HAPIVITY PRIVACY POLICY

Hapivity Sdn. Bhd. (“Hapivity,” “we,” “our,” or “us”) provides a gamified wellness platform. We are committed to protecting your privacy and complying with the Malaysia Personal Data Protection Act (PDPA), Singapore PDPA, GDPR, and CCPA.

1. Roles and Scope

• Direct Users (B2C): We act as the Data Controller for individuals who download our app directly.

• Organizations (B2B): For corporate games managed via our admin portal (play.hapivity.com), we act as a Data Processor. The employer/organization is the Data Controller.

• Admin Portal: We collect professional contact data from administrators who manage games on behalf of their organizations.

2. Information We Collect

A. Health & Activity Data (App Users)

If you grant permission via Apple Health (HealthKit) or Google Health Connect, we access:

• Activity Metrics: Steps, duration, distance, and activity type (e.g., walking, running).

• Purpose: To calculate XP, rankings, and challenge progress.

• Limited Use Disclosure: Our use of information received from Health Connect adheres to the Health Connect Permissions Policy, including Limited Use requirements. We do not use this data for advertising or sell it to third parties.

B. Automated Tracking (Website & App)

We use Google Analytics 4 (GA4) on our website and apps to understand user behavior.

• Data Collected: Interaction data, approximate location (city-level), and device identifiers.

• Privacy Feature: We use GA4’s default IP masking and do not store raw IP addresses.

• Cookies: Our website uses cookies to manage sessions. You can opt-out via browser settings or our consent banner.

C. Account & Admin Information

• Players: Email (for registered users), Player Name, and Device UUID (for guest users).

• Admins: Name, business email, and organization details provided at play.hapivity.com.

What we NEVER collect: GPS/Fine location tracking, Heart Rate, Medical Records, or Biometric data.

3. Legal Basis for Processing

We process data based on:

1. Consent: Explicitly granted for health data and cookies.

2. Contract: To provide the game services you or your employer signed up for.

3. Legitimate Interest: To prevent fraud, secure the admin portal, and improve our platform.

4. How We Share Data

• With Organizations: If you join a corporate challenge, your Organization Admin sees your Game Progress (XP, rank, team stats) but never your raw health platform data.

• With Service Providers: We use trusted partners who are contractually bound to protect your data.

• No Sale of Data: We do not sell, rent, or trade your personal data to third parties.

5. International Data Transfers

Our primary servers are in Singapore. For users in Malaysia, the EU, or the UK, we ensure transfers comply with local laws (such as Malaysia’s 2024 PDPA amendments and GDPR Standard Contractual Clauses) to maintain a high level of protection.

6. Data Retention & Deletion

• Active Accounts: We keep data as long as your account is active.

• Inactive Accounts: We may anonymize or delete trial/inactive account data after 12 months of inactivity.

• Guest Data: If you delete the app as a guest user, your data is permanently lost as it is tied to your Device UUID.

• Deletion Requests: You can request data deletion at any time by emailing support@hapivity.com.

7. Your Rights (PDPA & GDPR)

Depending on your location, you have the right to:

• Access & Correct your personal data.

• Data Portability (requesting a transfer of your data to another service).

• Withdraw Consent (e.g., by disconnecting Apple Health/Google Health Connect in settings).

• Lodge a Complaint with the Malaysia PDPC or your local authority.

8. Security

We implement Row-Level Security (RLS) and Encryption in Transit (SSL/TLS). Access to production data is restricted to essential personnel only.

9. Contact Us

For any privacy concerns or to contact our Data Protection Lead: Hapivity Sdn. Bhd. Email: support@hapivity.com Website: www.hapivity.com