For UK charities

Your charity's data and digital safety, properly handled.

Engineer-led support for data protection, cybersecurity, and AI readiness. Not advice. Implementation.

An expert on your side for data protection, cybersecurity, and AI readiness — without needing to hire internally or figure it out alone.

Book an introductory call See how it works

30 minutes. No obligation, no sales pitch.

The challenge

You know the problems.
You just can't get to them.

Most charities aren't unaware of their digital risks. They've had reports, audits, and advice. The real problem is always the same: no capacity to act.

One person holds everything

Data protection, cybersecurity, IT decisions — often falling to whoever is least busy or most willing. When that person leaves, the knowledge goes with them.

Reports don't fix things

You've had the audit. You know the gaps. What you haven't had is someone who rolls up their sleeves and helps you close them, one by one.

You're paying but not sure what for

Many charities spend thousands a year on IT support with no clear deliverables and no SLA. The invoices arrive but the underlying risks stay the same.

Small mistakes cause real harm

An autofill error sends sensitive data to the wrong person. A shared login means nobody knows who did what. These aren't hypotheticals — they happen to charities every week.

What you get

A senior engineer on retainer.
Fewer risks, less firefighting, a real roadmap.

An experienced digital and data professional who understands your world, plus the tools and templates to make real progress — not just another report.

Compliance and data protection

Guided support to build and implement what you actually need — ROPAs, DPIAs, policies, incident plans. Not templates in your inbox, but help getting them done.

AI guidance and training

What's safe, what isn't, and where AI can genuinely save your team time. Delivered as group sessions so everyone's on the same page.

Ongoing advisory

A regular 1:1 with someone who holds context on your organisation and helps you make decisions your board will back.

How it works

Three steps to clarity

We learn your world

A structured review of where your charity is with digital, data, and compliance. No jargon, no audit theatre — just a clear picture of what you've got, what's missing, and what matters most.

You get a clear plan

We prioritise the actions that will make the biggest difference and give you a realistic roadmap. Not a 30-page report — a short list of things to do, in order, with the resources to do them.

We help you get it done

Each month, dedicated time with your Harbour adviser to work through priorities, tackle blockers, and make progress. Half-day team training twice a year keeps your staff confident and informed.

Pricing

Simple, predictable pricing

One plan. No tiers to compare, no features locked behind paywalls.

£300

per month — less than a single day of consultancy

Full access to compliance templates, guided workflows, and progress tracking
Ongoing access to resources — policies, checklists, and implementation guides
Half-day team training on AI, compliance, or digital safety, twice a year
Structured monthly review session — calls, reviews, and guidance tailored to your charity

Need more time in a given month? Additional hours at £150/hour. No lock-in — cancel any time with 30 days' notice.

Get started

How this compares

A single day of external consultancy typically costs £800–£1,500. Most charities we've spoken to pay £500+/month for outsourced HR alone.

Harbour gives you sustained, expert support on data protection, cybersecurity, and AI readiness — for half the cost of services you're already paying for.

The ICO has fined UK charities five-figure sums for data breaches, and investigations alone can consume months of a small team's capacity. £300/month is a fraction of what one incident costs.

What you're replacing: ad-hoc consultants who send a report and leave, IT support contracts with no clear deliverables, and the invisible cost of nobody owning compliance internally.

What charities say

Real impact, real words

“The digital review was incredibly valuable — clear, practical, and grounded in our organisational context. What stood out most was the ability to translate complex areas like data protection into something meaningful and actionable, particularly reframing it as a safeguarding issue. The roadmap has given us real clarity and momentum, and it's already shaping how we approach our digital and operational priorities.”

Mona Vadher Interim Director of Operations, Peer Power Youth

“Tom helped us to action plan, generate policies and develop templates to ensure the organisation is protected and service user information is safeguarded. As a charity we have to ensure we're safeguarding our information and future proofing our systems, and we're pleased to have had that guidance on our journey.”

Dr Nia Thomas Interim CEO, Maggs Day Centre

Book an introductory call

What Harbour isn't

It's important to be clear about what falls outside our service, so you know exactly where we fit alongside your existing support.

Harbour is not an IT support provider. We don't fix laptops, manage servers, or handle day-to-day tech issues. We're not a replacement for legal advice. If you have an IT provider or a DPO, we work alongside them — helping you make sense of the bigger picture and filling the gaps that nobody else covers.

Harbour isn't a consultancy in the classic sense either. We don't produce reports and move on. Our work is measured by what gets implemented, not what gets written down.

The difference

Why an engineer, not a consultant?

Most digital and data advice to charities comes from lawyers, policy consultants, or IT support firms. They each produce something — a legal opinion, a report, a helpdesk ticket — but they rarely produce the thing most charities actually need: the change.

A ROPA isn't a legal document. It's a living map of how your data flows — and it needs someone who can actually sit with your tools and systems to build it. A DPIA isn't a compliance form. It's an analysis of how a system behaves under pressure. An incident response plan isn't a memo. It's a tested procedure that stops a bad day becoming a disaster.

Harbour was built because the gap in the charity sector isn't awareness, and it isn't documentation. It's implementation. An engineer who understands how data protection, cybersecurity, and AI actually work inside systems — and who's comfortable rolling up their sleeves to make the change — is the role most charities are missing.

That's what Harbour is. That's what you get.

About

Built by someone who's done this work

Harbour is run by Tom Cain. I'm a senior software engineer who's spent my career building the systems other people write policies about. I've led teams where data protection, cybersecurity, and digital operations weren't a separate function — they were embedded in how we built, shipped, and operated. More recently I've been doing that same work hands-on with UK charities.

I've sat with teams at organisations like Maggs Day Centre, Peer Power Youth, and Citizens Advice Camden. I've run the deep dives, built the templates, written the policies, and helped them actually get things done — not just told them what they should be doing.

The pattern was always the same: charities know what needs fixing, but nobody has the time, capacity, or confidence to do it. Harbour exists to close that gap.

What I've delivered

Full data protection reviews and compliance roadmaps for UK charities

Policies, templates, and tooling used by charity teams today

AI readiness sessions and team training delivered in plain language

Let's have a conversation

Book a 30-minute introductory call. We'll talk about where your charity is, what's keeping you up at night, and whether Harbour is the right fit.

Book a call