HarborPass ("HarborPass," "we," "us," or "our") is a financial technology infrastructure company incorporated in the United States. We connect African FinTech companies with US banking rails, compliance infrastructure, and sponsor bank relationships.
This Privacy Policy describes how we collect, use, store, share, and protect information when you access our website, contact us, or use our onboarding and platform services (collectively, the "Services").
By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you are acting on behalf of a company, you represent that you have authority to bind that company to this Policy.
Who This Policy Applies To
This Policy applies to:
- FinTech founders and executives who engage with HarborPass to access US banking infrastructure
- Authorized representatives and administrators of client companies
- Third-party service providers who interact with HarborPass in a business capacity
- Visitors to our website and contact form
HarborPass does not provide retail consumer financial services. We operate in a B2B capacity, and the individuals whose data we process are primarily business representatives, not retail end-users.
Information We Collect
2.1 Personal Identity Information
When you engage with us through our contact form, onboarding flow, or KYC process, we may collect:
- Full legal name and job title
- Email address and phone number
- Government-issued identification documents
- Passport photographs or biometric identifiers (where required for identity verification)
- Residential or registered business address
2.2 Business Information
To onboard your company onto our platform and facilitate compliance approvals, we collect:
- Company legal name, registration number, and jurisdiction of incorporation
- Regulatory filings, licenses, and compliance documentation
- Ownership structure and beneficial ownership information
- Business bank account details
- Descriptions of products, services, and intended use cases
2.3 Financial Information
In connection with sponsor bank relationships and payment rail provisioning, we may collect:
- Bank account and routing information
- Transaction records and payment history
- Source of funds documentation
- Financial statements or revenue information
2.4 Communications and Usage Data
When you interact with us via our website or contact channels, we may collect:
- Email and form submission content
- IP address and general location data
- Browser type, device information, and usage patterns on our website
How We Collect Your Information
We collect information through the following channels:
- Directly from you: Through our contact form, email correspondence, and onboarding flow, including KYC document submission.
- From third parties: From KYC and AML service providers, identity verification platforms, and public registries as part of our compliance obligations.
- Automatically: Through standard web technologies including cookies, server logs, and analytics tools when you visit our website. See Section 8 for our cookie practices.
How We Use Your Information
We process your information for the following purposes:
4.1 Service Delivery and Contractual Performance
- To onboard your company onto our platform and facilitate access to US banking rails
- To establish and manage sponsor bank relationships on your behalf
- To process and track compliance documentation and regulatory approvals
- To communicate with you about the status of your onboarding and ongoing services
4.2 Legal and Regulatory Compliance
- To fulfill KYC (Know Your Customer) and AML (Anti-Money Laundering) obligations
- To verify the identity of company representatives and beneficial owners
- To comply with reporting requirements from US regulatory bodies
- To support audit and compliance functions required by our sponsor bank partners
4.3 Legitimate Business Interests
- To detect, investigate, and prevent fraud and financial crime
- To maintain the security and integrity of our platform
- To improve and develop our services
- To communicate service updates, security alerts, and administrative notices
Sharing Your Information
HarborPass does not sell your personal or business information. We share data only in the following circumstances:
5.1 Sponsor Banks
We share your business and identity information with our US sponsor bank partners as required to establish and maintain banking relationships on your behalf. These institutions are themselves subject to US banking regulations, including applicable federal privacy laws.
5.2 KYC and AML Service Providers
We engage third-party identity verification and compliance screening providers to assist with our KYC and AML obligations. These providers process your information under contractual data processing agreements and are prohibited from using your data for any purpose beyond what we instruct.
5.3 US Regulatory Authorities
We may be required to disclose information to US federal and state regulators, law enforcement agencies, or other governmental bodies where required by law, legal process, or to protect the rights and safety of HarborPass, its clients, or the public.
5.4 Professional Advisors and Auditors
We may share information with legal counsel, accountants, and independent auditors for the purpose of obtaining professional advice or conducting compliance audits.
5.5 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of all or part of our business, your information may be transferred as part of that transaction. We will provide notice of any such transfer and your rights in connection with it.
International Data Transfers
HarborPass is incorporated and headquartered in the United States. The nature of our services requires the transfer of data between Africa and the United States. By using our Services, you acknowledge and consent to your information being transferred to and processed in the United States.
