Privacy Policy

Last updated: July 13, 2026

Please visit our Privacy Center for a summary of the changes we’ve made.

Harvey AI Corporation and our affiliates (“Harvey”, “we”, “us”, “our”) respect your right to privacy, and we are dedicated to securing and protecting any information we have about you. This Privacy Policy describes the ways we collect, use, and share information that relates to an identifiable individual (“Personal Data”) and also how you can exercise your rights under applicable privacy and data protection laws.

If you have any questions or concerns about our use of your Personal Data, or if you wish to exercise any of your privacy rights including the right to object (where applicable), then please contact us using the contact details under ‘How to Contact us’ at section 12 below.

Harvey provides a secure AI platform (the "Services"), that augments productivity and automates complex workflows for professionals including professionals in law, tax, and finance. Harvey is headquartered in the United States.

For jurisdiction specific provisions of this Privacy Policy see the ‘Jurisdiction Specific Provisions’ at section 8 below.

We recommend that you read this Privacy Policy in full to ensure you are completely informed about Harvey’s collection and use of your Personal Data.

Table of Contents

  1. Applicability of this Privacy Policy
  2. Personal Data we Collect and Process
  3. How we use Personal Data
  4. Who we Share your Personal Data With
  5. How we Keep your Personal Data Secure
  6. International Data Transfers
  7. Data Retention
  8. Jurisdiction Specific Provisions
  9. Minors Data
  10. Your Data Protection Rights
  11. Updates to this Privacy Policy
  12. How to Contact us
  1. Applicability of this Privacy Policy

This Privacy Policy describes how Harvey processes Personal Data collected from you or about you through our websites, for example at Harvey.ai and help.harvey.ai (our “Websites”), the Services, and other interactions you have with Harvey.

Harvey’s Services are offered to businesses, companies and/or other entities, and/or individual professionals (our “Customers”) for professional use. We enter into customer agreements (for example, our platform agreement, pilot agreement, evaluation agreement, terms of service, data processing addendum etc.,) with our Customers. These agreements govern the delivery and use of the Services (the “Customer Agreement”). This Privacy Policy does not apply to any input or output generated on our online platform, or documents uploaded to our platform. We process that data on behalf of Customers and we call it (“Customer Data” and “Content”). Harvey’s use of Customer Data and Content received through the Services is governed by the relevant Customer Agreement. Harvey processes Customer Data and Content received through the Services as a Data Processor so any queries related to this data should be directed to our Customers who are the Data Controllers.

This Privacy Policy applies where Harvey is the data controller responsible for the processing of the Personal Data.

2. Personal Data we Collect and Process

In the course of doing business, providing our Services, and operating our Websites we collect and receive Personal Data in different ways and from different sources. This Personal Data includes:

  • Information that you provide directly

We collect Personal Data directly from you when you create an account with us, otherwise use the Services, or interact with us via some other means. The Personal Data we collect includes:

a) Account Information: When you or your employer creates an account with us and throughout the time you or your employer uses the Services, we collect certain information associated with your account, including your name, email address, and information about your profession and professional experience, language preferences, account credentials, payment information, and your transaction history with us (collectively, “Account Information”).

b) Communication Information: If you communicate with us, (for example when you contact us about our Services, when you complete a survey, when you participate in an event we may host or sponsor, when you interact with our Websites, or when you request support) we collect your name, email address, information about your profession, customer survey responses, the way you interact with our communication and Services, and the contents of any messages you send us (collectively “Communication Information”).

c) Social Media Information: We have pages on social media services like X, YouTube, and LinkedIn. When you interact with our pages or our employees or representatives via social media services, we collect Personal Data that you choose to provide to us, such as your contact details and the contents of your messages to us, posts, or profiles. In addition, third parties may provide us with aggregate information and analytics about social media activity and other information you choose to make public on the social media platform (collectively, “Social Media Information”).

