Privacy Policy

Effective Date: January 1, 2025

1. Introduction

HappiNest.ai ("we," "us," "our") provides AI-powered property management solutions. We are committed to protecting your privacy and being transparent about our data practices. This policy explains what data we collect, how we use it, who we share it with, and your rights regarding your information.

By using our services, you agree to this policy. If you do not agree, please do not use our services.

2. Scope and Legal Basis

Covered Services:

Our website at www.happinest.ai
The HappiNest mobile and web applications
AI chat assistant and voice services
Calendar scheduling and booking systems
Integration services with third-party platforms

Legal Basis for Processing:

Contractual Necessity: Processing required to provide our services
Legitimate Interest: Analytics, security, and service improvements
Consent: Marketing communications and optional features
Legal Obligation: Compliance with applicable laws

3. Information We Collect

A. Account Information

Full name, email address, phone number
Company name, job title, industry
Account credentials and security information
Billing and payment information

B. Google Services Integration

Calendar Data: Event details, scheduling information, availability
Email Data: Through integrated services for scheduling
Profile Information: Basic profile data for integration
OAuth Tokens: Secure access tokens (not stored permanently)

Google Data Usage Limitations:

• Google user data is used only for user-facing features prominent in our application interface
• Google data is not used for AI training, advertising, or marketing purposes
• Google data is not transferred to third parties except for security or legal compliance
• Human access to Google data is limited to specific user consent or security purposes
• We request only the minimum necessary permissions for our core scheduling functionality

We access Google data only through secure OAuth 2.0 scopes and comply with Google's API Services User Data Policy.

C. Microsoft Services Integration

Teams Integration: Meeting links and scheduling data
Calendar Integration: Outlook calendar synchronization
Authentication Data: Azure AD authentication tokens

D. AI and Communication Data

Chat Interactions: All messages exchanged with our AI assistant
Voice Recordings: Complete recordings of voice calls and interactions
Transcriptions: AI-generated transcripts of voice communications
AI Training Data: Anonymized interactions for AI model improvement (excludes Google user data)
Conversation Context: Previous interactions for continuity

Note: Google user data is never used for AI training purposes and is only processed to provide user-facing scheduling and calendar features.

E. Technical and Usage Data

IP addresses, device information, browser type
Log files, error reports, performance metrics
Usage patterns, feature interactions, session data
Cookies and tracking technologies
Geographic location data (city/region level)

F. Third-Party Integration Data

Data from property management systems (Yardi, RentManager, etc.)
Lead data from listing services (Zillow, Apartments.com, etc.)
Email validation results and suggestions
Social media and marketing platform data

4. How We Use Your Data

Service Delivery:

Scheduling and managing property tours
AI-powered lead qualification and communication
Calendar synchronization and availability management
Email validation and communication optimization
Voice call handling and transcription

Google Data Usage for Service Delivery:

• Calendar Data: Used only for scheduling tours and checking availability in our user interface
• Email Data: Used only for sending scheduling confirmations and tour reminders
• Profile Data: Used only for user identification and personalization in our scheduling interface
• All Google data usage is limited to these user-facing features and is not used for any other purposes

AI and Machine Learning:

Training and improving AI models for better responses
Analyzing conversation patterns for service enhancement
Developing predictive analytics for property management
Personalizing user experiences based on behavior

Business Operations:

Analytics and reporting for performance insights
Customer support and troubleshooting
Security monitoring and fraud prevention
Legal compliance and auditing
Marketing and communication (with consent)

5. Data Sharing and Third-Party Services

We never sell your personal data. We share data only in the following circumstances:

Service Providers:

Calendar and Email Integration Services: Third-party providers for scheduling and email management
AI and Machine Learning Platforms: Service providers for chat processing, analysis, and intelligent automation
Voice Processing Services: Third-party providers for call handling, recording, and transcription
Email Service Providers: Third-party services for email validation, delivery, and communication
Microsoft: Teams integration and Azure hosting services
Google: Calendar services and reCAPTCHA security
Analytics and Hosting Providers: Website performance monitoring and infrastructure services
Communication Tools: Internal notification and team collaboration platforms (anonymized data only)

Legal Requirements:

Law enforcement requests with valid legal process
Compliance with subpoenas, court orders, or regulatory requirements
Protection of our rights, property, or safety
Prevention of fraud or illegal activities

Business Transfers:

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, subject to the same privacy protections.

