Privacy

Privacy, data handling, and preference management

This page is HarbourStep's general privacy notice for public-site visitors, borrowers, investors, and partners. More specific forms, eligibility flows, or diligence stages may still provide more detailed layered notices at the point of collection.

Public-layer facts this notice sits over

Legal entity

Corteran

Public contact

hello@corteran.com

Complaints email

complaints@corteran.com

Support hours

Monday to Friday, 9:00-17:00

What we may collect

We may collect information you submit through contact, precheck, upload, booking, consent, investor-eligibility, or partner-application flows, together with device data, source-page data, UTM tags, access logs, file metadata, and audit records.

Why we use it

We use this information to run borrower-readiness workflows, manage documents, coordinate communication, review eligibility, screen investor or partner access, secure the platform, prevent misuse, analyse operations, maintain compliance records, and follow up where you have clearly requested or allowed that follow-up.

Where information may also come from

In addition to information you submit directly, we may receive supporting information from brokers, introducers, professional advisers, identity-verification providers, payment or infrastructure vendors, and other third parties you authorise.

When information may be shared

We share information only where reasonably necessary to provide the service, support operations, meet legal obligations, prevent fraud, or complete compliance review, and we try to keep that sharing to the minimum necessary scope.

Cross-border processing and vendors

The platform may rely on cloud storage, analytics, communications, identity-verification, or AI vendors located outside your home country. Where a specific workflow involves identifiable cross-border disclosure, that workflow should provide a more specific notice or contractual document set.

AI and automation

HarbourStep AI features and readiness outputs are used for organisation, triage support, and next-step guidance. They are not formal credit decisions, securities-offer determinations, or personalised investment advice. If a future workflow uses automation in a way that materially affects an individual, that workflow should explain it clearly.

Your choices and rights

Ask us to correct clearly inaccurate information you submitted.

Withdraw follow-up or marketing contact where that choice is available.

Request deletion, restriction, or export of information where the law allows and retention duties do not prevent it.

Ask for a general explanation of why a category of data was collected, shared, or retained.

Form notices, retention, and message boundaries

Key forms should explain collection purpose, whether fields are required, the consequence of non-submission, whether follow-up may occur, and whether cross-border processing may be involved.

Data is protected through access control, audit logging, least-privilege design, private file storage, and workflow segmentation.

Retention periods depend on service needs, regulatory duties, dispute handling, fraud prevention, and audit requirements; data should be deleted or de-identified when no longer needed.

Service messages and marketing messages should be handled separately; transactional actions should not automatically be treated as marketing consent.

Related trust and legal pages

Public disclosures

Review entity facts, public-layer boundaries, and where formal documents take over.

Review the legal boundary and public-layer disclaimers.

Consent center

Review and manage follow-up permission and consent history.

Complaints and concerns

Start here when privacy, disclosure, or follow-up handling becomes contested.

Contact and privacy concerns

If you want to access, correct, or delete information, or raise a privacy concern, start through the contact path. Depending on jurisdiction, you may also have the right to complain to the relevant privacy or data-protection regulator. Contact / Complaints / Public disclosures