  • Information that we collect automatically

We collect your personal data indirectly, including through automated means from your computer or device. This information includes:

a) Log Data: Information that your browser or device automatically sends when you use our Services or access our Websites. Log data includes your Internet Protocol Address, browser information, the date and time of your request, and how you otherwise use certain features or interact with us (collectively “Log Data”).

b) Service usage data: When you interact with the Services, metadata is generated that provides additional context about your use of the Services. This includes your email address, account identifiers, data about how often you visit the Websites, how you interact with the Services, the amount of time spent engaging with the Services, the volume of queries you submit, the type of queries you submit, the features interacted with, and how those features performed during your interactions (collectively “Usage Data”).

c) Cookies and Similar Technologies: We use cookies, pixels, scripts, or similar technologies (collectively “Cookies and Similar Technologies”) to manage the Services and to collect information about you and your use of the Services and interactions with our Websites. A cookie is a small string of information that websites you visit transfer to your computer for identification purposes. These technologies help us to recognize you, customize or personalize your experience, market additional products or services to you, understand your preferences, improve your Websites experience, and analyse the use of our Services to make them safer and more useful. For more details about how we use these Cookies and Similar Technologies, your opt-out controls, and other options please visit our Cookie Policy.

d) Device Information: We also collect certain device and connection-specific information when you install, access, or use our Services and interact with our Websites. This includes information such as the name of the device, operating system, device identifiers, and browser you are using (collectively “Device Information”). The specific Device Information collected will depend on the type of device you use and its settings.

  • Information we collect from third parties

We also receive certain information about you from our trusted partners, such as:

a) security partners who may provide us with information such as compromised credentials and personal details, to protect against fraud, abuse, and other security threats;

b) marketing vendors who provide us with information about potential customers of our services, such as contact details, like name, email address, physical address, and phone number, and information about professional affiliations and employment;

c) advertising vendors, including social media services who may provide us with information such as interactions with our marketing emails, social media posts, and other advertisements; and

d) market research firms, survey companies, and event organisers (for example, trade shows, professional events, conferences, and seminars we attend) that may provide us with information about you, including contact details (such as your name, email address, physical address, and phone number), information about your professional affiliations and employment, and information relating to your use of our Services and Websites, your business, and your use of artificial intelligence.

((a), (b), (c), and (d) collectively “Information Collected From Third Parties”).

  • Information that is publicly available

We collect publicly available information, including information made publicly available on social media or professional websites, about customers and prospects to help offer and provide our Services.

We use publicly available information (for example, judgments, decisions, public filings, etc.,) to develop, train, and improve our AI platform (“Publicly Available Information”).

For more information on the sources of information used to train, maintain, and develop our AI platform and the steps we take to protect individuals’ privacy, please see our Privacy Center.

3. How We Use Personal Data

We may use Personal Data covered by this Privacy Policy for the following purposes:

  • to provide and maintain our Services;
  • to bill for our Services;
  • to obtain and pay for services when you are employed by one of our service providers or partners;
  • to develop, improve, and update our Services and new functionality;
  • to develop, improve, and update the way in which we provide support and carry out our other business practices;
  • to carry out and conduct research or surveys;
  • to investigate the effectiveness of our Services, to understand how our Services are used, and to evaluate user needs and preferences;
  • to personalise your use of our Services, applications, or platforms;
  • to provide customer support and resolve bugs, issues, or customer queries;
  • to communicate with you, including to send you information or marketing about our Services and events (To opt-out or object to receiving marketing communications from Harvey AI, please email privacy@harvey.ai);
  • to assess your eligibility for, and offer you or promote our Services. Where allowed by law (including, where required, with your opt-in consent), we use and share your Personal Data with others so that we may market our Services to you, including through interest-based advertising (To opt-out or withdraw your consent to having your data shared for interest-based advertising, please visit the Your Privacy Choices page.);
  • to prevent fraud, criminal activity, or misuses of our Services, and to protect the security of our systems and Services; and
  • to comply with legal obligations and to protect the rights, privacy, safety, or property of our users, us, our affiliates, or any third party.

We may aggregate or de-identify Personal Data so that You can no longer be identified and use the aggregated or de-identified data for the following purposes:

  • to investigate and study the effectiveness of our Services;
  • to update and improve our Services;
  • to develop, improve, and update the way in which we provide support and carry out our other business practices;
  • to conduct research and surveys; and
  • to share or publish aggregated information about usage of our Services, for example on our blog or on social media (e.g. LinkedIn).

Please note that we do not attempt to reidentify this information unless required by law.

