1. Product Overview
| Product name | HARBOUR AI |
| Deployment model | On-premise / local — installed on the customer's own hardware |
| Architecture | FastAPI backend + Next.js frontend (Electron desktop wrapper) + Ollama local LLM inference + ChromaDB local vector store + SQLite local database |
| Network requirement | None after initial setup. Fully air-gap capable. No internet connection required for any AI functionality. |
| Cloud dependency | NONE. All processing runs on the customer's hardware. |
| Telemetry | NONE. No usage data, crash reports, or analytics are transmitted anywhere. Verifiable by independent security audit — no telemetry endpoints exist in the architecture. |
| Source code | Proprietary — closed-source. Binary releases published at github.com/LOOSEKEY/HARBOUR-AI. Independent security audit available on request. |
2. Data Controller / Processor Analysis
| Who is the data controller? | The deploying organisation is the sole data controller. HARBOUR AI Ltd never receives, processes, or stores any personal data from any deployment. |
| Is HARBOUR AI Ltd a data processor? | NO. HARBOUR AI Ltd processes no customer data. There is no data processing relationship between the deploying organisation and HARBOUR AI Ltd. |
| Is a Data Processing Agreement (DPA) required? | NO. A DPA would govern the relationship between a controller and a processor. Since HARBOUR AI Ltd is not a processor of your data, no DPA is required. |
| Is a Transfer Impact Assessment required? | NO. No personal data leaves the deploying organisation's network. There is no international or cross-organisational data transfer to assess. |
| Is a DPIA recommended? | Organisations should complete their own DPIA as part of internal due diligence for any AI tool deployment. HARBOUR AI provides a pre-filled DPIA template. Given the sole-controller architecture, the residual risk profile is significantly lower than cloud AI deployments. |
3. What Data Is Processed and Where It Lives
Conversations
~/.harbour-ai/harbour-ai.db
never transmitted
Uploaded documents
~/.harbour-ai/uploads/
never transmitted
Vector index (RAG)
~/.harbour-ai/rag/
never transmitted
User accounts
~/.harbour-ai/harbour-ai.db
never transmitted
Audit logs
~/.harbour-ai/harbour-ai.db
never transmitted
Voice recordings
Processed in RAM, not persisted
never transmitted
Meeting transcripts
~/.harbour-ai/harbour-ai.db
never transmitted
AI model weights
~/.ollama/ (Ollama default)
inference only, no training
Application logs
~/.harbour-ai/harbour-ai.log
never transmitted
- All data directories are on the host machine under the path shown. No cloud storage, S3 bucket, or remote database is used at any point.
- AI inference is performed by Ollama running locally. The model receives query text from the local application and returns a response — no network call is made.
- If the optional cloud integrations (OneDrive sync, Xero connector, Twilio phone) are not configured, zero external network connections are made during normal operation.
- If optional cloud integrations are configured, only the data explicitly sent to that integration is transmitted — e.g. a file path for OneDrive sync. HARBOUR AI conversation data is never included.
4. Lawful Basis for Processing
| Processing purpose | Provision of AI-assisted productivity tools to the deploying organisation's users |
| Lawful basis (employees) | Article 6(1)(b) — performance of a contract (employment contract), or Article 6(1)(f) — legitimate interests (operational efficiency). Organisation to confirm based on context. |
| Lawful basis (client data) | As determined by the deploying organisation for its own processing purposes. HARBOUR AI Ltd makes no determination on this. |
| Special category data | If health, legal, or other Article 9 data is processed via HARBOUR AI, the deploying organisation must establish an Article 9(2) condition. The sole-controller architecture means no Article 9 data is shared with any third party by using HARBOUR AI. |
5. Data Retention
| Retention control | Fully controlled by the deploying organisation. The admin panel provides per-data-type retention policies with automatic daily cleanup. |
| Default retention | No automatic deletion unless a retention policy is enabled. Organisation configures periods appropriate to their data types and legal obligations. |
| Manual deletion | Any record can be deleted by an admin at any time from the admin panel or directly from the SQLite database. |
| Complete erasure | Deleting the ~/.harbour-ai/ directory removes all data permanently. Nothing remains on any external system. |
| Article 17 compliance | FULLY SUPPORTED. Right to erasure is exercised by the data controller (the deploying organisation) without any involvement from HARBOUR AI Ltd. |
6. Data Subject Rights
RIGHT OF ACCESS (ART.15)
All personal data is in the deploying organisation's SQLite database. Admin can extract any individual's data via the admin panel or direct SQL query.
RIGHT TO ERASURE (ART.17)
Conversations, documents, and user records can be deleted individually from the admin panel or by deleting the database. Complete erasure: delete ~/.harbour-ai/.
RIGHT TO RECTIFICATION (ART.16)
User account data can be updated by an admin at any time. Conversation records are immutable but can be deleted and re-entered.
RIGHT TO PORTABILITY (ART.20)
Built-in data export function produces a structured ZIP of all conversations as Markdown files. Database is SQLite — directly readable with any standard tool.
RIGHT TO OBJECT (ART.21)
The deploying organisation controls all processing decisions. User accounts can be disabled or deleted. No processing continues for a disabled user.
NO AUTOMATED DECISIONS (ART.22)
HARBOUR AI does not make automated decisions with legal or significant effect about individuals. All AI outputs are advisory only.
7. Security Measures
- All authentication uses JWT tokens with configurable expiry. Passwords are hashed with bcrypt.
- Optional TOTP-based two-factor authentication (RFC 6238) — Google Authenticator, Authy, or any compatible app.
- Tamper-proof audit trail with SHA-256 chain hash linking every log entry to the previous (GENESIS anchor). Any modification is detectable. VERIFY CHAIN function in admin panel.
- PII Auto-Redaction — 11 UK PII types detected and removed from messages before they reach the AI model. Logged with type and count.
- Network exposure: the application binds to localhost by default. Exposing it on a network is the deploying organisation's configuration choice and responsibility.
- No remote code execution or update mechanisms run automatically. Updates are applied manually by the organisation.
- Source code is fully open for penetration testing without provider permission.
8. Third-Party Sub-Processors
| HARBOUR AI Ltd sub-processors | NONE. HARBOUR AI Ltd has no sub-processors because it processes no customer data. |
| Optional integrations | If the deploying organisation configures optional integrations (Microsoft OneDrive, Google Drive, Xero, QuickBooks, Twilio), those providers become sub-processors of the deploying organisation — not of HARBOUR AI Ltd. The deploying organisation is responsible for ensuring those relationships are covered by appropriate agreements. |
| Ollama (local LLM) | Ollama runs locally on the deploying organisation's hardware. It is not a cloud service. No data leaves the host machine through Ollama. |
9. Incident Response
| Who is responsible for breach notification? | The deploying organisation as data controller. HARBOUR AI Ltd is not involved in any personal data breach because it holds no personal data. |
| What could constitute a breach? | Unauthorised access to the host machine or the ~/.harbour-ai/ directory. This is within the deploying organisation's IT security perimeter — not HARBOUR AI Ltd's. |
| HARBOUR AI Ltd notification obligation | NONE. HARBOUR AI Ltd cannot be a processor in a breach scenario as it holds no data to breach. |
10. Approval Sign-Off
This section is for the deploying organisation's internal governance record. Complete and retain with your Article 30 records.
DATA PROTECTION OFFICER
Name:
Signature & Date:
Notes:
IT SECURITY / INFORMATION OWNER
Name:
Signature & Date:
Notes: