Browse legal

Happee, Inc. — Security Policy

Last Updated: April 1, 2026

Happee, Inc., a Delaware corporation ("Company"), is committed to protecting the security and privacy of all information entrusted to it by Customers and Authorized Users. All capitalized terms not specifically defined herein have the meanings set forth in the Company's Cloud Computing Service Agreement.

Our services and internal operating processes will be in compliance with applicable laws and regulations, as well as established industry practices. The Company will implement appropriate technical and organizational measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of or access to personal data processed or transmitted through the Services.

Architecture and Data Segregation

The Services are operated on a multitenant architecture that is designed to segregate and restrict access to data that a Customer and its Authorized Users make available via the Services. The architecture provides logical data separation for each Customer via a unique identifier. No Customer can access another Customer's data.

Public Cloud Infrastructure

The Services are hosted on public cloud infrastructure provided by reputable third-party cloud providers. These providers are selected based on their security certifications, reliability, and compliance with applicable regulations. The Company remains responsible for the security of Customer Data within that infrastructure.

Access Controls

The Company maintains detailed access logs recording every sign-in, including the type of device used and the IP address of the connection. Administrators can terminate Authorized User access at any time, on demand. Two-factor authentication is available to all Authorized Users and can be required by Customer administrators for all users within their account. Firewalls are configured according to industry standards. Access to production systems by Company personnel is logged and reviewed.

Intrusion Detection

The Company monitors the Services for unauthorized intrusions using automated tools and, where appropriate, authorized third-party security monitoring services.

Incident Management

The Company maintains incident response policies and procedures. In the event of a suspected or confirmed unauthorized disclosure of Customer Data, the Company will notify affected Customers as soon as possible and in any event within 72 hours, to the extent permitted by law. The Company will provide details of the incident, the data affected, and the steps taken or planned to remediate it.

Data Encryption

The Company uses industry-standard encryption to protect Customer Data during transmission between Authorized Users and the Services. Data at rest is protected using encryption provided by the Company's cloud infrastructure.

Backup and Recovery

The Company performs regular backups of Customer Data to support recovery in the event of a failure. Backup data is stored redundantly. Customers may request deletion of their Customer Data at any time; the Company will complete deletion from active systems within 48 hours and from backup media within 14 days, except where temporarily suspended due to an active incident investigation or court order.

Storage and Deletion

Customer Data is stored redundantly across the Company's hosting provider's infrastructure to ensure availability. Upon expiration or termination of Customer's account, if Customer does not otherwise request deletion sooner, the Company will make Customer Data available for export for 30 days, then delete all copies of Customer Data, except as required for legal obligations or ongoing incident investigations.

Personnel

The Company conducts background checks on employees before employment. Employees receive privacy and security training during onboarding and ongoing training during employment. All employees are required to acknowledge their obligations with respect to privacy, security, and confidential information.

Risk Analysis and Management

The Company conducts periodic risk assessments to identify potential risks to and vulnerabilities of Customer Data and internal systems. Based on these assessments, the Company adopts and implements appropriate safeguards and security measures to protect against reasonably foreseeable threats.

Information Access Management

The Company grants employees and contractors access to Customer Data only as required by their job duties, and only to the minimum necessary amount required to perform those duties.

Acceptable Use

All use of the Company's information technology systems by Company personnel is governed by this Policy, the Company's internal procedures, and sound business judgment.

Password Policy

The Company ensures that all employees use strong passwords and follow secure credential management practices. Shared credentials are not permitted for production system access.

Security Incident Response

All suspected privacy and security incidents must be reported to the Security Officer immediately. The Security Officer is responsible for taking appropriate steps to block further incidents, remediate and restore services, preserve evidence, and notify affected parties as required.

Contingency Planning

The Company has developed and maintains a Disaster Recovery and Business Continuity Plan covering system emergencies including infrastructure failures, natural disasters, and other disruptive events. The plan includes procedures for restoring service and recovering Customer Data.

Security Evaluation

The Company performs periodic technical and non-technical security evaluations to verify that its security policies and procedures remain effective and compliant with applicable law and industry standards.

Destruction of Protected Information

Media containing Customer Data or other protected information is wiped or destroyed in a manner that safeguards the confidentiality of that information, consistent with the retention and deletion provisions of the Cloud Computing Service Agreement.

Security Officer

The Company has designated a Security Officer responsible for the development, implementation, and ongoing adherence to this Policy.

Contact

To report a security concern or suspected breach, contact us at:

Email: security@happee.ai
Mail: Happee, Inc., Attn: Security, 1343 Main Street, Suite 602, Sarasota, FL 34236

Happee, Inc. · security@happee.ai · Delaware, USA

See it on your business.

Ten minutes in a chat with HAPPEE — your tenant provisions itself while you're still talking.

Get started See it on your business