Privacy Policy

Data Controller: Kennedy Pendaely, operating as Happa.

Contact: hello@happa.app

As the data controller, we determine the purposes and means of processing your personal data in connection with the Happa application.

2.1 Data You Provide

• Google Account Data: When you sign in with Google, we receive your name, email address, and profile picture via OAuth 2.0.
• Video URLs: URLs you paste into Happa for event extraction (TikTok, Instagram, Facebook links).
• Manually Entered Event Data: Any event titles, dates, times, locations, or descriptions you type directly into the App.

2.2 Data We Generate

• AI-Extracted Event Details: Event titles, dates, times, locations, and descriptions extracted by Gemini AI from video captions.
• Saved Events: Events you confirm and save, stored in Firebase Firestore linked to your user account.

2.3 Data We Do NOT Collect

• Authentication: Your Google account data is used solely to identify you and maintain your secure session within the App.
• Event Extraction: Video URLs are sent to Gemini AI for caption analysis. We do not permanently store raw URLs after processing is complete.
• Calendar Integration: Confirmed event details are written to your Google Calendar via the Google Calendar API — only on your explicit instruction.
• Event Storage: Saved events are stored in Firebase Firestore so you can access your event history within the App.
• App Improvement: Aggregated, anonymised usage data may be used to improve Happa's features and AI accuracy. This data cannot be used to identify you.

Although Happa operates primarily under Malawian law, we align with globally recognised privacy standards including GDPR principles:

• Contractual Necessity: Processing required to deliver the App's core service to you (event extraction, calendar saving, account management).
• Consent: Google OAuth permissions are granted by you explicitly at sign-in. You can withdraw consent at any time by revoking permissions.
• Legitimate Interests: Anonymised analytics to improve the App, where this does not override your fundamental rights and freedoms.

We do not sell your personal data. We share data only in the following limited circumstances:

• Google (Firebase, Gemini AI, Calendar API): Essential to App functionality. Data shared with Google is subject to Google's Privacy Policy.
• Platform APIs (TikTok, Instagram, Facebook): We access only publicly available metadata via official oEmbed and public APIs. No private user data from these platforms is accessed or stored.
• Legal Obligations: We may disclose data when required by law, court order, or to protect the safety of our users or the general public.
• Business Transfer: In the unlikely event of a merger or acquisition, your data may be transferred to the acquiring entity, subject to the same privacy protections.

• Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Saved events: Retained until you delete them within the App or delete your account.
• Video URLs for extraction: Not retained after AI processing is complete.
• Anonymised analytics: May be retained indefinitely as they cannot identify you.

You may request deletion of all your personal data at any time by emailing hello@happa.app.

You have the following rights regarding your personal data. To exercise any of them, contact us at hello@happa.app. We will respond within 30 days.

We implement industry-standard security measures to protect your data:

• Encrypted transmission: All data is transmitted over HTTPS/TLS.
• Firebase security rules: Restrict access to your data to your account only — other users cannot access your events.
• OAuth 2.0: Secure Google authentication — we never store your Google password.
• Minimal data collection: We only collect what is strictly necessary for the App to function.

No system is 100% secure. In the event of a data breach that affects your rights, we will notify you and relevant authorities as required by applicable law.

Happa is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13.

If you believe a child under 13 has provided us with personal data, please contact us immediately at hello@happa.app and we will take prompt steps to delete the information.

Your data may be processed on servers operated by Google (Firebase, Gemini AI) located outside your country of residence, including in the United States.

Google implements appropriate safeguards for international transfers, including Standard Contractual Clauses (SCCs) as approved by relevant data protection authorities.

By using Happa, you acknowledge and consent to this international data transfer.

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page.
• Notify you through the App or by email where appropriate.

Your continued use of Happa after changes are posted constitutes your acceptance of the updated policy. If you disagree with any changes, you must stop using the App.

For any privacy concerns, data requests, or to exercise your rights, contact us:

• 📧 Email: hello@happa.app

We aim to respond to all privacy-related requests within 30 days.

If you are unsatisfied with our response, you have the right to lodge a complaint with a relevant data protection authority in your jurisdiction.