Privacy Policy
Last updated: February 22, 2026
HAPIVITY PRIVACY POLICY
Last Updated: February 22, 2026
Hapivity Sdn. Bhd. (“Hapivity,” “we,” “our,” or “us”) is committed to protecting your personal data.
We operate in compliance with:
Malaysia Personal Data Protection Act (PDPA)
Singapore PDPA
EU General Data Protection Regulation (GDPR)
UK GDPR
California Consumer Privacy Act (CCPA/CPRA)
Other applicable data protection laws
1. Who We Are
Hapivity Sdn. Bhd. is incorporated in Malaysia.
Our primary hosting infrastructure is located in Singapore.
For organizational (B2B) deployments, we may act as a Data Processor.
For direct users, we act as Data Controller.
2. Legal Basis for Processing (GDPR)
We process personal data under one or more of the following:
Consent (e.g., connecting Apple Health or Google Health Connect)
Performance of contract
Legitimate interest (platform operation, fraud prevention)
Legal obligations
You may withdraw consent at any time by disconnecting health integrations.
3. Information We Collect
A. Activity Data (XP Engine)
If you voluntarily connect Apple Health (iOS) or Google Health Connect (Android), we read only:
Activity type
Duration
Distance
Timestamp
We do not access your full health profile.
B. We Do NOT Collect
GPS location tracking
Heart rate data
Calorie data
Medical records
Biometric identifiers
Continuous health monitoring
We practice strict data minimization.
C. Account Information
Guest Users:
Device UUID
Player name
Registered Users:
Email address
Authentication metadata
Admins:
Name
Organization details
Administrative activity logs
4. Special Category Data
Basic workout activity may be considered health-related under certain laws.
Where applicable, we process such data:
Only with explicit user consent
Solely for gamification purposes
Not for medical analysis, insurance profiling, or health diagnostics
5. How We Use Information
Calculate XP and rankings
Assign team placements
Display leaderboards
Provide aggregated insights to Company Admins
Improve service reliability
Company Admins receive participation metrics but do not receive raw health platform data.
6. International Data Transfers
Personal data may be transferred to and processed in Singapore.
Where required by GDPR or similar laws, we implement:
Standard Contractual Clauses (SCCs)
Contractual safeguards
Appropriate security measures
7. Data Sharing
We do not sell personal data.
We do not share activity data with advertisers.
We may share data:
With service providers under contractual safeguards
With Company Admins (limited to game-related metrics)
When legally required
Under CCPA/CPRA, we do not “sell” or “share” personal information as defined by law.
8. Marketing & Outreach
We may conduct B2B outreach using publicly available business contact information under legitimate interest, where permitted by law.
All outreach communications include an opt-out mechanism.
9. Data Retention
We retain personal data:
For as long as your account remains active
As required by law
As necessary for legitimate business purposes
Guest data is permanently lost if the associated device UUID is lost.
10. Your Rights
Depending on your jurisdiction, you may have the right to:
Access your data
Correct inaccurate data
Request deletion
Restrict processing
Data portability
Object to processing
Withdraw consent
Lodge complaints with supervisory authorities
Requests may be sent to:
support@hapivity.com
11. Data Security
We implement:
Encryption in transit
Role-based access control
Row-Level Security
Secure authentication systems
Limited production access
While we apply reasonable safeguards, no system can guarantee absolute security.
12. Children’s Privacy
The Service is not intended for children under 13 (or local equivalent age).
We do not knowingly collect data from children without appropriate consent.
13. Updates
We may update this Privacy Policy periodically. Material changes will be communicated via the app or website.
Continued use constitutes acceptance of updates.