Details of the purposes for which we process Personal Data as a controller, and the legal bases we rely on for such processing in the European Economic Area and the United Kingdom, are set out in the legal basis table in the ‘Jurisdiction Specific Provisions’ of this Privacy Policy.

4. Who We Share Your Personal Data With

We share your personal data with the following categories of recipients:

a) Our Affiliates: We will share Personal Data that we collect, such as Account Information with any corporate affiliates. The information shared may be used for the purposes described in this Privacy Policy and generally to operate our business, including, processing for fraud prevention, payment processing, customer support, business development, user account administration, and IT, technical, and engineering support.

b) Linked Third-Party Websites or Plug-Ins when you use third party applications, such as Microsoft and choose to connect your Harvey account with such external third-party applications, we may share information about you with the providers of those services or products. Please be aware that when you use third-party sites or services, their own terms and privacy policies will govern your use of the third parties’ sites or services.

c) Vendors and Service Providers. To assist us with our business operations and to perform certain services and functions including providers of hosting services, email services, sales support, customer support, marketing services, research, auditing, authentication, financial services, communication services, content delivery services, data warehouse services, and other information technology services providers. For more details please see Harvey’s Service Provider list available in our Trust Center.

d) Business Reorganisation: If we choose to reorganize our business (such as via a sale, merger, liquidation, receivership, or transfer of all or substantially all of Harvey’s assets), your Personal Data may be disclosed in the diligence process with counterparties and others assisting with the transaction and transferred to a successor or affiliate as part of that transaction. If Harvey intends to transfer information about you for such purposes, we will notify you.

e) Professional Advisors, Industry Partners, Authorities, Regulators, and other Entities: We may share your Personal Data with our advisors, accountants, and consultants and regulators, tax authorities, law enforcement, government agencies, civil litigants, and other entities as reasonably necessary to:

  1. comply with applicable law or regulations, court orders, subpoenas, legal process, or government requests;
  2. detect, investigate, prevent, or address actual or suspected fraud and other illegal activity, violations of Harvey’s Terms, or security and technical issues; or
  3. protect the rights, property and safety of our Customers, Harvey, or others, including to prevent harm or loss.

f) Our Customers: When you use the Service, we may provide you or your employer with information regarding your account and your use of the Services, including as appropriate your Account Information, Usage Data, and Log Data.

g) Advertising Providers: Subject to applicable law, including any consent requirements, we may share your Personal Data with third party advertising and marketing vendors to assist us in contacting and advertising our Services to you, including through interest-based advertising, and to track the efficacy of such ads. For a list of advertising providers we work with please see our Privacy Center.

5. How We Keep Your Personal Data Secure

The security of your information is important to us. We protect your Personal Data through technical and organizational measures designed to mitigate the risk of unlawful or unauthorized access, destruction, loss, alteration, disclosure, or use of your Personal Data. The measures are designed to provide a level of security appropriate to the risk of processing.

6. International Data Transfers

In some cases, we may transfer your Personal Data to countries other than the country in which the Personal Data originates. These countries may have data protection laws that are different to the laws of your country.

When you access our Websites, or use our Services, your Personal Data may be transferred to our servers located in the US or to other countries, including countries outside of the European Economic Area (“EEA”), Switzerland, and the United Kingdom (“UK”). This may be a direct provision of your Personal Data to us, or a transfer that we or a third party makes. Where Personal Data described in the ‘Personal Data We Collect and Process’ section is transferred outside of the country of origin and, where required by law (including in the EEA, Switzerland, or the UK), we ensure it benefits from an adequate level of data protection by relying on:

  • Adequacy Decisions:

These are decisions from an official authority, such as the European Commission under Article 45 GDPR (or equivalent decisions under other laws) that recognise that a country outside of the country of origin (e.g., the EEA) offers an adequate level of data protection. We transfer Personal Data originating in the EEA, Switzerland, or UK, as described in ‘Personal Data We Collect and Process’ to the United States under the Data Privacy Framework and other countries with adequacy decisions.

