Legal
Privacy Policy
Last updated: June 3, 2026
1. Who We Are
Happen AI is a trade name of Abhishek Paul, a sole proprietorship registered in India (GST and Udyam Aadhaar registered; registration details available on request). Contact for privacy matters: privacy@happen-ai.com. For data protection purposes, Abhishek Paul is the data controller.
2. What Data We Collect
Data we DO collect
| Category | Data | How collected | Why |
|---|---|---|---|
| Account | Email address, name | On signup at hub.happen-ai.com | Account management, transactional email |
| Payment | Transaction ID, purchase amount, pack tier, license key | Via Razorpay | License delivery and support |
| Support | Message content, email | If you contact us | To help you |
| Telemetry (opt-in) | Feature usage events (which features are used, not what data they process), crash reports | Only if you opt in (default: off) | Product improvement |
| Server logs | IP address, request path, response time | Cloudflare/Vercel automatically | Security and uptime monitoring |
Data we DO NOT collect
This is our core privacy commitment. We explicitly do not collect:
- BYOK API keys — Your Anthropic, OpenAI, or other API keys are stored in your operating system's keychain (macOS Keychain, Windows Credential Manager). They never leave your device. We have no access to them.
- Prompts and conversations — All chat messages between you and your agents are processed locally or via your own API key. We never see conversation content.
- Agent configurations — Your system prompts, agent knowledge bases, and pack customizations stay on your device.
- Files you upload to agents — Document knowledge bases in packs are stored locally in
~/.happen/. We do not upload your files to our servers.
3. Third-Party Services We Use
| Subprocessor | Purpose | Data shared | Location |
|---|---|---|---|
| Razorpay (Razorpay Software Private Limited) | Payment gateway processing | Email, purchase details | India |
| Cloudflare | CDN, DDoS protection, DNS | IP, request headers | USA (SCCs) |
| Vercel | Website hosting | IP, request headers | USA (SCCs) |
| Postmark or Resend | Transactional email (receipts, verification) | Email address | USA (SCCs) |
| Sentry (opt-in only) | Crash reporting | Stack traces, anonymized device info | USA (SCCs) |
We maintain a current subprocessor list, available on request via the contact details below. We will notify customers at least 30 days before adding new subprocessors.
4. Cookies
We use no tracking cookies. Our website analytics use Plausible, which is cookie-free and does not track individuals. The Hub (hub.happen-ai.com) uses a session cookie for authentication (essential, not analytics). No third-party advertising cookies. No cross-site tracking.
5. How We Use Your Data
| Data | How we use it |
|---|---|
| Account authentication, license delivery, important product updates (not marketing unless you opt in) | |
| Transaction data | Issuing and validating licenses, processing refunds, accounting |
| Telemetry (opt-in) | Improving features, identifying bugs |
| Server logs | Security monitoring, debugging (retained 30 days) |
We do not sell, rent, or share your personal data with third parties except as described in section 3 (subprocessors acting on our behalf) and as required by law.
6. Data Retention
| Data category | Retention period | Reason |
|---|---|---|
| Account data | 7 years after account closure | Legal requirement for purchase records (India taxation law) |
| Purchase records | 7 years | Tax law |
| Opt-in telemetry | 90 days rolling | Product analytics |
| Support tickets | 3 years | Reference for ongoing issues |
| Server logs | 30 days | Security only |
On account deletion request: we delete all personal data except what is required by law (purchase records for 7 years). Deletion confirmed by email within 30 days.
7. Your Rights (including DPDP — India)
Rights vary by jurisdiction. We honor the following for all users regardless of location:
| Right | What it means | How to exercise |
|---|---|---|
| Access (GDPR Art. 15, DPDP Sec. 11) | Get a copy of your personal data | Email privacy@happen-ai.com |
| Correction (GDPR Art. 16) | Fix inaccurate data | Email us or update in hub account settings |
| Deletion (GDPR Art. 17 "right to be forgotten") | Delete your account and associated data | Hub settings → Delete Account, or email us |
| Portability (GDPR Art. 20) | Export your data in machine-readable format | Email us — we will provide CSV/JSON within 30 days |
| Object to processing (GDPR Art. 21) | Stop processing for legitimate interest purposes | Email us |
| Opt out of telemetry | Turn off crash reporting and usage analytics | Desktop Settings → Privacy → Telemetry: Off |
| DPDP: Consent withdrawal (DPDP Sec. 6) | Withdraw consent for any non-essential processing | Email us |
Response time: within 30 days for all requests. Complex requests may take up to 90 days with notice.
8. California Privacy Rights (CCPA)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):
- Right to know — what personal information we collect, use, disclose, and sell (we do not sell).
- Right to delete — request deletion of personal information we have collected from you.
- Right to opt out of sale — We do not sell your personal information. This right is satisfied by our data practices.
- Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights.
To exercise CCPA rights, email privacy@happen-ai.com with subject line "CCPA Request".
9. International Data Transfers
Our business is based in India, and payments are processed in India by Razorpay. Some data may be processed in countries where our other subprocessors operate (USA). Those transfers (Cloudflare, Vercel, Postmark) rely on Standard Contractual Clauses (SCCs).
10. Children
Our services are for users 18 and older. We do not knowingly collect data from anyone under 18. If we learn we have inadvertently collected data from a minor, we will delete it immediately.
11. Security
- Account passwords are hashed (bcrypt) — never stored in plaintext.
- Database encrypted at rest (Postgres with transparent data encryption).
- All data in transit encrypted via TLS 1.2+.
- BYOK keys: stored in OS keychain — not accessible to us even if our servers were compromised.
- For security issues, contact security@happen-ai.com. We commit to acknowledging within 48 hours and resolving critical issues within 7 days.
12. Changes to This Policy
We will notify you by email at least 30 days before material changes take effect. The "last updated" date at the top of the policy will always reflect the current version.
13. Contact
- Privacy requests: privacy@happen-ai.com
- DPDP Grievance Officer (India): Abhishek Paul, legal@happen-ai.com (as required by DPDP Act 2023)
Also see: Terms of Service · Refund Policy