Effective date: April 29, 2026
This Privacy Policy explains how Harvest Tools LLC (“we,” “us,” or “our”) collects, uses, shares, and protects information when you use Harvest (the “Service”), including the web application and the Harvest Trade Assistant browser extension. By using the Service, you agree to the practices described in this Policy. If you do not agree, do not use the Service.
We collect the following categories of information:
Account information. When you create an account, we collect your email address, password (stored as a cryptographic hash, not in plain text), and, if you provide them, your display name and avatar image.
Portfolio and financial information. When you use the Service, you provide information about your investment activity, including: brokerage account names and balances you enter; securities (tickers) you track; allocation percentages and grid parameters you configure; transaction history you record or import (buys, sells, dividends, options, transfers, and similar); and portfolio snapshots and alerts you create. You choose what to enter — Harvest does not connect to your brokerage or pull data from it.
Billing information. When you subscribe to a paid plan, payment processing is handled by our payment processor (Stripe). We do not receive or store your full payment card details. We do store records of your subscription, including amount charged, billing period, tier at time of purchase, and subscription status.
Social information. If you use social features, we store your friend connections, achievements, and any content you choose to share with friends.
Notifications. If you enable push notifications, we store the push subscription endpoint and cryptographic keys your browser provides so that we can deliver notifications you have requested.
Contact and support information. If you submit a contact form or email us, we retain your message and email address so that we can respond.
Usage and log data. We log basic activity such as account creation, acceptance of these Terms, and key actions within the Service for operational, security, and audit purposes. We do not use third-party analytics, telemetry, advertising, or cross-site tracking services.
Device information. Our servers receive standard technical information from your browser, such as IP address, browser type, and request timestamps. This information is used for security, rate limiting, and troubleshooting.
We use the information we collect to:
We do not use your financial or portfolio information to give you investment advice or recommendations, and we do not sell or rent your personal information to anyone.
We share information only in the following limited circumstances:
Service providers. We use third-party vendors to operate the Service. These providers process information on our behalf under contractual obligations to protect it. See Section 4 for the specific providers we use.
Legal compliance. We may disclose information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of others, or to investigate fraud or violations of our Terms.
Business transfers. If Harvest Tools LLC is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
With your consent. We may share information for other purposes with your explicit consent.
We do not sell, rent, or trade your personal information to third parties for their marketing or advertising purposes.
We use the following third-party service providers to operate the Service:
These providers are bound by their own privacy practices and by contractual obligations with us. We recommend reviewing their policies if you would like more information about how they handle data.
Your data is stored in encrypted databases operated by our service providers. Passwords are hashed using industry-standard one-way algorithms and are never stored or transmitted in plain text. Connections between your browser and our servers are encrypted using TLS (HTTPS).
While we take reasonable measures to protect your information, no system is perfectly secure. You are responsible for maintaining the confidentiality of your account credentials and for notifying us promptly of any suspected unauthorized access.
We retain your information for as long as your account is active. If you delete your account, we will delete or anonymize your personal information within thirty (30) days, except where we are required to retain records for legal, accounting, tax, fraud-prevention, or audit purposes. Payment and billing records are typically retained for at least seven (7) years to comply with tax and accounting requirements.
Aggregated or de-identified information that no longer identifies you may be retained indefinitely.
Subject to applicable law, you have the following rights regarding your personal information:
Most of these rights can be exercised directly from your account settings. For any request not supported in-product, contact us at the address in Section 16.
Response times. We will acknowledge your request within ten (10) days and aim to respond substantively within forty-five (45) days. Where a request is complex or we have received a high volume of requests, we may extend this period by an additional forty-five (45) days and will notify you of the extension.
Identity verification. Before fulfilling a request, we may need to verify your identity by matching information you provide against the records we hold about you. If we cannot verify your identity to a reasonable degree of certainty, we may decline to act on the request and will notify you.
If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect and how it is used, the right to request deletion, and the right to non-discrimination for exercising your rights.
We do not sell your personal information and have not done so in the preceding twelve (12) months. We also do not share your personal information for cross-context behavioral advertising.
Sensitive Personal Information. We do not collect or process Sensitive Personal Information (as defined under the CCPA) for the purpose of inferring characteristics about you, and we do not use or disclose it for any purpose beyond what is reasonably necessary to provide the Service.
Authorized agents. You may designate an authorized agent to submit a CCPA request on your behalf. We will require the agent to provide written, signed permission from you, and we may also ask you to verify your own identity directly with us before we act on the request.
Right to non-discrimination. We will not deny you the Service, charge you a different price, or provide a different level of quality because you exercised your CCPA rights.
To exercise a CCPA right, contact us at the address in Section 16.
If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, or another U.S. state with a comprehensive consumer privacy law, you have rights similar to those described in Section 7, which generally include the right to access, correct, delete, and obtain a portable copy of your personal information, and to opt out of targeted advertising, the sale of personal information, and certain forms of profiling. As described elsewhere in this Policy, we do not sell personal information, do not engage in targeted advertising, and do not use your information for profiling that produces legal or similarly significant effects.
To exercise any of these rights, contact us at the address in Section 16. If we deny your request, you may have the right to appeal that decision; instructions will be provided in our response.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and similar laws, including the rights of access, rectification, erasure, restriction of processing, data portability, and objection to processing. You also have the right to lodge a complaint with your local data protection authority.
Our lawful bases for processing your information include (a) performance of a contract (providing the Service you requested), (b) our legitimate interests in operating and securing the Service, (c) compliance with legal obligations, and (d) your consent where applicable.
We use cookies and similar technologies that are strictly necessary for the Service to function, including authenticating your session and remembering your preferences. We do not use advertising cookies, third-party analytics, or cross-site tracking technologies.
The Service is intended for users who are at least 18 years of age. We do not knowingly collect personal information from anyone under 18, and specifically not from children under the age of 13 as defined by the Children's Online Privacy Protection Act (COPPA). If you believe a child under 13 has provided us with personal information, please contact us and we will promptly delete it.
In addition to the web application, we offer the Harvest Trade Assistant browser extension, which helps users transfer trade order details from the Harvest app to Fidelity's trading platform. The extension operates entirely within your browser and is subject to the following specific terms.
Information the extension accesses. When you click “Send to Fidelity,” the extension reads the following fields from the open order modal on the Harvest app:
How the extension uses information. The information is used for one purpose only: to auto-fill the corresponding fields on Fidelity's conditional order form within your browser.
Permissions requested. The extension requests only the minimum browser permissions necessary to function:
| Permission | Purpose |
|---|---|
| scripting | Fill in the Fidelity trade form programmatically |
| activeTab / tabs | Locate or open the Fidelity tab and switch to it |
| Host access | Read trade data from Harvest and write it into the Fidelity form (harvestplots.com, fidelity.com, localhost) |
Harvest Tools LLC is based in the United States, and our service providers may store or process data in the United States or other jurisdictions. If you access the Service from outside the United States, you understand that your information may be transferred to and processed in the United States, which may have different data protection standards than your country of residence.
We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised effective date. For material changes, we will make reasonable efforts to notify you via email or in-app notification. Continued use of the Service after changes constitutes acceptance of the updated Policy.
If you have questions, concerns, or requests about this Privacy Policy or your personal information, please contact us at support@harvestplots.com.