  • Standard Contractual Clauses:

For jurisdictions which are not deemed adequate, we rely on other lawful transfer mechanisms (‘appropriate safeguards’) like standard contractual clauses. An example of this are the Standard Contractual Clauses issued on 4 June 2021, under Article 46(2) GDPR, Article 46(2) of the UK equivalent GDPR, and the revised Federal Act on Data Protection for the transfer of personal data originating in Switzerland.

We ensure the above-mentioned mechanisms are in place with our group companies and third-party service providers. For more information on the legal mechanisms, we rely on in respect of either data sharing arrangement please reach out to us by email at privacy@harvey.ai.

  • Derogation or Exceptions:

In limited circumstances, we may rely on an exception, or ‘derogation’ (under Article 49 GDPR), to transfer your Personal Data to such country despite the absence of an ‘adequacy decision’ or ‘appropriate safeguards’ – e.g. reliance on your explicit consent to that transfer or because it is necessary for the establishment, exercise or defence of legal claims (including regulatory, administrative or any out-of-court procedure, and seeking advice).

  • Data Privacy Framework:

We comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF (“UK Extension”), and the Swiss-U.S. Data Privacy Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Harvey has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regards to the processing of personal data received from the European Union (“EU”) and UK in reliance on the EU-U.S. DPF and the UK Extension. We have similarly certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regards to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles, the UK Extension, or the Swiss-U.S. DPF Principles, the principles shall govern. To learn more about the EU – U.S. DPF, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Commitment to Cooperate. In compliance with the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF, Harvey commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (“DPAs”) and the UK Information Commissioner’s Office (“ICO”) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF.

Federal Trade Commission. The Federal Trade Commission has jurisdiction over Harvey’s compliance with the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF.

Right to Arbitrate. You may, under certain conditions, invoke binding arbitration for complaints regarding Data Privacy Framework compliance. More details can be found here.

Accountability for Onward Transfers. We take responsibility for the processing of Personal Data we receive and subsequently transfer to a third party. In the case of an onward transfer, Harvey remains liable if such a third-party processes Personal Data in a way that is inconsistent with the Data Privacy Framework Principles, unless we can demonstrate that we were not responsible for the event that gave rise to the damage.

If you want to contact us with any inquiries or complaints regarding our reliance on the DPFs, you can email us at privacy@harvey.ai.

7. Data Retention

We retain the Personal Data we collect from you for as long as necessary for the purposes described in this Privacy Policy. If you have a Customer Agreement with us, we will delete your data in accordance with your Customer Agreement.

How long we retain Personal Data will depend on a number of factors including whether we need to retain your data:

  • to comply with the terms of your or your employer’s Customer Agreement;
  • to comply with or demonstrate compliance with our legal obligations, to resolve disputes, or to enforce our agreements; and
  • in relation to Account Information, for our tax, accounting, and audit requirements.

When we have no ongoing legitimate business need or legal reason to process your Personal Data, we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.

8. Jurisdiction Specific Provisions

  • EEA, UK, and Switzerland

We rely on several legal bases in accordance with applicable data protection laws, such as the General Data Protection Regulation (“GDPR”) or United Kingdom Data Protection Regulation (“UK GDPR”) to process Personal Data for the purposes set out in this Privacy Policy. These legal bases are as follows:

a) Contractual Necessity - where we need to engage in this processing to conclude and perform a contract with you. For example, we require certain Personal Data in order to provide and support the Services we provide.

b) Legal obligation – where we must process and retain your Personal Data to comply with law or to fulfil certain legal obligations. For example, to retain and disclose certain information in response to a valid legal request from regulators, law enforcement, or others.

c) Consent – in certain circumstances, we may ask for your consent before we collect, use, or disclose your Personal Data. In such circumstances you can voluntarily choose to give or deny your consent without any negative consequences. Where you opt to provide your consent, you can withdraw it at any time.

d) Legitimate interests – where the processing is necessary for the legitimate interests of either Harvey or a third party, but only when we are confident that your privacy rights will remain appropriately protected. If we rely on our (or a third party's) legitimate interests, these interests will include:

  1. operating, providing, and improving our business, including our, support practices, online platform and Services;
  2. improving our products and Services;
  3. improving or developing marketing activities and promoting our products and Services;
  4. personalising our Services to you;
  5. detecting or preventing illegal activities (for example, fraud), as well as, enforcing violations of our Customer Agreements or terms of service (collectively “Terms”) including to prevent misuse of our Services, and violations of our trust and safety protocols; and
  6. managing the security of our IT infrastructure, and the safety and security of our employees, customers, vendors, and visitors.

