Search
Harbinger Standard
Insight Africa
12°C Addis Ababa
June 13, 2026

Privacy Policy

Privacy Policy

Harbinger Standard — harbingerstandard.com — Last updated: June 10, 2026

1. Introduction and Identity of the Controller

Harbinger Standard (Insight Africa) is a digital news publication focused on African affairs, operated by Harbinger Bros. LLC, a limited liability company incorporated under the laws of the State of Wyoming, United States, with its principal place of business at 1309 Coffeen Avenue, Sheridan, WY 82801, United States (“we,” “us,” “our,” or “the Company”). For all privacy and data protection inquiries, please contact us at support@harbingerpressmedia.com.

For purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK GDPR, Harbinger Bros. LLC acts as the data controller in respect of personal data collected through harbingerstandard.com. Although we are established in the United States, the GDPR applies to our processing of personal data of individuals in the EEA by virtue of Article 3(2) GDPR, which extends the Regulation to controllers not established in the EU that offer goods or services to data subjects in the EU or monitor their behaviour within the Union. We offer a freely accessible news service through this Website to readers in the EU and worldwide, and we accordingly treat ourselves as subject to the GDPR for EU/EEA visitors.

2. Scope of This Privacy Policy

This Privacy Policy applies to all visitors of harbingerstandard.com and all users of our services regardless of their location. It describes the personal data we collect, how we use and process it, the legal bases for processing, the safeguards we apply, and the rights you may exercise. This Policy should be read alongside our Cookie Policy.

3. Applicable Legal Frameworks

Depending on your location, your personal data is protected by the following applicable laws:

  • EU/EEA visitors: Regulation (EU) 2016/679 (GDPR), applicable under Article 3(2) GDPR
  • United Kingdom visitors: UK General Data Protection Regulation and the Data Protection Act 2018
  • California residents: California Consumer Privacy Act 2018 as amended by the California Privacy Rights Act 2020 (CCPA/CPRA)
  • Wyoming residents: Wyoming Data Privacy Act (Wyo. Stat. § 40-29-101 et seq.)
  • Canadian visitors: Personal Information Protection and Electronic Documents Act (PIPEDA, S.C. 2000, c. 5) and applicable provincial privacy legislation
  • South African visitors: Protection of Personal Information Act 4 of 2013 (POPIA)
  • Nigerian visitors: Nigeria Data Protection Act 2023 (NDPA) and Nigeria Data Protection Regulation 2019 (NDPR)
  • Kenyan visitors: Data Protection Act No. 24 of 2019 (Kenya)
  • Ghanaian visitors: Data Protection Act 2012 (Act 843, Ghana)
  • All other visitors: We apply GDPR-equivalent principles globally as our baseline standard

4. Personal Data We Collect

We operate with strict data minimisation. We do not require user registration, maintain user accounts, deliver targeted advertising, or deploy third-party behavioural tracking technologies.

4.1 Data Processed by Our Hosting Infrastructure (Vercel Inc.)

When you access harbingerstandard.com, your browser sends a request to the servers of our hosting provider, Vercel Inc. (440 N Barranca Ave #4133, Covina, CA 91723, USA). Vercel processes the following data as part of the operation of its hosting infrastructure:

  • IP address: Your Internet Protocol address is necessary for routing your request to the appropriate server and for delivering the response to your device. It may also be used by Vercel for abuse detection and infrastructure security.
  • HTTP request metadata: This includes the URL you requested, your browser's User-Agent string (which indicates your browser type and operating system), the URL of the page that referred you to our site (if any), the date and time of your request, and the HTTP status code of the response.
  • TLS connection data: Technical data exchanged during the TLS/SSL handshake necessary to establish a secure encrypted connection.

We do not independently process, store, or use these server-level request logs for any purpose beyond what is inherent in the operation of our hosting infrastructure. We do not use IP addresses to identify individual users, to build profiles, or for any marketing purpose. Vercel may retain standard infrastructure logs for a limited period in accordance with its own data retention policies before automatic deletion.

4.2 Data Processed by Our Database Infrastructure (Supabase Inc.)

Our content management system uses a database hosted by Supabase Inc. (970 Toa Payoh North #07-04, Singapore 318992). When you visit a page on harbingerstandard.com, a database query is made to retrieve the relevant article or page content. These queries may be logged by Supabase as part of standard database operation. We do not store personal information about Website visitors in our Supabase database; the database contains only our editorial content (articles, categories, metadata) and portal configuration data.

