Does your website use third-party services? Get GDPR compliant in minutes.

HarborByte

PreferencesWebsite

What does Harborbyte do?

Performance and observability service that captures browser errors, performance metrics and user session metadata through a JavaScript SDK and a server side ingestion API.

What Harborbyte is

Harborbyte is a performance and observability service used by web teams to track frontend errors, page performance metrics (TTFB, LCP, FID) and user session metadata. A small JavaScript SDK is dropped on the page; it batches events and ships them to the Harborbyte ingestion API for analysis.

Data and cookies

The SDK writes a first party session cookie (hb_session) and a longer lived visitor cookie (hb_visitor). Events sent to the ingestion endpoint contain the page URL, user agent, error stacks, performance timings, IP address and an optional user identifier set by the operator.

GDPR and ePrivacy posture

Both cookies and the SDK request to the Harborbyte API trigger Article 5(3) ePrivacy because they read or write information on the visitor device. Consent is therefore required before the SDK loads. The IP address and any session identifiers shared with the API constitute personal data under Article 4(1) GDPR.

Get GDPR compliant in 10 minutes

Free plan available · No credit card required

Try FlowConsent free

Transfers and contracts

Harborbyte hosts ingestion in US AWS regions. EU operators must sign Standard Contractual Clauses with Harborbyte, complete a Transfer Impact Assessment and document the residency in their RoPA. Confirm whether an EU residency option is available before signing.

Implementation steps

Gate the SDK behind your CMP, configure the SDK to scrub form inputs and URL query strings, set a short retention for session replays, sign the DPA and SCCs, run a DPIA when stack traces can incidentally contain personal data, and surface Harborbyte in your privacy notice.

GDPR consent category

Preferences

Websites using Harborbyte must obtain user consent under GDPR regulations.

Legal basisConsent (Art. 6(1)(a) GDPR and Art. 5(3) ePrivacy) for the Harborbyte SDK cookies and behavioural event collection. Legitimate interest (Art. 6(1)(f)) may apply for purely operational error reporting where no behavioural data is processed.

Risk levelmedium

Applicable regulationsGDPR, ePrivacy Directive, CCPA, UK GDPR

DPIA considerations

A DPIA is appropriate when Harborbyte session metadata can be linked to identified users (logged in customers) or when stack traces can incidentally contain personal data from form inputs and URL parameters.

Sample consent text

We use Harborbyte to monitor performance and detect errors. With your consent, the Harborbyte SDK stores diagnostic information on your device and sends it to servers in the United States.

Technical details

Tracking methodJavaScript SDK that records browser performance, error stacks and user session metadata, plus first party cookies for session continuity. Server side ingestion API receives events from the SDK.

Server locationUnited States (operator infrastructure on AWS US East)

Data transferred outside the EUHarborbyte ingests events on US AWS infrastructure. Standard Contractual Clauses are required and a Transfer Impact Assessment should be completed.

Third-party domains contacted

harborbyte.comcdn.harborbyte.comingest.harborbyte.com

Cookies placed

Name	Type	Duration	Purpose
hb_session	first_party	Session	Session identifier used to group performance and error events from the same browsing session.
hb_visitor	first_party	1 year	Persistent visitor identifier used to deduplicate users across sessions and to count returning visitors.
hb_exp	first_party	90 days	Stores assignment to A/B experiment variants when the operator activates the experimentation feature.

Harborbyte uses cookies for user preferences — inform visitors with a consent banner.

Get started free Scan your site

Frequently asked questions

What cookies does Harborbyte set?

The Harborbyte SDK writes hb_session (session) and hb_visitor (long lived). Optional cookies may be set if user identification or experiment bucketing is enabled.

Is consent required to load Harborbyte?

Yes. The cookies and the data sent to the ingestion API trigger Article 5(3) ePrivacy. Consent must be obtained before the SDK loads.

What is the legal basis for processing through Harborbyte?

Consent (Art. 6(1)(a) GDPR) for cookies and behavioural events. Legitimate interest may apply for purely operational error reporting that does not involve user behaviour.

Does Harborbyte transfer data to the United States?

Yes. The default ingestion runs on US AWS. Sign SCCs, complete a TIA and document the transfer in your RoPA.

Do I need a DPIA for Harborbyte?

Recommended when stack traces, query strings or session replays can incidentally contain personal data, and when session metadata is linked to identified users.

How do I implement Harborbyte compliantly?

Gate the SDK behind your CMP, scrub form inputs, mask URL query strings, set short retention for replays, sign the DPA and SCCs, and review the integration yearly.

What are the alternatives to Harborbyte?

EU friendly alternatives include Sentry (with EU residency), GlitchTip (self hosted), Datadog (EU site), Honeycomb and self hosted Grafana Faro.

How do I update my cookie policy when adding Harborbyte?

List hb_session and hb_visitor with their purpose, retention and processor. Mention the US transfer, the SCCs and the right to withdraw consent.

Get compliant — Try FlowConsent free

Free plan · 10-min setup