Skip to content

Security and privacy

All data stored on Harvest and Forecast is safe, secure, and reliable. For us, it’s the only way to do business.

1 – We keep your data safe

All Harvest and Forecast accounts use SSL-encrypted connections by default—the same level of security used by online banks. You never send or receive sensitive information in plain-text. Additionally, industry-standard physical and remote security is administered at datacenter facilities.

2 – Your privacy is our focus

Harvest cares deeply about protecting the privacy of the data entrusted to us by our customers. This is one of the core values at the heart of our business. Please review our Privacy Policy for specific details.

3 – How we stay reliable

Harvest achieves an average 99.9% uptime. All data is protected by hardware RAID over multiple data storage units. Critical servers have redundant power supplies and components are deployed in (at least) redundant pairs. Any system related issues are reported, and updated in real-time at HarvestStatus.com.

4 – Our data retention policy

We take our role as custodian of your data extremely seriously. Backups occur multiple times a day and are replicated to, at least, 2 physical data centers. Upon deletion we delete customer data immediately from our databases. Database backups are retained for 180 days and application logs (for assisting Harvest Support cases) are retained for 90 days. Customers’ activity logs are stored for 1 year.

5 – Our industry-standard practices

Harvest systems and processes adhere to industry best practices in security. All our inter-server and inter-data center communications are encrypted. Access to servers and customer data is strictly controlled and we keep an immutable audit trail for support-related data access. Learn more about how Harvest ensures the security of your data in our Security FAQ.

PCI-compliance

Harvest has a PCI-DSS Merchant Certificate, although we don’t store any payment information.

SOC 2

We rely on our server host’s audit, and they are SOC 2 certified.

Incident Report Plan

We maintain a security incident response plan to provide a framework to ensure that potential computer security incidents are managed in an effective and consistent manner. This document is reviewed at least annually.

6 – Our responsible security disclosure

Harvest maintains an active public program on HackerOne. We encourage all security reports to be made via our program on HackerOne. Alternatively, email a complete description of the issue to security@getharvest.com including code samples and as much detail as possible.