Privacy Policy

1. Introduction

Happy Alien ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you use our AI-powered educational services ("Services"). This policy complies with the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

• • Account Information: Name, email address, company name, job title
• • Billing Information: Payment method details, billing address (processed by third-party payment processors)
• • Profile Information: User preferences, subscription plan details, usage statistics
• • Communication Data: Support tickets, feedback, and correspondence

2.2 Educational Content and Usage Data

• • Content Data: Educational materials you upload, create, or modify using our AI tools
• • AI Processing Data: Inputs provided to our AI systems and generated outputs
• • Usage Analytics: Feature usage patterns, Sparks consumption, session duration
• • Performance Data: Learning outcomes, assessment results, engagement metrics

2.3 Technical Information

• • Device Information: IP address, browser type, operating system, device identifiers
• • Log Data: Access times, pages viewed, features used, error logs
• • Cookies and Tracking: Session cookies, preference cookies, analytics cookies

3. How We Use Your Information

3.1 Service Provision

• • Providing and maintaining our AI-powered educational tools
• • Processing your educational content through our AI systems
• • Managing your account, subscriptions, and Sparks usage
• • Delivering customer support and technical assistance

3.2 AI Model Improvement

• • Training and improving our AI models using aggregated, anonymized data
• • Enhancing content generation algorithms and educational effectiveness
• • Developing new features and capabilities

3.3 Legal and Compliance

• • Complying with legal obligations and regulatory requirements
• • Protecting our rights and preventing fraud or abuse
• • Enforcing our Terms of Service and other policies

4. Legal Basis for Processing (GDPR)

For users in the EU/EEA, we process your personal data based on:

• • Contract Performance: To provide our Services as agreed in our Terms of Service
• • Legitimate Interest: To improve our Services, ensure security, and provide customer support
• • Consent: For marketing communications and optional features (where applicable)
• • Legal Obligation: To comply with applicable laws and regulations

5. Data Sharing and Third Parties

5.1 Service Providers

We may share your information with trusted third-party service providers:

• • Cloud Infrastructure: AWS, Google Cloud, Microsoft Azure for secure data hosting
• • Payment Processing: Stripe, PayPal for subscription and billing management
• • AI Services: OpenAI, Anthropic for AI model access (with data protection agreements)
• • Analytics: Privacy-compliant analytics tools for usage insights
• • Customer Support: Help desk and communication platforms

5.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to this Privacy Policy.

5.3 Legal Requirements

We may disclose your information when required by law, court order, or to protect our rights and the safety of our users.

6. Data Security and Protection

We implement industry-standard security measures to protect your data:

• • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• • Access Controls: Role-based access with multi-factor authentication
• • Infrastructure Security: SOC 2 Type II compliant cloud providers
• • Regular Audits: Security assessments and penetration testing
• • Data Minimization: We collect and retain only necessary data
• • Staff Training: Regular security awareness training for all employees

7. International Data Transfers

Your data may be processed in countries outside your residence, including the United States. We ensure adequate protection through:

• • EU-US Data Privacy Framework compliance
• • Standard Contractual Clauses (SCCs) for EU data transfers
• • Adequacy decisions by the European Commission where applicable
• • Additional safeguards as required by local data protection laws

8. Data Retention

We retain your data for the following periods:

• • Account Data: For the duration of your account plus 3 years for legal compliance
• • Educational Content: Until you delete it or close your account
• • Usage Analytics: Aggregated data retained indefinitely; individual data for 2 years
• • Billing Records: 7 years for tax and accounting purposes
• • Support Communications: 3 years for quality assurance

9. Your Rights and Choices

9.1 GDPR Rights (EU/EEA Users)

• • Access: Request a copy of your personal data
• • Rectification: Correct inaccurate or incomplete data
• • Erasure: Delete your personal data ("right to be forgotten")
• • Portability: Export your data in a machine-readable format
• • Restriction: Limit how we process your data
• • Objection: Object to processing based on legitimate interests
• • Withdraw Consent: Revoke consent for consent-based processing

9.2 CCPA Rights (California Users)

• • Right to know what personal information we collect and how it's used
• • Right to delete personal information
• • Right to opt-out of the sale of personal information (we do not sell personal data)
• • Right to non-discrimination for exercising privacy rights

9.3 Exercising Your Rights

To exercise any of these rights, contact us at privacy@happyalien.ai or use our in-app privacy controls. We will respond within 30 days (GDPR) or 45 days (CCPA).

10. Educational Institution Compliance

For educational institutions, we provide additional compliance support:

• • FERPA Compliance: Family Educational Rights and Privacy Act protections
• • COPPA Compliance: Children's Online Privacy Protection Act safeguards
• • Student Data Privacy: Dedicated protections for student information
• • Data Processing Agreements: Available for institutional customers

11. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• • Essential Cookies: Required for basic site functionality and security
• • Analytics Cookies: Understanding usage patterns and improving our Services
• • Preference Cookies: Remembering your settings and preferences

You can manage your cookie preferences through your browser settings or our cookie consent manager.

12. Children's Privacy

Our Services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly. Educational institutions using our Services for students under 13 must have appropriate consents and protections in place.

13. Privacy Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of material changes through email or our Services. Your continued use after such changes constitutes acceptance of the updated policy.

14. Contact Information