Harmonizer is built on enterprise-grade security infrastructure. We operate under a strict data governance policy: your competitive trade intelligence is never used to train public AI models.
Last updated: February 22, 2026
Security Overview
Every element of Harmonizer's infrastructure is designed to protect the sensitivity of your trade intelligence.
Tenant-Level Separation
Your trade data is stored in a private schema isolated from all other tenants. No shared tables, no cross-contamination. Your tariff classifications, shipment history, and product descriptions exist in a dedicated, access-controlled environment.
Military-Grade Standards
All data is encrypted using AES-256 while at rest and protected by TLS 1.2+ during transmission. This is the same standard used by financial institutions and government agencies.
At Rest
AES-256
Database & file storage encryption
In Transit
TLS 1.2+
All API calls & data transfer
Key Management
AWS KMS
Automated key rotation
Secrets
Vault-Managed
Zero plaintext credentials
AWS + Vercel
Harmonizer is hosted exclusively on SOC2 Type II certified infrastructure via Amazon Web Services (AWS) and Vercel, with configurable data residency options for organizations with geographic compliance requirements.
Powered by AWS + Vercel enterprise infrastructure
Your Data Stays Yours
We will never use your proprietary trade data—your product descriptions, HTS decisions, shipment volumes, or supplier identities—to train public or shared AI models.
Your competitive intelligence is what makes your brokerage valuable. We understand this. The data you input into Harmonizer reflects years of supplier relationships, pricing strategies, and market knowledge. We treat it accordingly.
Effective Date: February 22, 2026 · FlowSumo Inc. DBA Harmonizer
Account Data: When you register for the pilot program, we collect your name, company name, work email address, and job title.
Classification Input Data: Product descriptions you submit for HTS classification. This data is processed by our AI engine and stored as part of your classification history.
Usage Data: Anonymized metadata about how you use the platform (feature clicks, session duration) to improve product quality. This does not include your trade data.
Technical Data: Browser type, IP address (anonymized), and operating system for security monitoring and fraud prevention.
We use your data exclusively to deliver the classification service, maintain your audit records, provide technical support, and communicate important service updates.
Critical Commitment: Your product descriptions and classification decisions are never used to train, fine-tune, or improve AI models that are shared with or accessible by other users or organizations.
We do not sell your data. We do not monetize your information through advertising networks or data brokers, ever.
We use the following categories of sub-processors, all of whom are contractually bound to our data security standards:
We may disclose data only when legally required by valid court order, subpoena, or government authority under applicable law, and only to the extent required.
Classification records are retained for a minimum of 5 years, consistent with CBP recordkeeping requirements under 19 CFR Part 163. Enterprise customers may configure extended retention periods.
Upon contract termination, you may request complete deletion of your organizational data within 30 days. We will provide written confirmation once deletion is complete. Backup copies are purged within 90 days of the deletion request.
Depending on your jurisdiction (including GDPR, CCPA, and similar laws), you may have the following rights:
Access
Request a copy of your stored data
Rectification
Correct inaccurate personal data
Erasure
Request deletion of your data
Portability
Export your data in a standard format
To exercise any right, email us at privacy@harmonizer.ai. We respond to all verified requests within 30 days.
We use strictly necessary cookies for session management and authentication. We do not use advertising cookies or cross-site tracking pixels. Our analytics use anonymized, aggregated data with no personal identifiers. You can manage cookie preferences at any time through your browser settings.
We will notify all active users via email at least 30 days before any material changes to this policy take effect. Continued use of the service after that period constitutes acceptance of the updated policy. The date at the top of this page reflects the current effective version.
For privacy-related questions, data requests, or security disclosures:
FlowSumo Inc. DBA Harmonizer
Privacy Office: privacy@harmonizer.ai
Security Disclosures: security@harmonizer.ai
General Contact: contact page →