Privacy Policy
Effective Date: January 1, 2025
1. Introduction
HappiNest.ai ("we," "us," "our") provides AI-powered property management solutions. We are committed to protecting your privacy and being transparent about our data practices. This policy explains what data we collect, how we use it, who we share it with, and your rights regarding your information.
By using our services, you agree to this policy. If you do not agree, please do not use our services.
2. Scope and Legal Basis
Covered Services:
- Our website at www.happinest.ai
- The HappiNest mobile and web applications
- AI chat assistant and voice services
- Calendar scheduling and booking systems
- Integration services with third-party platforms
Legal Basis for Processing:
- Contractual Necessity: Processing required to provide our services
- Legitimate Interest: Analytics, security, and service improvements
- Consent: Marketing communications and optional features
- Legal Obligation: Compliance with applicable laws
3. Information We Collect
A. Account Information
- Full name, email address, phone number
- Company name, job title, industry
- Account credentials and security information
- Billing and payment information
B. Google Services Integration
- Calendar Data: Event details, scheduling information, availability
- Email Data: Through integrated services for scheduling
- Profile Information: Basic profile data for integration
- OAuth Tokens: Secure access tokens (not stored permanently)
Google Data Usage Limitations:
- • Google user data is used only for user-facing features prominent in our application interface
- • Google data is not used for AI training, advertising, or marketing purposes
- • Google data is not transferred to third parties except for security or legal compliance
- • Human access to Google data is limited to specific user consent or security purposes
- • We request only the minimum necessary permissions for our core scheduling functionality
We access Google data only through secure OAuth 2.0 scopes and comply with Google's API Services User Data Policy.
C. Microsoft Services Integration
- Teams Integration: Meeting links and scheduling data
- Calendar Integration: Outlook calendar synchronization
- Authentication Data: Azure AD authentication tokens
D. AI and Communication Data
- Chat Interactions: All messages exchanged with our AI assistant
- Voice Recordings: Complete recordings of voice calls and interactions
- Transcriptions: AI-generated transcripts of voice communications
- AI Training Data: Anonymized interactions for AI model improvement (excludes Google user data)
- Conversation Context: Previous interactions for continuity
Note: Google user data is never used for AI training purposes and is only processed to provide user-facing scheduling and calendar features.
E. Technical and Usage Data
- IP addresses, device information, browser type
- Log files, error reports, performance metrics
- Usage patterns, feature interactions, session data
- Cookies and tracking technologies
- Geographic location data (city/region level)
F. Third-Party Integration Data
- Data from property management systems (Yardi, RentManager, etc.)
- Lead data from listing services (Zillow, Apartments.com, etc.)
- Email validation results and suggestions
- Social media and marketing platform data
4. How We Use Your Data
Service Delivery:
- Scheduling and managing property tours
- AI-powered lead qualification and communication
- Calendar synchronization and availability management
- Email validation and communication optimization
- Voice call handling and transcription
Google Data Usage for Service Delivery:
- • Calendar Data: Used only for scheduling tours and checking availability in our user interface
- • Email Data: Used only for sending scheduling confirmations and tour reminders
- • Profile Data: Used only for user identification and personalization in our scheduling interface
- • All Google data usage is limited to these user-facing features and is not used for any other purposes
AI and Machine Learning:
- Training and improving AI models for better responses
- Analyzing conversation patterns for service enhancement
- Developing predictive analytics for property management
- Personalizing user experiences based on behavior
Business Operations:
- Analytics and reporting for performance insights
- Customer support and troubleshooting
- Security monitoring and fraud prevention
- Legal compliance and auditing
- Marketing and communication (with consent)
5. Data Sharing and Third-Party Services
We never sell your personal data. We share data only in the following circumstances:
Service Providers:
- Calendar and Email Integration Services: Third-party providers for scheduling and email management
- AI and Machine Learning Platforms: Service providers for chat processing, analysis, and intelligent automation
- Voice Processing Services: Third-party providers for call handling, recording, and transcription
- Email Service Providers: Third-party services for email validation, delivery, and communication
- Microsoft: Teams integration and Azure hosting services
- Google: Calendar services and reCAPTCHA security
- Analytics and Hosting Providers: Website performance monitoring and infrastructure services
- Communication Tools: Internal notification and team collaboration platforms (anonymized data only)
Legal Requirements:
- Law enforcement requests with valid legal process
- Compliance with subpoenas, court orders, or regulatory requirements
- Protection of our rights, property, or safety
- Prevention of fraud or illegal activities
Business Transfers:
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, subject to the same privacy protections.
