, tools, and workspace policies you approve. Agents can only invoke tools that are installed and authorized for the workspace.

Most connected-service data is fetched only when you, a workspace member, or an authorized agent invokes a tool. If an integration supports webhooks, triggers, subscriptions, or scheduled jobs, Harbor uses the data received through those features only for the workflow you configured, and you can disable that integration or revoke its credentials from the dashboard.

How we use it

We use your data to operate Harbor, fulfill authorized tool calls and workflows, secure the service, troubleshoot failures, and give you a truthful record of what happened. We do not train models on your data. We do not sell it. We do not share connected-service content with third parties except as needed to run the workflow you requested — for example, calling the provider API you connected or sending the minimum necessary context to the model/runtime provider configured for your agent.

Per-tool authorization

OAuth is the floor, not the ceiling. Beyond the provider’s consent screen, Harbor asks you to authorize each tool — or a pattern of tools — before an agent can invoke it. You can review, narrow, or revoke these grants at any time from your dashboard. Revoking a grant takes effect immediately for subsequent calls.

Google API Services and Limited Use

Harbor’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Depending on the Google Workspace tools enabled for your workspace and the scopes shown on the consent screen, Harbor may request access such as:

• gmail.readonly — read Gmail messages, headers, bodies, and labels for authorized questions, summaries, or workflows.
• drive.readonly — read Google Drive files and metadata selected or authorized for an agent task or workflow.
• spreadsheets — read, update, or create Google Sheets content only as requested through an authorized tool or workflow.
• documents — read, update, append, or create Google Docs content only as requested through an authorized tool or workflow.
• calendar — read, create, or update Google Calendar entries only as requested through an authorized tool or workflow.

For Google user data specifically:

• We use Google user data only to provide or improve user-facing Harbor features that are prominent in Harbor’s UI or configured by the workspace.
• We do not use Google user data to serve advertisements, sell Google user data, or train generalized AI or machine-learning models.
• We do not transfer Google user data to third parties except as necessary to provide the feature you requested, such as calling Google APIs, sending the minimum necessary context to the model or runtime provider configured for your agent, using service providers that help operate Harbor, complying with law, or protecting security.
• We do not allow humans to read Google user data except with your affirmative consent, for support or security purposes, to comply with law, to enforce our Terms of Service, or on an aggregated and anonymized basis for internal operations.
• We do not persist raw Gmail messages, Drive files, Docs, Sheets, or Calendar contents unless you intentionally save that content as an output, artifact, run record, cache entry, workspace storage item, or other configured Harbor object.

Retention

OAuth tokens are held until you revoke the connection or the workspace is deleted, whichever comes first. Audit logs are retained for 90 days by default, then purged. Workspace admins can configure a shorter retention window. Account records are removed on account deletion, subject to any legal holds.

Subprocessors

Harbor relies on a small, deliberately short list of infrastructure and platform providers to deliver the service. Each entry below lists the vendor’s role inside Harbor, the categories of data processed on Harbor’s behalf, the processing region, and a link to the vendor’s privacy or subprocessor page.

Cloudflare, Inc.

• Role: primary cloud infrastructure (Workers compute, D1 database, KV / Secrets Store, R2 object storage, Queues, Workflows, Durable Objects, AI Gateway, CDN, DNS).
• Data processed: account records, workspace configuration, encrypted credentials and OAuth tokens, run and audit metadata, tool-invocation telemetry, run artifacts, model-request payloads routed through Cloudflare AI Gateway.
• Region:Cloudflare’s global edge network; EU residency available on request.

WorkOS, Inc.

• Role: authentication, SSO, directory, and OAuth 2.1 + PKCE via AuthKit; signed webhooks for user-lifecycle events.
• Data processed: name, email, organization membership, sign-in metadata, session cookies, directory sync records.
• Region: United States.

Functional Software, Inc. (Sentry)

• Role: error tracking, release health, and performance monitoring for apps/web and apps/api.
• Data processed:scrubbed error stacks, request IDs, status codes, release identifiers, source-map references. Tokens, secrets, message bodies, and connected-service content are filtered before leaving Harbor’s workers.
• Region: United States.

Anthropic, PBC

• Role:downstream large-language-model provider invoked through Cloudflare AI Gateway for Harbor’s default chat, summarization, and reasoning features.
• Data processed:the prompt context required to fulfill a requested AI feature — typically system instructions, the user’s message, and minimum necessary tool or run context. Anthropic does not train on data sent through its API.
• Region: United States.

OpenAI, L.L.C.

• Role: downstream large-language-model provider invoked through Cloudflare AI Gateway for select Harbor reasoning, summarization, and tool-indexing features.
• Data processed:the prompt context required to fulfill a requested AI feature — typically system instructions, the user’s message, and minimum necessary tool or run context. OpenAI does not train on data submitted through its API.
• Region: United States.

Composio, Inc.

• Role: managed OAuth and connected account broker used by Harbor when a plugin source is configured to authenticate via Composio rather than a direct provider OAuth client.
• Data processed:the workspace user ID, Harbor-issued correlation identifiers, the connected-account ID Composio returns, and any provider OAuth tokens or refresh tokens Composio holds on Harbor’s behalf for that source. Composio acts as the provider boundary for those tokens.
• Region: United States.

If Harbor adds, removes, or materially changes a subprocessor, we will update this section and the “Last updated” date at the top of the page. Customers requiring advance notice of subprocessor changes can email support@zonko.ai to subscribe.

Your rights

You can revoke any OAuth connection, delete your account, or request an export of your data at any time. Email support@zonko.ai and we’ll respond within a reasonable window — typically a few business days.

GDPR and data residency

Harbor processes data across Cloudflare’s global edge network. EU-based users or workspaces that require EU data residency can request it by contacting support, and we will configure the workspace to route and store data within EU regions. Standard contractual clauses are available on request for customers that need them.

Children

Harbor is not intended for children. We do not knowingly collect data from anyone under 13, or under 16 where local law sets a higher age of digital consent. If you believe a minor has signed up, contact us and we will remove the account.

Changes to this policy

If we make material changes to this policy we will notify account holders by email before the changes take effect, and update the “Last updated” date at the top of this page. Minor editorial fixes may be made without notice.

Contact

Zonko Labs Private Limited. Questions, requests, or security reports go to support@zonko.ai.

Frequently asked questions