4.3 Data Stored in Your Browser (localStorage)

We store one (1) item in your browser's localStorage storage area:

Storage Key Purpose Data Stored Duration Server Transmission
hpm_cookie_consent Records your interaction with the cookie consent banner so that the banner is not re-displayed on subsequent visits to harbingerstandard.com within the same browser. This is the mechanism by which we honour your stated consent preference. A short string value such as “accepted” or “declined” indicating your consent choice. This does not contain any personal identifier, device identifier, IP address, or behavioural data. Persistent — remains in your browser until you manually delete your browser's localStorage data or reset your consent preference through the consent banner Never — this item is stored only on your device and is never transmitted to any server or shared with any third party

This item is technically necessary for our consent management mechanism. Under §25(2) No. 2 of the German Telecommunications Digital Services Data Protection Act (TDDDG) and the equivalent provision of Article 5(3) of the ePrivacy Directive (2002/58/EC as amended), the storage of this item does not require consent because it is strictly necessary for the provision of the telemedia service explicitly requested by you.

4.4 What We Do Not Collect

For the avoidance of doubt, Harbinger Standard does not collect or process: browsing history across other websites; precise geolocation data; biometric data; financial account information; government-issued identification numbers; health or medical data; racial or ethnic origin data for profiling; religious or political beliefs data for profiling; sexual orientation data; or any special categories of personal data under Article 9 GDPR. We do not use advertising technology, retargeting pixels, social media tracking scripts, or third-party analytics services on this Website.

5. Legal Bases for Processing Under the GDPR

For visitors in the EU/EEA and UK, we rely on the following legal bases under Article 6 GDPR:

  • Article 6(1)(f) GDPR — Legitimate Interests: We process the technical request data described in Section 4.1 above on the basis of our legitimate interests in operating a secure and functional website, in delivering our editorial content to readers, and in detecting and preventing abuse and attacks against our infrastructure. We have conducted a legitimate interests assessment (LIA) and determined that our legitimate interests are not overridden by your fundamental rights and freedoms, given that: (a) the processing is limited to technical infrastructure metadata; (b) we do not use this data for profiling or tracking; (c) the processing is conducted by a reputable hosting provider under a data processing agreement; and (d) the volume of personal data processed is minimal.
  • Article 6(1)(c) GDPR — Compliance with Legal Obligation: We may process personal data to the extent necessary to comply with applicable legal obligations, including responding to lawfully issued judicial orders, regulatory demands, or other legal process in jurisdictions with appropriate procedural protections.
  • Article 6(1)(a) GDPR — Consent: If we introduce optional features that involve personal data processing beyond what is technically necessary (for example, optional newsletter subscriptions), we will obtain your freely given, specific, informed, and unambiguous consent before processing. Any consent obtained can be withdrawn at any time without detriment.

6. International Data Transfers

6.1 Transfers to the United States (Vercel Inc.)

Vercel Inc. is incorporated in the United States and may process personal data of EEA visitors in the United States. Vercel is certified under the EU-US Data Privacy Framework (EU-US DPF), established by Commission Implementing Decision (EU) 2023/1795 of 10 July 2023, which constitutes an adequacy decision under Article 45 GDPR for transfers to certified US organisations. Accordingly, transfers of EEA personal data to Vercel are lawful under Article 45 GDPR.

As a supplementary safeguard, we have also entered into a data processing agreement with Vercel that incorporates the Standard Contractual Clauses (SCCs) adopted by the European Commission in Implementing Decision (EU) 2021/914 of 4 June 2021, pursuant to Article 46(2)(c) GDPR. These SCCs are applicable to the extent that the EU-US DPF adequacy decision is not in force or does not cover particular transfers.

For transfers from the UK to Vercel, we rely on the UK's International Data Transfer Agreement (IDTA) or the UK addendum to the EU SCCs as appropriate.

6.2 Transfers to Singapore (Supabase Inc.)

Supabase Inc. is incorporated and operates infrastructure in Singapore. Singapore is not the subject of an adequacy decision by the European Commission under Article 45 GDPR. Accordingly, transfers of EEA personal data to Supabase are governed by Standard Contractual Clauses pursuant to Article 46(2)(c) GDPR. We have executed a data processing agreement with Supabase Inc. that incorporates the standard data protection clauses adopted by the European Commission in Implementing Decision (EU) 2021/914, and which imposes equivalent data protection obligations on Supabase as a processor.

We have conducted a transfer impact assessment (TIA) in respect of transfers to Supabase in Singapore. This assessment considered: (a) Singapore's Personal Data Protection Act 2012 (PDPA); (b) Singapore's Official Secrets Act and Computer Misuse Act; (c) the absence of any known mass surveillance programme targeting ordinary web traffic; and (d) the nature of the data transferred to Supabase (database query infrastructure metadata; no user personal content). We concluded that the risk to EEA data subjects is low and that the protections afforded by the SCCs are sufficient in light of this assessment.

