Frequently Asked Questions

Yes. Harmonity is designed for permissioned access and scoped visibility. Workspace and document roles define who can view, comment, edit, or approve, and permission boundaries are intended to apply consistently across workflows and AI features.

Yes. Key events are intended to be timestamped and tied to actors, with centralized logs to support investigations and internal governance.

This depends on your plan and configuration. If you have enterprise requirements (e.g., audit export formats, admin reporting), request the security package and we’ll share what’s available.

Harmonity is designed to use encryption in transit and at rest (high-level) and controlled access to data stores.

The service is operated with monitoring, backup, and recovery practices designed for business-critical contract workflows.

We maintain an incident response process and define expectations for customer communication, including planned maintenance communications.

Yes. We can share security documentation for evaluation (and under NDA where needed).

If you believe you found a security vulnerability, contact us at support@harmonity.ai with relevant details. Please avoid including sensitive customer data in reports where possible.

Customers retain rights in their content (“Customer Data”). Harmonity processes Customer Data to provide and operate the service, consistent with the Terms and the DPA where applicable.

No training on customer data is a core commitment for customer trust. Customer Data is not used to train general-purpose models for the benefit of other customers.

We follow purpose-based retention. For sales/support records and demo requests we use retention windows aligned with common B2B practice (e.g., up to 365 days for certain records), and platform data retention is governed by contract terms and customer instructions (including post-termination retrieval windows).

Deletion and data lifecycle behaviors depend on the relationship and role. Customer platform data is typically governed by the customer contract and DPA instructions. Sales/support records are retained only as long as needed for the stated purposes and legal obligations.

No. Harmonity does not sell personal data. We share data with service providers only as needed to operate the service and business functions, under contractual controls.

Yes. Like most SaaS providers, we use vetted vendors for hosting, communications, support tooling, analytics, and embedded content.

We maintain a subprocessor list that includes vendor, purpose, and region (where applicable), and how we notify customers of changes.

Yes. Our approach to subprocessor updates and notifications is described on the subprocessors page (and may be reflected in contractual terms for enterprise plans).

Harmonity emphasizes controlled AI—outputs are designed to be reviewable, and workflows preserve a durable decision record. AI features are intended to respect the same permission boundaries as users and documents.

No. AI outputs are not legal advice, opinions, or recommendations. You are responsible for human review and approval before using outputs in real-world decisions.

Yes. AI can produce incorrect or incomplete results (“hallucinations”). AI features are provided with appropriate disclaimers and should be treated as assistive tooling requiring verification.

Harmonity is designed to avoid “black box” edits—suggestions should be surfaced transparently before changes are applied.

We provide a GDPR overview for EU/EEA contexts and support contractual and operational controls commonly required in procurement reviews (e.g., DPA, subprocessors, security materials).

We provide a KVKK overview and the required Türkiye-focused documents, including the information notice and application form.

Privacy Policy: /legal/privacy-policy • Cookies Statement: /legal/cookies-statement • Cookie Preferences: /legal/cookie-preferences (also available as a persistent footer link).

Yes. SLA terms (availability commitments, support response targets, and service credit structure where applicable) are documented in the Service Level Agreement.

If/when a public status page is available, we will link it from the Reliability page.

Email support@harmonity.ai for support, security, privacy, or procurement inquiries.

All legal documents are available at /legal, including Terms of Service, Privacy Policy, Cookies Statement, Cookie Preferences, Service Level Agreement, Code of Conduct, GDPR, KVKK, Aydınlatma Metni, and KVKK Başvuru Formu.