Privacy Policy
Last updated: 2026-06-17 · Version 1.0
This Privacy Policy explains how Happyface Platform Inc. ("we", "us") collects, uses, shares, and protects information about you when you use HappyFace, available at happyface.io and via our iOS and Android apps (collectively, the "Service").
If you are in the European Economic Area, the United Kingdom, or Switzerland, the data controller is Happyface Platform Inc. (mailing address below). If you are in California, please see the CCPA Notice for California Residents below.
1. Data we collect
1.1 Information you provide
- Account data: email address, display name, password (hashed by Firebase Authentication; we never see or store the plaintext password).
- Profile data: optional profile photo, bio, and location string you choose to display.
- User content: chains, chain links, photos, captions, comments, likes, follows.
- Location data: when you create a chain link, you may choose to attach your latitude and longitude (stored coarsely as a geohash). Location capture is optional and requires your explicit permission at the OS level.
- Communications: the contents of bug reports, support emails, and feedback you send us.
1.2 Information collected automatically
- Device & usage data: approximate device model, OS version, app version, and basic usage events necessary for the Service to function.
- Crash & performance data: when you use a beta build distributed via Apple TestFlight, Apple collects crash logs and basic diagnostics on our behalf. We may later add a third-party error-monitoring service for similar purposes; this Policy will be updated when we do.
- Cookies & local storage (web): we use first-party cookies and browser localStorage strictly to keep you signed in and to remember UI preferences. We do not use advertising cookies or cross-site tracking.
1.3 Information from third parties
If you sign in using a third-party identity provider (e.g. Google), we receive your basic profile information from that provider, subject to the permissions you grant.
2. Why we use your data
| Purpose | Legal basis (GDPR) |
|---|
| Create and operate your account; deliver the core social features | Contract (Art. 6(1)(b)) |
| Show your content to people who follow you or are nearby | Contract |
| Detect, prevent, and respond to abuse, fraud, and security incidents | Legitimate interests (Art. 6(1)(f)) |
| Comply with legal obligations (e.g. respond to lawful process, DMCA) | Legal obligation (Art. 6(1)(c)) |
| Send service announcements you cannot opt out of (e.g. security notices) | Legitimate interests |
| Improve the Service through aggregated, non-identifying analytics | Legitimate interests |
| Optional location attachment on posts | Consent (Art. 6(1)(a)) — OS-level permission |
3. Who we share data with
We do not sell your personal information. We share data only as described below.
- Other users: your profile, posts, comments, and other public activity are visible to other users of the Service.
- Service providers (subprocessors):
- Google / Firebase — Authentication, Firestore database, Cloud Storage, Cloud Functions, and Firebase Hosting. Data is stored in the United States (Firebase region
nam5).
- Apple — TestFlight (beta distribution) and the App Store; Apple collects crash logs and basic install metrics.
- Google Maps Platform — rendering of map tiles and geocoding for location features.
- Apple App Store / TestFlight (iOS distribution + crash reports for beta builds)
- reCAPTCHA Enterprise (Google, anti-abuse — invisible to users)
- Legal & safety: we may disclose information to comply with applicable law, lawful requests from public authorities, or to protect the rights, property, or safety of HappyFace, our users, or others.
- Business transfers: if we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you and give you choices to the extent required by law.
4. International transfers
The Service is operated from Canada and our primary data is stored in the United States via Google Cloud. If you access the Service from outside these countries, your data will be transferred to and processed in jurisdictions whose data-protection laws may differ from yours.
For transfers from the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (or, where applicable, the EU–US Data Privacy Framework) as the legal mechanism, together with our subprocessors' equivalent commitments.
5. How long we keep your data
- Active account data: retained for as long as your account is active.
- Deleted content: soft-deleted for up to 30 days, after which it is permanently purged from active systems.
- Account deletion: when you delete your account, your profile and User Content are removed from active use within 30 days. Encrypted backups may persist for up to 30 days before being overwritten.
- Legal & security records: abuse logs and information we are legally required to retain may be kept longer where necessary.
6. Your rights
Subject to your local law, you have the following rights regarding your personal information:
- Access & portability — obtain a copy of the personal data we hold about you. On the web app you can do this yourself at any time from the account menu via Download my data, which produces a machine-readable JSON file containing your profile, the chains you own, the chain links you posted, and the likes you gave.
- Correction — correct inaccurate or incomplete data (most fields editable directly from your profile).
- Deletion — request that we delete your data; you can also delete your account from within the app.
- Restriction & objection — ask us to restrict or stop certain processing, including processing based on legitimate interests.
- Withdraw consent — where processing is based on consent (e.g. location), you can withdraw it at any time without affecting the lawfulness of prior processing.
- Complaint — lodge a complaint with your local data protection authority. EEA residents may contact their national supervisory authority; UK residents may contact the ICO; Californians may contact the California Privacy Protection Agency.
To exercise any of these rights, email privacy@happyface.io. We will respond within the timelines required by applicable law (generally within 30 days under GDPR; within 45 days under CCPA, extendable once).
7. Children
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us personal information, contact privacy@happyface.io and we will delete it.
8. Security
We use Firebase Authentication and TLS in transit to protect your data, and we follow industry-standard practices for access control on our cloud infrastructure. No system is perfectly secure; we cannot guarantee absolute security. If we become aware of a personal-data breach that affects you, we will notify you and the relevant authorities as required by applicable law (within 72 hours under GDPR).
9. Cookies & tracking
The web app uses only essential first-party cookies and browser localStorage required to keep you signed in and remember basic preferences. We do not use third-party advertising cookies, cross-site trackers, or fingerprinting. The mobile app does not use cookies; equivalent state is stored locally on your device.
10. CCPA notice for California residents
In the last 12 months, we have collected the following categories of personal information (as defined in Cal. Civ. Code § 1798.140):
- Identifiers (email, account ID, IP-derived approximate location);
- Customer records (name, profile photo);
- Internet/network activity (interactions with the Service, device info);
- Geolocation data (only when you choose to attach it to a post);
- User-generated content (your posts, photos, comments).
We do not sell or share personal information for cross-context behavioral advertising, and we have not done so in the preceding 12 months. We do not use sensitive personal information for purposes other than those permitted without a right to limit.
California residents have the right to know, delete, correct, and the right to non-discrimination for exercising these rights. To exercise them, email privacy@happyface.io. You may designate an authorized agent to act on your behalf; we may require verification.
11. Changes to this Policy
We may update this Policy from time to time. We will post the new version here with an updated "Last updated" date. If changes are material, we will provide additional notice (e.g. in-app or by email).
12. Contact
Privacy questions or requests: privacy@happyface.io.
General support: support@happyface.io.
Mailing address: Happyface Platform Inc., 3 Walkington Way, King City, ON L7B 1C9, Canada.
For full operator identity (Impressum) and all contact channels, see our Contact & Operator Information page.