6.3 African Data Transfers

For visitors from African countries with applicable data protection legislation, international transfers of their personal data to the United States (Vercel) and Singapore (Supabase) are conducted under the safeguards described above. South African visitors' personal data is transferred pursuant to the conditions for transborder data flows under Section 72 of POPIA and the authorisation criteria of the Information Regulator. Nigerian visitors' data is transferred pursuant to the NDPA's cross-border transfer requirements. We apply equivalent protections globally.

7. Data Retention

  • Vercel server access logs: Retained for a maximum of 30 days as part of Vercel's standard infrastructure logging, after which they are automatically purged by Vercel's systems. We have no control over Vercel's internal retention periods beyond what is specified in our data processing agreement.
  • Supabase query logs: Retained per Supabase's standard operational logging practices; we do not store personal data in our Supabase database independently of Supabase's infrastructure operation.
  • Browser localStorage data: The hpm_cookie_consent item persists on your device indefinitely until you clear your browser's localStorage or withdraw your consent preference. We have no server-side access to this data and cannot delete it remotely.

We do not retain any personal data beyond what is described above. In particular, we do not maintain any database of visitor records, behavioural profiles, or activity logs.

8. Your Rights Under the GDPR (EU/EEA and UK Visitors)

If you are located in the EEA or the United Kingdom, you have comprehensive rights under the GDPR and UK GDPR in relation to your personal data:

  • Right of access (Article 15 GDPR): You have the right to obtain confirmation from us as to whether we process personal data concerning you, and if so, to receive a copy of that data and to receive information about the processing (purposes, categories, recipients, retention period, rights, source, and whether automated decision-making is involved).
  • Right to rectification (Article 16 GDPR): You have the right to have inaccurate personal data concerning you corrected without undue delay, and to have incomplete personal data completed.
  • Right to erasure / ‘right to be forgotten’ (Article 17 GDPR): You have the right to obtain the erasure of personal data concerning you without undue delay where: it is no longer necessary for the purposes for which it was collected; you withdraw consent and there is no other legal basis; you object to processing and there are no overriding legitimate grounds; the data has been unlawfully processed; or erasure is required for compliance with a legal obligation.
  • Right to restriction of processing (Article 18 GDPR): You have the right to require restriction of processing of your personal data in certain specified circumstances, including pending verification of accuracy, pending a determination of the balance of interests in an objection, or where you require the data for the establishment of a legal claim.
  • Right to data portability (Article 20 GDPR): Where processing is based on consent or contract and is carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used, machine-readable format, and to have this data transmitted directly to another controller where technically feasible.
  • Right to object (Article 21 GDPR): You have the right to object at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR (legitimate interests). Upon receipt of your objection, we will cease processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.
  • Right not to be subject to automated decision-making (Article 22 GDPR): We confirm that we do not subject you to any decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
  • Right to withdraw consent (Article 7(3) GDPR): Where we process data on the basis of your consent, you may withdraw that consent at any time without giving any reason and without any adverse consequence to you. Withdrawal does not affect the lawfulness of any processing carried out before withdrawal.
  • Right to lodge a complaint with a supervisory authority (Article 77 GDPR): Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. Relevant supervisory authorities include the German Federal Commissioner for Data Protection (BfDI), the French CNIL, the UK's Information Commissioner's Office (ICO), the Italian Garante per la protezione dei dati personali, and the Spanish Agencia Española de Protección de Datos (AEPD).

To exercise any of your GDPR rights, please submit a written request to support@harbingerpressmedia.com. We will respond within one calendar month of receipt of your request, as required by Article 12(3) GDPR. Where requests are complex or numerous, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for it within one month of receipt. We may request proof of identity before acting on a request where we have reasonable doubt as to your identity.

9. California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (“CCPA/CPRA”) grants you specific rights:

  • Right to know: You may request disclosure of the categories of personal information we have collected about you, the categories of sources, the business purpose for collection or disclosure, and the categories of third parties to whom it is disclosed.
  • Right to delete: You may request deletion of personal information we have collected about you, subject to certain exceptions permitted by CCPA/CPRA.
  • Right to correct: You may request correction of inaccurate personal information we maintain about you.
  • Right to opt out of sale or sharing: We do not sell personal information. We do not share personal information for cross-context behavioural advertising. There is therefore no sale or sharing to opt out of.
  • Right to limit use of sensitive personal information: We do not collect sensitive personal information as defined by the CPRA.
  • Right to non-discrimination: We will not discriminate against you for exercising any CCPA/CPRA right.

Categories of personal information collected in the past 12 months: Internet or other electronic network activity information (server log data including IP addresses and browser identifiers processed by Vercel as part of hosting infrastructure).

Business or commercial purpose for collection: Delivery and security of the Website; abuse prevention; compliance with legal obligations.

