Privacy Policy

Covered Services:

• Our website at www.happinest.ai
• The HappiNest mobile and web applications
• AI chat assistant and voice services
• Calendar scheduling and booking systems
• Integration services with third-party platforms

A. Account Information

• Full name, email address, phone number
• Company name, job title, industry
• Account credentials and security information
• Billing and payment information

B. Google Services Integration

• Calendar Data: Event details, scheduling information, availability
• Email Data: Through integrated services for scheduling
• Profile Information: Basic profile data for integration
• OAuth Tokens: Secure access tokens (not stored permanently)

We access Google data only through secure OAuth 2.0 scopes and comply with Google's API Services User Data Policy.

C. Microsoft Services Integration

• Teams Integration: Meeting links and scheduling data
• Calendar Integration: Outlook calendar synchronization
• Authentication Data: Azure AD authentication tokens

D. AI and Communication Data

• Chat Interactions: All messages exchanged with our AI assistant
• Voice Recordings: Complete recordings of voice calls and interactions
• Transcriptions: AI-generated transcripts of voice communications
• AI Training Data: Anonymized interactions for AI model improvement (excludes Google user data)
• Conversation Context: Previous interactions for continuity

Note: Google user data is never used for AI training purposes and is only processed to provide user-facing scheduling and calendar features.

E. Technical and Usage Data

• IP addresses, device information, browser type
• Log files, error reports, performance metrics
• Usage patterns, feature interactions, session data
• Cookies and tracking technologies
• Geographic location data (city/region level)

Service Delivery:

• Scheduling and managing property tours
• AI-powered lead qualification and communication
• Calendar synchronization and availability management
• Email validation and communication optimization
• Voice call handling and transcription

AI and Machine Learning:

• Training and improving AI models for better responses
• Analyzing conversation patterns for service enhancement
• Developing predictive analytics for property management
• Personalizing user experiences based on behavior

Business Operations:

• Analytics and reporting for performance insights
• Customer support and troubleshooting
• Security monitoring and fraud prevention
• Legal compliance and auditing
• Marketing and communication (with consent)

We never sell your personal data. We share data only in the following circumstances:

Service Providers:

• Calendar and Email Integration Services: Third-party providers for scheduling and email management
• AI and Machine Learning Platforms: Service providers for chat processing, analysis, and intelligent automation
• Voice Processing Services: Third-party providers for call handling, recording, and transcription
• Email Service Providers: Third-party services for email validation, delivery, and communication
• Microsoft: Teams integration and Azure hosting services
• Google: Calendar services and reCAPTCHA security
• Analytics and Hosting Providers: Website performance monitoring and infrastructure services
• Communication Tools: Internal notification and team collaboration platforms (anonymized data only)

Legal Requirements:

• Law enforcement requests with valid legal process
• Compliance with subpoenas, court orders, or regulatory requirements
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activities

Google API Services:

• We comply with Google's API Services User Data Policy
• We follow Google's Limited Use requirements for user data
• We do not use Google data for advertising or marketing unrelated to our services
• We implement Google's required security measures

Microsoft Platform:

• We comply with Microsoft's API terms and conditions
• We follow Azure security and compliance standards
• We implement Microsoft's data protection requirements

Important Notice: By using our voice services, you consent to call recording and AI processing.

Voice Recording:

• All voice interactions are recorded for quality assurance
• Recordings are processed by AI for transcription and analysis
• You must obtain consent from all call participants
• Recordings are stored securely with encryption

Legal Compliance:

• You are responsible for compliance with local recording laws
• We provide notice when recording begins
• One-party consent applies where legally permissible
• You must inform participants of recording in two-party consent jurisdictions

Retention Periods:

• Account Data: Retained while account is active plus 3 years
• Voice Recordings: Retained for 7 years or as required by law
• Chat Logs: Retained for 2 years for service improvement
• Analytics Data: Retained for 25 months (aggregated)
• Security Logs: Retained for 6 months
• Marketing Data: Retained until consent is withdrawn

Technical Safeguards:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• OAuth 2.0 with PKCE for secure authentication
• Multi-factor authentication for admin access
• Regular security audits and penetration testing

Organizational Measures:

• Role-based access controls
• Employee background checks and training
• Data processing agreements with all vendors
• Incident response and breach notification procedures
• Regular compliance assessments

Data Subject Rights (GDPR/CCPA):

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data
• Portability: Receive your data in a structured format
• Restriction: Limit how we process your data
• Objection: Object to certain types of processing

How to Exercise Your Rights:

• Email us at support@happinest.ai
• Use the privacy controls in your account settings
• Revoke integrations in your Google/Microsoft account settings
• Contact our Data Protection Officer for complex requests

Your data may be transferred and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Adequacy decisions for approved countries
• Binding Corporate Rules where applicable
• Certification programs and codes of conduct

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify relevant authorities within 72 hours
• Inform affected users without undue delay
• Provide clear information about the breach and our response
• Offer guidance on protective measures you can take
• Implement additional security measures as needed