For each legal basis above, we have described the purposes of our processing (why we process your information) and our processing operations (how we process your information to achieve each purpose) in the table below. We also list the categories of your information that we process for each purpose.

Contractual Necessity

Why and How We Process Your Personal Data

Information Categories Processed

To create and maintain your account and provide our Services  
 
We collect certain information to set up your Harvey account and to allow you to use our Services.  
 
Where appropriate we may also rely on our legitimate interests in providing and administering our Services pursuant to our agreements with the Customer with which you are associated, and those of our Customer, in receiving those Services.

  • Account Information
  • Communication Information
  • Log Data
  • Usage Data
  • Device Information
  • Information Collected From Third Parties
  • Cookies and Similar Technologies
  • Publicly Available Information

To send communications related to our Services  
 
We may send you communications about our Services, including to verify your email address, welcome you to the Services, confirm a purchase/transaction, to notify you about a new service offering, changes or updates to the Services, or updates to this Privacy Policy, our Terms or other policies, or to provide other notices in accordance with our Terms. We may also send you communications in furtherance of entering into agreements with you or your employer.  
 
Where appropriate we may also rely on our legitimate interest in providing, supporting, and administering our Services pursuant to our agreements with the Customer with which you are associated and those of our Customer, in receiving those Services and Support.

  • Account Information
  • Communication Information

To provide customer support and resolve issues  
 
We use your information to respond to customer support requests (such as questions you ask about the Services).  
 
Where appropriate we may also rely on our legitimate interests in providing, supporting, and administering our Services pursuant to our agreements with the Customer with which you are associated, and those of our Customer, in receiving those Services and support.

  • Account Information
  • Communication Information
  • Usage Data
  • Log Data
  • Device Information
Legal Obligation

Why and How We Process Your Personal Data

Information Categories Processed

To comply with our legal obligations  
 
For example, to access, preserve or disclose certain information if there is a valid legal request from a regulator, law enforcement or others or to implement appropriate security measures.

The categories of information will depend on the specific circumstances of each request or obligation. Only the information necessary to comply with the relevant legal obligation will be processed. Depending on the circumstances, it could include the following:

  • Account Information
  • Communication Information
  • Log Data
  • Usage Data
  • Device Information
  • Information Collected From Third Parties
  • Cookies and Similar Technologies
  • Publicly Available Information
Consent

Why and How We Process Your Personal Data

Information Categories Processed

Advertising  
 
We may use your Personal Data to assess your eligibility for and offer you our Services. We use Personal Data of website visitors for interest-based advertising. In certain countries (such as some in the European Union), we may need your consent to send or direct marketing messages to you. You will be given the opportunity to opt out from such marketing messages, including in each email we send to you.  
 
When permissible, we may also direct advertising to you based on our legitimate interest in advertising and promoting our Services.

  • Social Media Information
  • Cookies and Similar Technologies
  • Device Information
  • Information Collected from Third Parties
  • Communication Information
Legitimate Interests

Why and How We Process Your Personal Data

Information Categories Processed

To improve and develop the Services  
 
We use certain information to improve our Services, including to ensure the Services are functioning correctly, and to discover ways to innovate new features and improve existing ones. We also use this information for general research, including with regard to the use and interest in our Services, and aggregate reporting.  
 
Harvey’s legitimate interest  
 
It is in our legitimate interest to understand how our Services are being used, and to explore and unlock ways to develop and grow our business. It is in our legitimate interests, and those of our Customers, to increase interest in our Services, and obtain insights into usage patterns of our Services.

  • Account Information
  • Communication Information
  • Log Data
  • Usage Data
  • Device Information *Information Collected From Third Parties
  • Cookies and Similar Technologies
  • Publicly Available Information

To keep our Services safe and secure  
 
We process your information and, in some cases, apply automated processing and manual (that is, human) review to maintain the security and integrity of our Services. This involves taking steps to detect, investigate and otherwise protect ourselves and our Customers against abuse, harassment, breaches of our systems, intellectual property infringement, crime, illegal activity, suspected fraud, harm, suspected violations of our Terms of Use or other policies and safety and security risks of all kinds.  
 
