Privacy Policy

1. Introduction

Welcome to The Smartest Email. This Privacy Policy explains how Happenings Group A/S ("we", "us", "our") collects, uses, discloses, and protects your personal information when you use our email management service.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy describes our privacy practices in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

We collect the following types of information:

2.1 Account Information

• Google account email address
• Name and profile picture (from your Google account)
• OAuth tokens (encrypted) for Gmail API access

2.2 Email Data

• Email metadata (sender, recipient, subject, date, labels)
• Email content (body text and HTML)
• Email attachments metadata (filename, size, type)
• Thread information and conversation structure
• Unsubscribe information from email headers

2.3 AI Analysis Data

• Email categories (personal, work, newsletter, etc.)
• Sentiment analysis results
• Priority scores and importance ratings
• Suggested actions and smart replies
• Tags and labels generated by AI

2.4 Usage Information

• Log data (IP address, browser type, device information)
• Actions taken within the Service (emails read, archived, deleted)
• Feature usage statistics
• Error reports and performance data

3. How We Use Your Information

We use your information for the following purposes:

3.1 Provide the Service

• Access and display your emails
• Perform AI-powered analysis and categorization
• Generate insights and analytics about your email patterns
• Provide one-click unsubscribe functionality
• Group related emails into threads

3.2 Improve the Service

• Train and improve our AI models (using aggregated, anonymized data only)
• Identify and fix technical issues
• Develop new features and enhancements
• Conduct research and analysis

3.3 Communicate with You

• Send service-related notifications
• Respond to your inquiries and support requests
• Notify you of important changes or updates

3.4 Legal Basis (GDPR)

• Performance of Contract: Processing necessary to provide the Service
• Legitimate Interests: Improving our Service, security, and fraud prevention
• Consent: Where you have explicitly consented (e.g., marketing emails)
• Legal Obligation: Compliance with applicable laws and regulations

4. Data Storage and Security

We implement industry-standard security measures to protect your data:

4.1 Encryption

• In Transit: All data transmitted between your device and our servers uses TLS/SSL encryption
• At Rest: All data stored in our databases is encrypted using AES-256-GCM
• OAuth Tokens: Gmail API tokens are encrypted with additional layers of security

4.2 Infrastructure Security

• Hosted on MongoDB Atlas with enterprise-grade security
• Deployed on Vercel's secure edge network
• Regular security audits and vulnerability assessments
• Automated backups and disaster recovery procedures

4.3 Access Controls

• Role-based access control for our team members
• Multi-factor authentication for administrative access
• Audit logs of all access to production systems
• Principle of least privilege for all system access

5. Data Sharing and Disclosure

We do not sell your personal data. We only share your data in the following limited circumstances:

5.1 Service Providers

We share data with trusted third-party service providers who help us operate the Service:

• MongoDB Atlas: Database hosting and storage
• Vercel: Application hosting and deployment
• Anthropic (Claude AI): AI-powered email analysis
• Google: Gmail API for email access

All service providers are bound by strict data processing agreements and cannot use your data for their own purposes.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or illegal activities
• Protect the rights and safety of our users

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

6. Your Rights

Under GDPR and other data protection laws, you have the following rights:

To exercise any of these rights, please contact us at privacy@happenings.dk. We will respond within 30 days.

7. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience:

7.1 Essential Cookies

• Authentication and session management
• Security and fraud prevention
• Load balancing and performance

7.2 Analytics Cookies

• Vercel Analytics for page views and performance metrics
• Usage statistics to improve the Service
• Error tracking and debugging

You can control cookies through your browser settings. Note that disabling essential cookies may affect Service functionality.

8. Third-Party Services

Our Service integrates with third-party services:

8.1 Google Gmail API

We access your Gmail account via OAuth 2.0 with your explicit permission. Review Google's privacy policy at policies.google.com/privacy

8.2 Claude AI (Anthropic)

Email content is processed by Claude AI for analysis. Anthropic does not store or train on your data. Review Anthropic's privacy policy at anthropic.com/privacy

We are not responsible for the privacy practices of third-party services. Please review their privacy policies.

9. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@happenings.dk. We will delete such information from our systems.

10. International Data Transfers

We are based in Denmark (EU), but our service providers may be located worldwide:

• MongoDB Atlas: Data stored in EU data centers
• Vercel: Edge network with global distribution
• Anthropic: AI processing may occur in the US

We ensure appropriate safeguards are in place for all data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Data Retention

We retain your personal data only as long as necessary:

• Active Accounts: Data retained while your account is active
• Deleted Accounts: Data permanently deleted within 30 days of account deletion
• Legal Requirements: Some data may be retained longer if required by law
• Anonymized Data: Aggregated, anonymized analytics may be retained indefinitely

You can delete your account and all associated data at any time through the Service settings.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting a notice on our Service
• Sending you an email notification
• Updating the "Last updated" date at the top of this policy

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy. Please review this policy periodically.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your residence, place of work, or place of alleged infringement.