6. Third-Party Platform Compliance
Google API Services:
- We comply with Google's API Services User Data Policy
- We follow Google's Limited Use requirements for user data
- We do not use Google data for advertising or marketing unrelated to our services
- We implement Google's required security measures
Specific Limited Use Compliance:
- • Google user data is used only for providing user-facing scheduling and calendar features
- • We do not allow humans to read Google data except with explicit user consent or for security purposes
- • Google data is not sold, transferred to advertising platforms, or used for creditworthiness decisions
- • We request only the minimum necessary OAuth scopes for our core functionality
- • Google data access is limited to authenticated users for their own data
Microsoft Platform:
- We comply with Microsoft's API terms and conditions
- We follow Azure security and compliance standards
- We implement Microsoft's data protection requirements
AI Service Providers:
- We comply with all applicable AI service provider terms and conditions
- We follow responsible AI practices and industry standards
- We implement data minimization principles for AI processing
- We respect user privacy in AI training and model development
7. Voice Recording and AI Processing
Important Notice: By using our voice services, you consent to call recording and AI processing.
Voice Recording:
- All voice interactions are recorded for quality assurance
- Recordings are processed by AI for transcription and analysis
- You must obtain consent from all call participants
- Recordings are stored securely with encryption
Legal Compliance:
- You are responsible for compliance with local recording laws
- We provide notice when recording begins
- One-party consent applies where legally permissible
- You must inform participants of recording in two-party consent jurisdictions
AI Processing:
- Voice data is processed for sentiment analysis and insights
- Transcriptions are used for service improvement
- Anonymized data may be used for AI training
- Processing occurs in secure, compliant environments
8. Data Retention and Deletion
Retention Periods:
- Account Data: Retained while account is active plus 3 years
- Voice Recordings: Retained for 7 years or as required by law
- Chat Logs: Retained for 2 years for service improvement
- Analytics Data: Retained for 25 months (aggregated)
- Security Logs: Retained for 6 months
- Marketing Data: Retained until consent is withdrawn
Data Deletion:
- Data is deleted automatically after retention periods
- You can request deletion of your data at any time
- Some data may be retained for legal compliance
- Anonymized data may be retained for research purposes
9. Security Measures
Technical Safeguards:
- AES-256 encryption for data at rest
- TLS 1.3 encryption for data in transit
- OAuth 2.0 with PKCE for secure authentication
- Multi-factor authentication for admin access
- Regular security audits and penetration testing
Organizational Measures:
- Role-based access controls
- Employee background checks and training
- Data processing agreements with all vendors
- Incident response and breach notification procedures
- Regular compliance assessments
Infrastructure Security:
- SOC 2 Type II compliant cloud infrastructure
- Network segmentation and firewall protection
- Automated backup and disaster recovery
- 24/7 security monitoring and alerting
10. Your Rights and Choices
Data Subject Rights (GDPR/CCPA):
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data
- Portability: Receive your data in a structured format
- Restriction: Limit how we process your data
- Objection: Object to certain types of processing
How to Exercise Your Rights:
- Email us at support@happinest.ai
- Use the privacy controls in your account settings
- Revoke integrations in your Google/Microsoft account settings
- Contact our Data Protection Officer for complex requests
Marketing and Communication:
- Opt out of marketing emails by clicking "unsubscribe"
- Adjust notification preferences in your account
- Withdraw consent for optional data processing
11. International Data Transfers
Your data may be transferred and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) for EU data transfers
- Adequacy decisions for approved countries
- Binding Corporate Rules where applicable
- Certification programs and codes of conduct
12. Children's Privacy
Our services are designed for business use and are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16.
If you believe we have collected information from a child under 16, please contact us immediately at support@happinest.ai, and we will delete the information.
13. Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify relevant authorities within 72 hours
- Inform affected users without undue delay
- Provide clear information about the breach and our response
- Offer guidance on protective measures you can take
- Implement additional security measures as needed
14. Changes to This Policy
We may update this privacy policy periodically to reflect changes in our practices, services, or legal requirements. We will:
- Post the updated policy on our website
- Update the effective date at the top of the policy
- Notify users of material changes via email
- Provide a summary of key changes when significant
Your continued use of our services after any changes constitutes acceptance of the updated policy.
15. Contact Information
Data Controller
HappiNest.ai
Email: support@happinest.ai
General Contact: mehdi@happinest.ai
Data Protection Officer
Email: support@happinest.ai
For complex privacy matters and GDPR compliance
Regulatory Complaints
EU users: Contact your local supervisory authority
California users: Contact the California Attorney General