Where data originates from jurisdictions with specific cross-border transfer requirements, including Nigeria (NDPR), Kenya (Data Protection Act, 2019), South Africa (POPIA), and the European Union (GDPR), we take appropriate safeguards to ensure such transfers are compliant, including the use of standard contractual clauses or equivalent transfer mechanisms where applicable.
All data processed by HarborPass is stored in encrypted formats within secure, access-controlled infrastructure.
Your Rights Over Your Data
Depending on your location and applicable law, you may have the following rights with respect to your personal information:
Request confirmation of whether we hold data about you and a copy of that data.
Request that we correct inaccurate or incomplete information.
Request deletion of your data, subject to legal retention obligations in Section 9.
Request that we limit our processing of your data in certain circumstances.
Where technically feasible, request that we transfer your data to another organization.
Object to certain processing activities, including those based on legitimate interests.
Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
To exercise any of these rights, contact us at hello@getharborpass.com. We may request proof of identity before processing your request and will respond within the timeframe required by applicable law.
Cookies and Tracking Technologies
Our website uses cookies and similar technologies to support basic functionality, analytics, and user experience. We do not use tracking technologies for advertising purposes.
You may manage your cookie preferences through your browser settings. Disabling certain cookies may affect the performance or functionality of our website. Where required by law, we will seek your consent before placing non-essential cookies.
Data Retention
We retain your information for as long as necessary to provide our Services and fulfill the purposes described in this Policy. For compliance and regulatory reasons, we retain certain categories of data for a minimum of five years following the termination of our relationship, or such longer period as required by applicable law.
You may request early deletion of your data, which we will honor unless:
- Retention is required by applicable law or regulation
- Your data is subject to an active investigation, dispute, or unresolved claim
- Retention is necessary for our legitimate interests, such as fraud prevention
All stored data is encrypted at rest and accessible only to authorized personnel with a documented business need.
Data Security
HarborPass maintains technical, organizational, and administrative measures designed to protect your information against unauthorized access, disclosure, alteration, or destruction. These measures include encryption of data in transit and at rest, access controls, and security monitoring.
While we implement industry-standard security practices, no method of transmission or storage is completely secure. We encourage you to use strong credentials and notify us immediately if you believe your account or interactions with us have been compromised.
Jurisdiction-Specific Disclosures
For users in Nigeria, we process personal data in accordance with the Nigeria Data Protection Regulation (NDPR) 2019 and any successor legislation. You have the rights described in Section 7 of this Policy. Data may be transferred outside Nigeria subject to the safeguards described in Section 6.
For users in Kenya, we process personal data in accordance with the Kenya Data Protection Act, 2019. You are entitled to the rights set out in Part IV of that Act, including the rights described in Section 7 of this Policy.
For users in South Africa, we process personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA). You have the right to complain to the Information Regulator of South Africa if you believe your rights under POPIA have been violated.
For users in the European Union or European Economic Area, we process personal data in accordance with the General Data Protection Regulation (GDPR). Our legal bases for processing include contractual performance, legal obligation, and legitimate interests as described in this Policy. You have the rights described in Section 7 and may lodge a complaint with your local supervisory authority.
For California residents, we do not sell personal information as defined under the California Consumer Privacy Act (CCPA). You have the right to know what personal information we collect and how it is used, to request deletion, and to non-discrimination for exercising your privacy rights. Residents of other US states with applicable privacy laws may have similar rights under their respective statutes.
Third-Party Links
Our website may contain links to third-party websites or resources. HarborPass has no control over and assumes no responsibility for the privacy practices or content of those external sites. We recommend reviewing the privacy policies of any third-party sites you visit.
Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our business, services, or applicable law. We will indicate the updated effective date at the top of this document. For material changes, we will provide notice via email or a prominent notice on our platform.
Your continued use of our Services after any update constitutes your acceptance of the revised Policy.
Governing Law
This Policy is governed by the laws of the United States of America. To the extent that any provision of this Policy is inconsistent with applicable local data protection law in any jurisdiction in which we operate, the applicable local law shall govern to the extent required.
Contact Us
For questions, concerns, or requests relating to this Privacy Policy or our data practices, please reach out to us. We aim to respond to all privacy-related enquiries within 30 days of receipt.