Categories of third parties with whom personal information is disclosed: Vercel Inc. (hosting provider); Supabase Inc. (database provider). Both as service providers under written contracts.

To submit a CCPA/CPRA consumer rights request, please email support@harbingerpressmedia.com with the subject line “California Privacy Request.” We will respond within 45 days, with a possible 45-day extension where reasonably necessary and with notice to you.

10. South African Visitors (POPIA)

If you are located in South Africa, you have rights under the Protection of Personal Information Act 4 of 2013 (POPIA). These include rights of access to personal information, the right to request correction, deletion, or destruction of personal information, the right to object to the processing of personal information, and the right to lodge a complaint with the Information Regulator of South Africa (Inanda Greens Business Park, 54 Wierda Road West, Wierda Valley, Sandton 2196; email: inforeg@justice.gov.za). Contact us at support@harbingerpressmedia.com to exercise your POPIA rights.

11. Nigerian Visitors (NDPA)

Visitors from Nigeria have rights under the Nigeria Data Protection Act 2023 (NDPA), including rights of access, rectification, erasure, restriction, objection, and data portability. The supervisory authority is the Nigeria Data Protection Commission (NDPC). Contact us at support@harbingerpressmedia.com.

12. Canadian Visitors (PIPEDA)

Visitors from Canada have rights under PIPEDA (or provincial equivalents) to access their personal information and to challenge its accuracy. Contact us at support@harbingerpressmedia.com. Unresolved privacy complaints may be escalated to the Office of the Privacy Commissioner of Canada.

13. Security Measures

We implement appropriate technical and organisational measures consistent with industry standards to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include: TLS 1.2/1.3 encryption for all data in transit; infrastructure access controls implemented by Vercel and Supabase; contractual data security obligations imposed on our processors through data processing agreements; and a data breach response procedure in accordance with Article 33–34 GDPR.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, as required by Article 34 GDPR, and will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by Article 33 GDPR.

14. Third-Party Services and External Connections

Harbinger Standard operates without advertising revenue. We do not deploy advertising networks, retargeting pixels, or behavioural profiling technologies. The following third-party services are involved in the operation of this website:

Infrastructure Providers

  • Vercel Inc. (650 California Street, San Francisco, CA 94108, USA) — website hosting and content delivery. Vercel processes server log data including IP addresses solely for the purpose of delivering web pages to your browser. Vercel’s privacy policy: vercel.com/legal/privacy-policy
  • Supabase Inc. (970 Toa Payoh North, Singapore 318992) — database hosting. Supabase stores article content and site configuration data. No visitor personal data is stored in our database beyond what is described in this policy. Supabase’s privacy policy: supabase.com/privacy

Image Delivery

Article images may be hosted on and served directly from Unsplash (Unsplash Inc., Montreal, QC, Canada). When your browser loads an image from Unsplash servers, Unsplash may receive your IP address and standard browser request headers as part of the HTTP connection. We have no control over Unsplash’s data processing. Unsplash’s privacy policy: unsplash.com/privacy

Google Search Console

We use Google Search Console (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to monitor how harbingerstandard.com appears in Google Search results and to identify and resolve indexing issues. Google Search Console provides us with aggregated, anonymised data about search queries and page performance; we do not receive personal data about individual visitors through this tool. Google’s privacy policy: policies.google.com/privacy

Social Media

We maintain social media presences on Instagram (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland), X / Twitter (X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA), and Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland). The social media icons in our footer are simple hyperlinks — no social media plugins, share buttons, tracking pixels, or “Like” buttons are embedded on this website. Your browser makes no connection to any social media platform unless you actively click one of these links. When you click a link and are redirected to the platform, the platform’s own privacy policy governs all subsequent data processing.

15. Children's Privacy

harbingerstandard.com is a general-interest news publication for adult audiences and is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe that we have inadvertently collected data from a child under 16, please notify us immediately at support@harbingerpressmedia.com and we will take prompt steps to delete such data.

16. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our data processing practices, applicable law, or the services we offer. The date of the most recent revision is indicated at the top of this Policy. For material changes, we will take reasonable steps to provide prominent notice, such as a banner notification on the Website. Your continued use of harbingerstandard.com following the posting of a revised Privacy Policy constitutes your acceptance of the revised Policy to the extent permitted by applicable law.

17. Contact and Data Subject Requests

For all privacy-related inquiries, to exercise any of your data subject rights, or to submit a complaint, please contact:
Harbinger Bros. LLC
1309 Coffeen Avenue, Sheridan, WY 82801, United States
Email: support@harbingerpressmedia.com

Please include sufficient detail to enable us to identify the subject of your request and to verify your identity. We will acknowledge all requests promptly and respond substantively within the applicable legal deadline.