Harvey’s legitimate interest  
 
It is in our legitimate interests, and those of our Customers, to ensure the security of our Services, and to combat harmful, accidental misuse, or inappropriate conduct. It is in our legitimate interests, those of our Customers and the general public to enforce our Terms and associated policies, including to prevent or address fraud, and illegal activities.

  • Account Information
  • Communication Information
  • Publicly Available Information
  • Log Data
  • Usage Data
  • Device Information *Information Collected From Third Parties
  • Account Information
  • Communication Information
  • Log Data
  • Usage Data
  • Publicly Available Information

To personalise our Services  
 
We use certain information to personalise our Services to you including to provide you with products and features relevant to your profession.  
 
Harvey’s legitimate interest  
 
It is in our legitimate interests, and those of our Customers, to increase interest in our Services, and provide material and products relevant to Your profession.

  • Account Information
  • Communication Information
  • Log Data
  • Usage Data
  • Publicly Available Information

To protect our legal rights  
 
We may also retain, preserve, disclose, or review your information to protect, establish, or exercise our legal rights or defend against impending or asserted legal claims, including to collect a debt or address a violation of our Terms and policies.  
 
Harvey’s legitimate interest  
 
It is in our legitimate interest to seek legal advice and protect ourselves (including our rights, personnel, intellectual property or platform), or in respect of regulatory inquiries, litigation or any other dispute.

  • Account Information
  • Communication Information
  • Log Data
  • Usage Data
  • Publicly Available Information

To share information with law enforcement and respond to legal requests  
 
We may share your information with a third party, including law enforcement authorities, where not compelled by law when we believe in good faith that such use and/or disclosure is reasonably necessary to detect, prevent or prosecute illegal activity or to prevent imminent death or imminent bodily harm. The categories of information that we access, preserve, use and share for these purposes will depend on the specific circumstances.  
 
Harvey’s legitimate interest  
 
It is in our legitimate interest and the interests of the general public to share information with third parties, including as part of investigations or regulatory inquiries, to detect, investigate and prosecute illegal activity or to prevent death or imminent bodily harm.

The categories of information will depend on the specific circumstances of each request or obligation. Depending on the circumstances, it could include the following:

  • Account Information
  • Communication Information
  • Log Data
  • Usage Data
  • Publicly Available Information

In the event of a business reorganisation or fund raising activities  
 
In some cases, we may choose to reorganise our business or raise funds (such as raise capital, a sale, merger, liquidation, receivership, reorganisation, or transfer of all or substantially all of Harvey’s assets) and your Personal Data may be disclosed in the diligence process with counterparties and others assisting with the transaction, and transferred to a successor or affiliate as part of that transaction along with other assets.  
 
Harvey’s legitimate interest  
 
Such transactions may be necessary and in our legitimate interests, particularly our interest in making decisions that enable our business to develop over the long term.

  • Account Information
  • Information Collected From Third * Parties
  • Communication Information
  • Usage Data
  • Log Data
  • Publicly Available Information
  • Device Information
  • Cookies and Similar Technologies
  • Social Media Information

To share information with our service providers and business partners  
 
We share certain information with our service providers and business partners, as detailed in Section 4 above.  
 
Harvey’s legitimate interest  
 
It is in our legitimate interests, and those of our Customers, to engage service providers and partners to assist in the provision of the Services and operation of our business.

  • Account Information
  • Social Media Information
  • Information Collected From Third Parties
  • Publicly Available Information
  • Communication Information
  • Usage Data
  • Log Data
  • Device Information
  • Cookies and Similar Technologies

To send you email and telephone marketing  
 
At certain times, we may contact you with information or marketing material about our Services and promotional business/ networking events. Where permitted by law, this activity may be based on our legitimate interest or on your consent as appropriate under applicable law. You may object to such processing or revoke your consent as described in Section 10.  
 
Harvey’s legitimate interest  
 
It is in our legitimate interests to send marketing communications to business contacts, and to inform them of upcoming events hosted or sponsored by us.

