Privacy Policy

Effective Date: April 12, 2026

NHM LLC ("we," "us," or "our") operates the website at nhmohio.com, related APIs and backend services, and the Harbor mobile apps. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use these services.

1. Information we collect

Information You Provide Directly:

  • Contact Form Submissions: Name, email address, phone number, company name, and message content when you submit our contact form.
  • Account Registration: Email address and password when you create a dashboard account.
  • Domain Monitoring: Domain names you add to your dashboard for security scanning and monitoring.
  • Scan and assessment results: Outputs from security scans, DNS and checkup results, uptime checks, SEO and accessibility audits, vulnerability findings, compliance checklists, and related alerts or reports generated for your account. We retain these results on our servers so we can show history, run notifications, and keep the dashboard and Harbor app working as designed—not for unrelated marketing.
  • Security Assessments: Responses to our IT security survey and security assessment tools.
  • Harbor (mobile): When you use our mobile app, we process account credentials and tokens as described below. We may receive mobile push notification tokens and related identifiers so we can deliver alerts you opt into. The app may cache domain and account data locally on your device for performance and offline access.
  • In-app purchases: If you subscribe through the Apple App Store or Google Play, Apple or Google process payment information. We receive subscription identifiers and receipts or tokens needed to validate your plan on our servers—we do not receive your full payment card number from the stores.

Information collected automatically:

  • Analytics Data: We use Cloudflare Web Analytics, which collects anonymized page view data without using cookies or tracking individual users. No personally identifiable information is collected through analytics.
  • Log data: Our web server (Cloudflare Workers) may log standard request information such as IP address, browser type, pages visited, and timestamps for security and performance purposes.
  • Device / app data: For push notifications and app reliability, we may process device tokens, app version, and similar technical data as needed to deliver the service.

2. How we use your information

  • To respond to your inquiries and provide requested services
  • To provide dashboard functionality including domain monitoring, security scanning, and compliance tracking
  • To store and display scan results, scores, logs, and related outputs so you can review past runs, compare changes over time, receive alerts, and use features that depend on prior data (for example trend lines, reports, and synced views between the web dashboard and Harbor mobile app)
  • To send service-related notifications (e.g., scan results, security alerts), including push notifications when you enable them
  • To improve our website and services
  • To protect against unauthorized access and security threats
  • To comply with legal obligations

3. Data storage and security

Your data is stored securely using Cloudflare's infrastructure, including Cloudflare D1 databases. Account passwords are hashed using industry-standard algorithms and are never stored in plain text. We implement appropriate technical and organizational measures to protect your personal information, including encryption in transit (TLS/SSL) and access controls.

Retention of operational results: We keep scan results, monitoring outputs, and related records for as long as your account is active and they are needed to provide the service—for example to show recent and historical results, power notifications, and maintain app and API behavior you rely on. If you delete a domain or your account, associated results are removed in line with our technical processes and your deletion requests, subject to limited backup or legal retention where applicable.

4. Local storage on your devices

The Harbor app may store session tokens in the device secure storage (e.g., Keychain or Keystore) and cache data in a local database on your device so the app can load quickly and work offline in limited ways. The website may store an authentication token in browser local storage when you log in. You can clear app data through device settings or the app's cache controls where offered.

5. Two-factor authentication

If you enable two-factor authentication (2FA) on your dashboard account, we store the encrypted TOTP secret associated with your account. This data is used solely for authentication purposes.

6. Information sharing

We do not sell, trade, or rent your personal information. We may share information in the following limited circumstances:

  • Service Providers: We use Cloudflare for hosting and infrastructure. Your data may be processed by Cloudflare in accordance with their privacy policy.
  • Discord Notifications: If you configure Discord webhook integration in your dashboard, scan results and notifications will be sent to your specified Discord channel.
  • Legal requirements: We may disclose your information if required by law or in response to valid legal process.
  • Apple / Google: When you use in-app purchases, Apple or Google process payment according to their privacy policies; we receive only what is needed to validate and manage your subscription.

7. Cookies and similar technologies

Our website uses minimal cookies necessary for functionality. Please see our Cookie Policy for details.

8. Your rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and associated data
  • Opt out of non-essential communications

To exercise any of these rights, please contact us at (330) 587-9583 or through our contact page.

9. California privacy rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect and how it is used, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

10. Children's privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

11. Third-party links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Your continued use of our website after changes are posted constitutes acceptance of the updated policy.

13. Contact us

If you have questions about this Privacy Policy or our data practices, please contact us: