Privacy Policy

Last updated: February 22, 2026

HAPIVITY PRIVACY POLICY

Last Updated: February 22, 2026

Hapivity Sdn. Bhd. (“Hapivity,” “we,” “our,” or “us”) is committed to protecting your personal data.

We operate in compliance with:

  • Malaysia Personal Data Protection Act (PDPA)

  • Singapore PDPA

  • EU General Data Protection Regulation (GDPR)

  • UK GDPR

  • California Consumer Privacy Act (CCPA/CPRA)

  • Other applicable data protection laws

1. Who We Are

Hapivity Sdn. Bhd. is incorporated in Malaysia.
Our primary hosting infrastructure is located in Singapore.

For organizational (B2B) deployments, we may act as a Data Processor.
For direct users, we act as Data Controller.

2. Legal Basis for Processing (GDPR)

We process personal data under one or more of the following:

  • Consent (e.g., connecting Apple Health or Google Health Connect)

  • Performance of contract

  • Legitimate interest (platform operation, fraud prevention)

  • Legal obligations

You may withdraw consent at any time by disconnecting health integrations.

3. Information We Collect

A. Activity Data (XP Engine)

If you voluntarily connect Apple Health (iOS) or Google Health Connect (Android), we read only:

  • Activity type

  • Duration

  • Distance

  • Timestamp

We do not access your full health profile.

B. We Do NOT Collect

  • GPS location tracking

  • Heart rate data

  • Calorie data

  • Medical records

  • Biometric identifiers

  • Continuous health monitoring

We practice strict data minimization.

C. Account Information

Guest Users:

  • Device UUID

  • Player name

Registered Users:

  • Email address

  • Authentication metadata

Admins:

  • Name

  • Organization details

  • Administrative activity logs

4. Special Category Data

Basic workout activity may be considered health-related under certain laws.

Where applicable, we process such data:

  • Only with explicit user consent

  • Solely for gamification purposes

  • Not for medical analysis, insurance profiling, or health diagnostics

5. How We Use Information

  • Calculate XP and rankings

  • Assign team placements

  • Display leaderboards

  • Provide aggregated insights to Company Admins

  • Improve service reliability

Company Admins receive participation metrics but do not receive raw health platform data.

6. International Data Transfers

Personal data may be transferred to and processed in Singapore.

Where required by GDPR or similar laws, we implement:

  • Standard Contractual Clauses (SCCs)

  • Contractual safeguards

  • Appropriate security measures

7. Data Sharing

We do not sell personal data.

We do not share activity data with advertisers.

We may share data:

  • With service providers under contractual safeguards

  • With Company Admins (limited to game-related metrics)

  • When legally required

Under CCPA/CPRA, we do not “sell” or “share” personal information as defined by law.

8. Marketing & Outreach

We may conduct B2B outreach using publicly available business contact information under legitimate interest, where permitted by law.

All outreach communications include an opt-out mechanism.

9. Data Retention

We retain personal data:

  • For as long as your account remains active

  • As required by law

  • As necessary for legitimate business purposes

Guest data is permanently lost if the associated device UUID is lost.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your data

  • Correct inaccurate data

  • Request deletion

  • Restrict processing

  • Data portability

  • Object to processing

  • Withdraw consent

  • Lodge complaints with supervisory authorities

Requests may be sent to:
support@hapivity.com

11. Data Security

We implement:

  • Encryption in transit

  • Role-based access control

  • Row-Level Security

  • Secure authentication systems

  • Limited production access

While we apply reasonable safeguards, no system can guarantee absolute security.

12. Children’s Privacy

The Service is not intended for children under 13 (or local equivalent age).

We do not knowingly collect data from children without appropriate consent.

13. Updates

We may update this Privacy Policy periodically. Material changes will be communicated via the app or website.

Continued use constitutes acceptance of updates.

Ready to manage your money smarter?

Start your journey to smarter spending and better saving — it only takes 2 minutes.

Happy woman in a green sweater holding a phone and looking up

Ready to manage your money smarter?

Start your journey to smarter spending and better saving — it only takes 2 minutes.

Happy woman in a green sweater holding a phone and looking up