  • Account Information
  • Social Media Information
  • Information Collected From Third Parties
  • Publicly Available Information
  • Usage Data
  • Device Information
  • Cookies and Similar Technologies
  • Communication Information

To bill for our Services  
 
If you are employed by one of our Customers we may process your Personal Data to send you bills or communicate with you about amounts owed by your employer.  
 
Harvey’s legitimate interest  
 
It is in our legitimate interest to obtain payment for the Services we provide.

  • Account Information
  • Communication Information

To obtain and pay for services from our service providers and partners.  
 
If you are employed by an organization that provides us with services we may use your Personal Data to communicate with you and direct payment related to those services.  
 
Harvey’s legitimate interest  
 
It is in our legitimate interest to obtain and pay for services to support our Services and business activities.

  • Communication Information
  • United States

If you are a consumer located in the United States (“US”), we process your Personal Data in accordance with US privacy laws, including the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (“CCPA”). As used in this Privacy Policy, the term Personal Data includes “Personal Information” as defined under the CCPA.

Personal Data We Collect and Disclose

We collect and have collected in the past 12 months, the following categories of Personal Data as further described and from the sources identified in Section 2 of this Privacy Policy. We collect these categories of Personal Data for the business or commercial purposes described in Section 3 of this Privacy Policy and disclose them as described in Section 4 of this Privacy Policy.

  • Identifiers such as name, signature, email address, postal address, internet protocol address, and account name,
  • Professional or employment related information, such as current employer, job title, and employment history,
  • Financial information such as account numbers and other payment information,
  • Commercial Information such as your history of subscribing to the Services,
  • Internet and other electronic network activity information, such as your interactions with our Websites and Services, Social Media services and advertisements,
  • Education information,
  • Audio and visual information, and
  • Inferences drawn from the above information.

We do not use or disclose Sensitive Personal Information (as defined under the CCPA) for purposes other than those specified in 11 CCR § 7027(m).

Personal Data We Share

Harvey does not sell or share Personal Data with third parties in exchange for payment. However, in the last 12 months, to the extent permitted by applicable law we have provided Personal Data of individuals who visit our Websites or otherwise provide their Personal Data for marketing purposes with third party partners, such as advertising partners, analytics providers, and social networks, who assist us in advertising our products and Services to you. This may be considered a data “sale” or “sharing” as those terms are defined under the CCPA and other applicable US privacy laws.

Personal Data we share for these purposes may include:

  • email address,
  • Device Information, and
  • information about your interactions with our Websites and advertisements.

For more information on the parties with which we share Personal Data please see our Privacy Center. To our knowledge, we do not sell or share Personal Data of minors under 18 years of age.

Consumer Rights

As a U.S. consumer and subject to certain limitations under U.S. privacy laws, you may have choices regarding our use and disclosure of your Personal Data. Those rights may include the rights described in Section 10 of this Privacy Policy and the additional rights listed below. For information regarding which of these rights may be applicable in your state, please visit our Privacy Center.

  1. The right to know/confirmation of processing: You may have a right to request additional information including the categories and purposes for which your Personal Data is collected and the third parties to which your Personal Data is disclosed.
  2. The right to opt-out from targeted advertising, and the Sale or Sharing of your Personal Data: We do not sell or share your Personal Data in exchange for payment. As noted above, we may share the Personal Data of certain individuals for targeted advertising. Where legally required, we provide you with the option to opt out of targeted advertising on our site under “Your Privacy Choices”. Where we detect the Global Privacy Control signal, we will also treat that as a request to opt out from targeted advertising for data associated with the specific browser and device that transmits the signal.
  3. The right to opt-out from certain profiling: If we process your Personal Data in furtherance of decisions that produce legal or similarly significant effects, we will notify you and you may have the right to opt-out from such processing.
  4. The right to non-discrimination: If you exercise any of your other rights under U.S. privacy laws, the law may also grant you the right not to be discriminated against for having done so.
  5. The right to appeal: If we deny a request to exercise your rights, you may have the right to appeal that decision.

To submit a request to exercise any of the rights described above, please contact us using the method described in the ‘How to Contact Us’ section 12 below.

