1. Overview

1.1 Happio Limited (the "Company", "we", "us" or "our") respects your privacy and is committed to treating any information that we obtain about you with as much care as possible and in a manner that is compliant with all applicable data protection legislation including the EU General Data Protection Regulation 2016/679 ("GDPR") and any national implementing laws in relation to the same including the Data Protection Act 2018 (collectively, "Data Protection Legislation").

1.2 For any questions about this Privacy Policy, please contact us at hello@happio.io.

1.3 This policy applies to your use of:

• Our Website, App, Dashboard, and Services (as defined in our Terms of Service).

1.4 This policy explains:

• What personal data we may collect;
• How we collect, store, process, and share personal data;
• Your rights under data protection legislation;
• How AI and cookies are used in connection with our Services.

1.5 Terms defined in GDPR (e.g., "data subject", "personal data", "processing") have the same meaning in this policy.

1.6 We may update this policy from time to time.

2. The personal data we process

2.1 We collect personal data through various channels, including:

• Registration, accounts, or subscriptions;
• Therapy sessions, digital questionnaires, and AI interactions;
• Contact via email, phone, or support;
• Usage data collected automatically by our App or Website.

2.2 Personal data may include:

• Health Data: clinical questionnaires, therapy responses, medical history relevant to Services;
• Identity & Contact Data: name, email, date of birth, gender, account credentials;
• Therapist Data: identity, clinic, specialisation, account info;
• Product/Service Data: order history, payment information, service usage;
• Device & Usage Data: browser, device type, IP, app usage;
• Marketing & Communications Data: preferences and consent for communications.

2.3 We do not process:

• Data about criminal convictions or offences;
• Personal data of children under 13 without parental consent.

3. Purposes of processing

We use your data for purposes including:

• Providing, personalising, and improving Services;
• AI-assisted therapy recommendations;
• Responding to support enquiries;
• Payment processing;
• Marketing (with consent where required);
• Legal compliance and fraud prevention;
• Analytics to improve the Software and user experience.

4. Lawful basis for processing

4.1 Health Data: Usually processed on the basis of your explicit consent. In some cases, processing may be necessary for public health or preventative medicine.

4.2 Marketing: Processed on consent or legitimate interest, depending on communication type.

4.3 Other processing: May rely on contract performance, legal obligations, or legitimate interests.

4.4 You may withdraw consent at any time by contacting hello@happio.io, but this may limit Services functionality.

5. Consequences of not providing data

5.1 Without required personal data, we may be unable to provide the full Software or Services.

5.2 Withdrawal of consent for Health Data may limit access to AI-assisted therapy features.

6. AI and Automated Processing

6.1 Use of AI in Happio

We use AI technologies and automated systems to enhance Services, including:

• Personalising therapy programs based on Health Data and responses;
• Providing AI-generated insights to assist your nominated clinician;
• Analysing usage patterns to improve the Software and Services;
• Generating recommendations, exercises, or alerts to support therapy.

6.2 Data used in AI processing

AI may process:

• Health Data you provide;
• Usage Data (interaction patterns, session length, feature usage);
• Identity data only if necessary for personalised recommendations or communication.

6.3 Data sharing and storage

AI processing may involve pseudonymised or anonymised data sent to AI service providers or internal analytics systems.

Personal identifiers are shared only with your nominated clinician; third-party AI providers cannot access identifiable data without consent.

AI outputs are for clinician assistance and Service improvement, not a substitute for medical advice.

6.4 Your control and rights

• You may request human review of AI decisions affecting your therapy.
• Consent for AI processing can be withdrawn, but this may limit personalised Services.
• All AI processing is governed by GDPR, UK GDPR, and other relevant laws.

7. Use of Artificial Intelligence within the Happio Service

As part of the Happio Service, we use artificial intelligence and automated systems to enhance functionality, personalisation, and user engagement.

7.1 Nature of AI Processing

AI functionality within the Service may analyse user inputs, behavioural patterns, questionnaire responses, and interaction history in order to:

• Generate personalised prompts or supportive content
• Provide structured summaries or insights
• Adapt user journeys or engagement pathways
• Improve platform functionality and performance

All AI outputs are generated automatically based on the data you provide.

7.2 Categories of Data Processed

AI systems may process:

• Messages and responses submitted through the platform
• Health and wellbeing data voluntarily provided
• Usage and engagement metrics
• Technical and device information

Where health-related data is processed, it may constitute special category data under applicable data protection legislation.

7.3 Lawful Basis and Continuous Consent

Lawful Basis and Continuous Consent Processing is carried out based on the explicit consent provided during your initial sign-up. Furthermore, by interacting with the AI Coach, you reaffirm your acceptance of these terms. A notice is provided at the bottom of the AI Coach screen stating that by using the feature, you accept the AI Coach section of our terms and policy.

