1. Overview
1.1. Happio Limited (the "Company", "we", "us" or "our") respects your privacy and is committed to treating any information that we obtain about you with as much care as possible and in a manner that is compliant with all applicable data protection legislation including the EU General Data Protection Regulation 2016/679 ("GDPR") and any national implementing laws in relation to the same including the Data Protection Act 2018 (collectively, "Data Protection Legislation").
1.2. We have appointed Dr Michael Temchin as our Data Protection Officer (DPO). For any questions about this Privacy Policy, please contact us at hello@happio.io.
1.3. This policy applies to your use of:
- Our Website, App, Dashboard, and Services (as defined in our Terms of Service).
1.4. This policy explains:
- What personal data we may collect;
- How we collect, store, process, and share personal data;
- Your rights under data protection legislation;
- How AI and cookies are used in connection with our Services.
1.5. Terms defined in GDPR (e.g., "data subject", "personal data", "processing") have the same meaning in this policy.
1.6. We may update this policy from time to time. Please check the latest version at https://happio.io/privacy before using our Services.
2. The personal data we process
2.1. We collect personal data through various channels, including:
- Registration, accounts, or subscriptions;
- Therapy sessions, digital questionnaires, and AI interactions;
- Contact via email, phone, or support;
- Usage data collected automatically by our App or Website.
2.2. Personal data may include:
- Health Data: clinical questionnaires, therapy responses, medical history relevant to Services;
- Identity & Contact Data: name, email, date of birth, gender, account credentials;
- Therapist Data: identity, clinic, specialisation, account info;
- Product/Service Data: order history, payment information, service usage;
- Device & Usage Data: browser, device type, IP, app usage;
- Marketing & Communications Data: preferences and consent for communications.
2.3. We do not process:
- Data about criminal convictions or offences;
- Personal data of children under 13 without parental consent.
3. Purposes of processing
We use your data for purposes including:
- Providing, personalising, and improving Services;
- AI-assisted therapy recommendations;
- Responding to support enquiries;
- Payment processing;
- Marketing (with consent where required);
- Legal compliance and fraud prevention;
- Analytics to improve the Software and user experience.
4. Lawful basis for processing
4.1. Health Data: Usually processed on the basis of your explicit consent. In some cases, processing may be necessary for public health or preventative medicine.
4.2. Marketing: Processed on consent or legitimate interest, depending on communication type.
4.3. Other processing: May rely on contract performance, legal obligations, or legitimate interests.
4.4. You may withdraw consent at any time by contacting hello@happio.io, but this may limit Services functionality.
5. Consequences of not providing data
5.1. Without required personal data, we may be unable to provide the full Software or Services.
5.2. Withdrawal of consent for Health Data may limit access to AI-assisted therapy features.
6. AI and Automated Processing
6.1. Use of AI in Happio
We use AI technologies and automated systems to enhance Services, including:
- Personalising therapy programs based on Health Data and responses;
- Providing AI-generated insights to assist your nominated clinician;
- Analysing usage patterns to improve the Software and Services;
- Generating recommendations, exercises, or alerts to support therapy.
6.2. Data used in AI processing
AI may process:
- Health Data you provide;
- Usage Data (interaction patterns, session length, feature usage);
- Identity data only if necessary for personalised recommendations or communication.
6.3. Data sharing and storage
AI processing may involve pseudonymised or anonymised data sent to AI service providers or internal analytics systems.
Personal identifiers are shared only with your nominated clinician; third-party AI providers cannot access identifiable data without consent.
AI outputs are for clinician assistance and Service improvement, not a substitute for medical advice.
6.4. Your control and rights
- You may request human review of AI decisions affecting your therapy.
- Consent for AI processing can be withdrawn, but this may limit personalised Services.
- All AI processing is governed by GDPR, UK GDPR, and other relevant laws.
7. Cookies & Tracking Technologies
7.1. What are cookies?
Cookies are small files stored on your device that remember your preferences, device information, and activity. They help improve the functionality of our Software and AI features.
7.2. Types of cookies we use
- Strictly Necessary Cookies: Required for login, security, session management, and core functionality. Without them, you cannot access essential parts of the Software (e.g., logging in, using AI-assisted therapy).
- Performance/Analytics Cookies: Track how you use the App or Website, e.g., pages visited or session duration. Helps us improve performance and user experience.
- Functionality Cookies: Remember preferences like language or display settings to personalise your experience.
- AI Interaction & Device Cookies: Track device info, session data, and how you interact with AI tools. This data helps improve AI recommendations, detect errors, and maintain service quality.
- Third-Party Cookies: Some analytics or AI service providers may place cookies to help improve services or provide insights. We do not control these cookies, and they may be subject to the third party's privacy policy.
7.3. Managing Cookies:
- You can choose to block or delete cookies through your browser/device settings.
- Blocking some cookies may prevent the AI features or certain parts of the Software from functioning correctly.
- All cookies are retained only as long as needed for the purposes described above, and we anonymise or aggregate data wherever possible.
7.4. AI & Cookies Together:
- Cookies help the AI understand your usage patterns and provide more accurate, personalised insights.
- No personally identifiable Health Data is shared with AI providers without your explicit consent.
- Data used for AI purposes is securely stored, encrypted, and governed by GDPR/UK GDPR rules.
8. Storage and retention
8.1. Data is stored only as long as necessary to provide Services. Some anonymised or aggregated data may be retained for analytics and service improvement.
8.2. Data is stored securely on AWS servers using encryption and firewalls. Passwords are hashed; personal data is protected with industry-standard safeguards.
8.3. We will notify you promptly if there is a data breach affecting your rights.
9. Sharing with third parties
9.1. We may share personal data with:
- Nominated therapists;
- Hosting providers (AWS);
- Payment processors;
- Analytics and AI service providers (pseudonymised/anonymised data only).
9.2. Personal data may also be shared when required by law, regulation, or legal proceedings.
10. Your rights
You may request:
- Access to your personal data;
- Correction or erasure;
- Restriction of processing;
- Data portability;
- Objection to certain processing;
- Complaints to supervisory authorities (UK ICO).
11. Links to third parties
11.1. Third-party links in our Software are not endorsements. Their privacy practices are outside our control.
12. Questions and complaints
Contact hello@happio.io or write to:
Happio Ltd, Data Protection Enquiries, 83 Baker Street, London, England, W1U 6AG.