  • Canada

Notwithstanding anything to the contrary in this Privacy Policy, in Canada, we will only collect, use and disclose information about you in accordance with Canadian law. We will only process Personal Data with consent and/or adequate notice if and when required.

You have the right to withdraw consent to the collection, use and disclosure of the Personal Data subject to limits in applicable law. Withdrawal of consent will not impact the validity of any consent you have given up to the date of withdrawal. If you withdraw your consent, we may not be able to continue to provide Services to you.

Depending on your province of residence, You may also have the following rights:

  • You may have a right to access your Personal Data held by us. These rights are not absolute, but subject to limits in applicable law. Where a request to access your Personal Data is refused, we will notify you in writing, document the reasons for refusal, and outline further steps which are available to you.
  • You may have a right to request correction of your Personal Data held by us. If you request a correction to your Personal Data and we are satisfied on reasonable grounds that there is an error or omission in your Personal Data, we will correct the Personal Data as soon as reasonably possible in accordance with applicable law. If we do not correct the information, we will annotate it to show that a correction request was made.

If you are a resident of Quebec, you also have the right:

  • to obtain your Personal Data in a structured, commonly used technological format, or to request that we transmit your Personal Data to another third-party you designate, where technically feasible; or
  • to request, in certain circumstances, that we cease disseminating your Personal Data.

You can exercise your rights by contacting us using the details listed in Section 12 below.

  • Australia

For purposes of this Privacy Policy, “Personal Data” includes “personal information” as defined under applicable privacy laws in Australia, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (for the purposes of this section “Privacy Act”). If your Personal Data is subject to the Privacy Act, you may seek access and correction of the Personal Data we hold about you as described in Section 10 of this Privacy Policy. If you believe that we have collected, disclosed, or otherwise used your Personal Data in a manner that breaches the Privacy Act you may submit a complaint by emailing us at privacy@harvey.ai. We will promptly investigate your complaint and respond to you in writing, typically within thirty days . If you are not satisfied with our response, you may consider contacting the Office of the Australian Information Commissioner. Personal Data we collect about you may be disclosed to the overseas recipients described in Section 4 of this Privacy Policy. In most cases, those recipients will be located in the United States, the United Kingdom, the European Union, or other locations where our affiliates maintain operations.

9. Minors Data

Our Websites and Services are not directed to anyone under the age of 18. Harvey does not knowingly collect Personal Data from anyone under the age of 18. If you have reason to believe that a minor under the age of 18 has provided Personal Data to Harvey through our Services, please email us at privacy@harvey.ai and we will endeavour to delete that information from our systems.

10. Your Data Protection Rights

Individuals across the globe have certain statutory rights with respect to their Personal Data. Subject to certain exceptions and exemptions provided by law and where applicable, you may have the right to:

  • Access, correct, update, or request deletion of your Personal Data.
  • Object to processing of your personal data, ask us to restrict processing of your Personal Data.
  • Request portability of your personal data, (i.e. your data to be transferred in a readable and standardised format).
  • Opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details provided under the ‘How to Contact us’ heading below. If you choose to opt out of marketing communications, we will still send you non-promotional emails, such as emails about your account or our ongoing business relations.
  • Withdraw your consent at any time, if we have collected and processed your Personal Data with your consent. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
  • Complain to a supervisory authority. For more information, please contact your local supervisory authority. Contact details for supervisory authorities in the EU are available here and for the UK here.

To exercise any of your rights you can contact us using the contact details provided under the ‘How to Contact us’ heading at section 12 below. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. Where required or permitted by applicable data protection laws, we may ask you to verify your identity, including by confirming the details of information you have previously provided to us.

11. Updates to this Privacy Policy

We may update this Privacy Notice from time to time in response to changing legal, regulatory, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.

12. How to Contact Us

If you have any questions or concerns about our use of your Personal Data, please contact our Data Protection Officer using the following details: privacy@harvey.ai. You may also write to us at: Harvey AI Corporation, 201 3rd St, Suite 500, San Francisco California 94103 USA or Harvey AI Ireland Limited, 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43 in the EU.

DPO

Dr. Felix Wittern, Fieldfisher, whose principal office is at Amerigo-Vespucci-Platz 1, 20457 Hamburg, Germany; DPO@harvey.ai

Previous Versions

2025

2024