Privacy Policy
Effective Date: February 6, 2026
Last Updated: February 6, 2026
Hapnyn, Inc. (“Hapnyn,” “we,” “us,” or “our”), operates the Hapnyn application and website (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.
1. Information We Collect
Information You Provide
- Account Information: When you create an account, we collect your name and at least one contact method (email address or phone number).
- Contact Methods: You may add multiple email addresses and phone numbers to your account. Each contact method is verified before it is linked to your account.
Information Collected Automatically
- Authentication Data: When you sign in, we generate a one-time passcode (OTP) that is hashed and stored temporarily. OTP records are deleted immediately after verification or upon expiration (10 minutes).
- Session Cookies: We use strictly necessary cookies to manage your authenticated session. These include:
- An access token cookie (short-lived, 10 minutes)
- A refresh token cookie (up to 90 days if you select “Remember me,” otherwise 1 hour)
- Both cookies are HttpOnly, Secure (in production), and SameSite=Lax
- Local Storage: If you choose “Remember me on this device,” your email address or phone number is stored in your browser's local storage to pre-fill the sign-in form. This data stays on your device and is cleared when you sign out.
Website Analytics
We use Plausible Analytics, a privacy-focused analytics service, to understand how visitors use the Service. Plausible does not use cookies, does not collect personal data, and does not track individual users across sites. All data is aggregated and no personally identifiable information is stored. For more information, see Plausible's data policy.
Information We Do Not Collect
- We do not use advertising cookies or share data with ad networks.
- We do not collect device fingerprints or engage in cross-site tracking.
- We do not use tracking pixels or behavioral monitoring tools.
2. How We Use Your Information
We use your personal information for the following purposes:
- Account Creation and Management: To create your account, verify your identity, and maintain your profile.
- Authentication: To send one-time passcodes via email or SMS for identity verification when you sign in.
- Service Delivery: To display events, locations, and other content relevant to the Service.
- Security: To protect against unauthorized access, detect fraud, and enforce rate limits on authentication attempts.
- Communication: To send transactional messages related to your account (e.g., verification codes). We do not send marketing messages via SMS.
3. SMS/Text Messaging
When you provide a phone number and choose to sign in via SMS:
- We send a one-time verification code to the phone number you provide.
- Message frequency: One message per sign-in attempt.
- Message and data rates may apply depending on your mobile carrier and plan.
- You can opt out of SMS messages at any time by replying STOP to any message. After opting out, you will receive a confirmation message and no further SMS messages will be sent.
- For help, reply HELP to any message or contact us at support@hapnyn.com.
- We do not send marketing, promotional, or recurring campaign messages via SMS. SMS is used solely for one-time identity verification.
Your Phone Number and Opt-In Data
We will not share, sell, or transfer your mobile phone number or SMS opt-in consent data to any third parties or affiliates for their marketing or promotional purposes.
Your phone number and opt-in records are shared only with the following service providers, solely to deliver the SMS verification service:
- Twilio — our SMS delivery provider, which receives your phone number and the verification code in order to send the message. Twilio processes this data under strict confidentiality and solely for the purpose of delivering our messages.
Opt-in records and associated consent data are kept private and will never be transferred to third-party marketers.
4. Third-Party Service Providers
We share personal information with the following third-party service providers, strictly for the purposes described below. None of these providers are authorized to use your data for their own marketing purposes.
| Provider | Data Shared | Purpose |
|---|---|---|
| Twilio | Phone number, verification code | SMS delivery for OTP authentication |
| SendGrid | Email address, verification code | Email delivery for OTP authentication |
| Google Maps | Place identifiers | Displaying maps and location information for events and venues |
| Neo4j Aura | All stored account data | Cloud database hosting |
| Plausible Analytics | Aggregated, non-personal usage data (no cookies, no IP addresses) | Privacy-focused website analytics |
| Microsoft Azure | Encrypted secrets and infrastructure data | Application hosting, secret management, and infrastructure |
5. Data Sharing and Disclosure
We do not sell your personal information. We do not share your personal information with third parties for their marketing purposes.
We may disclose your information only in the following circumstances:
- Service Providers: As described in Section 4, to providers who assist in operating the Service under contractual confidentiality obligations.
- Legal Compliance: When required by law, regulation, legal process, or governmental request.
- Safety and Rights: To protect the safety, rights, or property of Hapnyn, our users, or the public.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- OTP codes are hashed (SHA-256) before storage and deleted immediately after use.
- Authentication tokens are stored in HttpOnly, Secure, SameSite cookies to prevent unauthorized access.
- Production secrets (API keys, signing keys, database credentials) are stored in Azure Key Vault with access controls and rotation support.
- Authentication attempts are rate-limited (5 attempts per 5-minute window) to prevent brute-force attacks.
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
7. Data Retention
- OTP Authentication Records: Deleted immediately after successful verification or after expiration (10 minutes).
- Account Data: Retained for as long as your account is active.
- Contact Methods: Retained for as long as they are associated with your account.
- Session Tokens: Expire automatically (access tokens: 10 minutes; refresh tokens: up to 90 days).
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Delete your account and associated personal data.
- Opt out of SMS messages by replying STOP at any time.
To exercise any of these rights, contact us at support@hapnyn.com.
9. Children's Privacy
The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete that information promptly.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date at the top of this page. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
- Email: support@hapnyn.com
- Website: https://hapnyn.com