6. Third-Party Platform Compliance

Google API Services:

We comply with Google's API Services User Data Policy
We follow Google's Limited Use requirements for user data
We do not use Google data for advertising or marketing unrelated to our services
We implement Google's required security measures

Specific Limited Use Compliance:

• Google user data is used only for providing user-facing scheduling and calendar features
• We do not allow humans to read Google data except with explicit user consent or for security purposes
• Google data is not sold, transferred to advertising platforms, or used for creditworthiness decisions
• We request only the minimum necessary OAuth scopes for our core functionality
• Google data access is limited to authenticated users for their own data

Microsoft Platform:

We comply with Microsoft's API terms and conditions
We follow Azure security and compliance standards
We implement Microsoft's data protection requirements

AI Service Providers:

We comply with all applicable AI service provider terms and conditions
We follow responsible AI practices and industry standards
We implement data minimization principles for AI processing
We respect user privacy in AI training and model development

7. Voice Recording and AI Processing

Important Notice: By using our voice services, you consent to call recording and AI processing.

Voice Recording:

All voice interactions are recorded for quality assurance
Recordings are processed by AI for transcription and analysis
You must obtain consent from all call participants
Recordings are stored securely with encryption

Legal Compliance:

You are responsible for compliance with local recording laws
We provide notice when recording begins
One-party consent applies where legally permissible
You must inform participants of recording in two-party consent jurisdictions

AI Processing:

Voice data is processed for sentiment analysis and insights
Transcriptions are used for service improvement
Anonymized data may be used for AI training
Processing occurs in secure, compliant environments

8. Data Retention and Deletion

Retention Periods:

Account Data: Retained while account is active plus 3 years
Voice Recordings: Retained for 7 years or as required by law
Chat Logs: Retained for 2 years for service improvement
Analytics Data: Retained for 25 months (aggregated)
Security Logs: Retained for 6 months
Marketing Data: Retained until consent is withdrawn

Data Deletion:

Data is deleted automatically after retention periods
You can request deletion of your data at any time
Some data may be retained for legal compliance
Anonymized data may be retained for research purposes

9. Security Measures

Technical Safeguards:

AES-256 encryption for data at rest
TLS 1.3 encryption for data in transit
OAuth 2.0 with PKCE for secure authentication
Multi-factor authentication for admin access
Regular security audits and penetration testing

Organizational Measures:

Role-based access controls
Employee background checks and training
Data processing agreements with all vendors
Incident response and breach notification procedures
Regular compliance assessments

Infrastructure Security:

SOC 2 Type II compliant cloud infrastructure
Network segmentation and firewall protection
Automated backup and disaster recovery
24/7 security monitoring and alerting

10. Your Rights and Choices

Data Subject Rights (GDPR/CCPA):

Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your data
Portability: Receive your data in a structured format
Restriction: Limit how we process your data
Objection: Object to certain types of processing

How to Exercise Your Rights:

Email us at support@happinest.ai
Use the privacy controls in your account settings
Revoke integrations in your Google/Microsoft account settings
Contact our Data Protection Officer for complex requests

Marketing and Communication:

Opt out of marketing emails by clicking "unsubscribe"
Adjust notification preferences in your account
Withdraw consent for optional data processing

11. International Data Transfers

Your data may be transferred and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) for EU data transfers
Adequacy decisions for approved countries
Binding Corporate Rules where applicable
Certification programs and codes of conduct

12. Children's Privacy

Our services are designed for business use and are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16.

If you believe we have collected information from a child under 16, please contact us immediately at support@happinest.ai, and we will delete the information.

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

Notify relevant authorities within 72 hours
Inform affected users without undue delay
Provide clear information about the breach and our response
Offer guidance on protective measures you can take
Implement additional security measures as needed

14. Changes to This Policy

We may update this privacy policy periodically to reflect changes in our practices, services, or legal requirements. We will:

Post the updated policy on our website
Update the effective date at the top of the policy
Notify users of material changes via email
Provide a summary of key changes when significant

Your continued use of our services after any changes constitutes acceptance of the updated policy.

15. Contact Information

Data Controller

HappiNest.ai

Email: support@happinest.ai

General Contact: mehdi@happinest.ai

Data Protection Officer

Email: support@happinest.ai

For complex privacy matters and GDPR compliance

Regulatory Complaints

EU users: Contact your local supervisory authority

California users: Contact the California Attorney General