7.4 Third-Party AI Infrastructure

Our AI Coach functionality is powered by OpenAI (ChatGPT). When you interact with the AI Coach, we send only the specific text prompts or queries you enter to generate a response. We do not share your name, email, medical history, or any other personally identifiable health data with OpenAI. Any data processed is encrypted in transit and at rest. Your use of these features is also governed by The OpenAI Business Terms.

You may withdraw consent at any time by contacting hello@happio.io. Withdrawal may limit or disable AI functionality.

7.5 Automated Decision-Making

AI outputs are assistive in nature. They are not intended to replace professional judgement or constitute medical advice.

You may request:

• Further information about automated processing
• Human review where applicable under data protection law

7.6 Data Retention and Deletion

AI interaction data is retained only as long as necessary to provide the Service and improve system performance, subject to our general data retention policies.

You may request deletion of your data in accordance with your rights under applicable data protection law.

7.8 Artificial Intelligence Functionality

The Happio Service incorporates artificial intelligence and automated technologies as part of its functionality.

7.9 Nature of AI Outputs

AI-generated responses, prompts, summaries, or insights are produced algorithmically based on user-provided data and engagement behaviour.

You acknowledge that:

• AI outputs are probabilistic in nature
• Results may be incomplete, inaccurate, or unsuitable in certain circumstances
• Outputs are provided for informational and supportive purposes only

7.10 No Professional Advice

The Service, including AI-generated content, does not provide medical, psychological, psychiatric, or therapeutic advice.

Nothing generated through the Service should be relied upon as a diagnosis, treatment plan, or substitute for qualified professional care.

You remain solely responsible for decisions and actions taken based on information provided through the Service.

7.11 Crisis Limitation

The Service is not designed for emergency or crisis use.

If you are experiencing suicidal ideation, self-harm thoughts, or a medical emergency, you must seek assistance from emergency services or qualified healthcare professionals immediately.

7.12 Acceptable Use of AI Features

You agree not to:

• Attempt to reverse engineer or extract underlying AI models
• Use AI outputs to train competing systems
• Circumvent safety mechanisms or safeguards
• Use the Service for unlawful, harmful, or abusive purposes

7.13 Third-Party Technology

AI functionality may rely on third-party infrastructure providers. Your use of the Service remains subject to these Terms and applicable law.

7.14 Limitation of Liability Relating to AI

To the fullest extent permitted by law:

• AI functionality is provided "as is" without warranties
• We do not guarantee accuracy, reliability, or specific outcomes
• We are not liable for reliance on AI-generated outputs

Nothing in this section excludes liability that cannot lawfully be excluded.

8. Cookies & Tracking Technologies

8.1 What are cookies?

Cookies are small files stored on your device that remember your preferences, device information, and activity. They help improve the functionality of our Software and AI features.

8.2 Types of cookies we use

8.3 Managing Cookies:

• You can choose to block or delete cookies through your browser/device settings.
• Blocking some cookies may prevent the AI features or certain parts of the Software from functioning correctly.
• All cookies are retained only as long as needed for the purposes described above, and we anonymise or aggregate data wherever possible.

8.4 AI & Cookies Together:

• Cookies help the AI understand your usage patterns and provide more accurate, personalised insights.
• No personally identifiable Health Data is shared with AI providers without your explicit consent.
• Data used for AI purposes is securely stored, encrypted, and governed by GDPR/UK GDPR rules.

9. Storage and retention

9.1 Data is stored only as long as necessary to provide Services. Some anonymised or aggregated data may be retained for analytics and service improvement.

9.2 Data is stored securely on AWS servers using encryption and firewalls. Passwords are hashed; personal data is protected with industry-standard safeguards.

9.3 We will notify you promptly if there is a data breach affecting your rights.

10. Sharing with third parties

10.1 We may share personal data with:

• Nominated therapists.
• Secured and official cloud hosting and service providers.
• Payment processors;
• Analytics and AI service providers (where only pseudonymised or anonymised data is shared, and strictly for the purposes of service improvement).
• AI Service Providers (OpenAI): For the AI Coach, we share only the prompts you provide; no identifiable user information or account credentials are sent to ChatGPT. All third-party partners are contractually bound to provide the same or equal protection of your data as required by Data Protection Legislation.

10.2 Personal data may also be shared when required by law, regulation, or legal proceedings.

11. Your rights

You may request:

• Access to your personal data;
• Correction or erasure;
• Restriction of processing;
• Data portability;
• Objection to certain processing;
• Complaints to supervisory authorities (UK ICO).

12. Links to third parties

12.1 Third-party links in our Software are not endorsements. Their privacy practices are outside our control.

13. Questions and complaints