At HappyLoop, we want you to know one important thing:
We can't see your data, and we don't want to
Our system is built so that we can't look at your personal or business info. Your data stays yours—always. We never share it, sell it, or use it for anything else.
When you interact with our system, we create a temporary database specifically for your session. This database is completely destroyed once your conversation ends, ensuring no data is stored. Additionally, to further safeguard your information, we only send a data schema to our AI layer, not your actual data. This means that your data remains secure and confidential at all times.
By leveraging OAuth protocols, we ensure your data remains locked down during the integration process. With HappyLoop, you never have to worry about compromising security for functionality—you get both.
HappyLoop is designed to meet rigorous security standards, including GDPR, ensuring that your data is handled with the highest level of care and compliance with European data protection regulations.
HappyLoop is also SOC 2 certified. This certification ensures we adhere to the industry’s best practices for security, availability, processing integrity, confidentiality, and privacy.
We handle your data with the utmost care and we comply with international regulations.
See our Terms and Conditions for details.
Your data resides in world-class data centers that are continuously monitored and audited.
We partner only with trusted cloud service providers to ensure the highest levels of security compliance.
Microsoft Azure Compliance Offerings
AWS SOC 3 Report
Security isn't just a feature; it's a constant practice. HappyLoop employs real-time monitoring systems that are always on the lookout for any unusual or suspicious activity.
Should anything out of the ordinary be detected, our systems are designed to act swiftly to neutralize any potential threats, giving you peace of mind around the clock.
With HappyLoop, you’re in the driver’s seat. Our Adaptive Access Control adjusts to the unique needs of your business and team.
You grant only the permissions that are absolutely necessary for each team member or client. This minimizes the attack surface, enhancing the security of your valuable data.
Our robust, multi-layer architecture ensures that your data is fortified at every level. From firewalls to advanced intrusion detection systems, we've got you covered.
Your trust is paramount to us. HappyLoop is built on a foundation of transparency, providing you with full visibility into how your data is used.
Features like detailed logging and action history reviews empower you to have greater control over your business information.
No. All session data is processed in-memory and is immediately destroyed once the session ends.
Visualizations are stored securely in AWS under the customer’s account. Only metadata (e.g., API endpoints, filters, query structures) is saved — not the actual data. Access is restricted to authorized users.
Dashboards store only the operations and instructions for retrieving data, not the data itself. These configurations are saved securely in our database and retained for as long as the customer account is active.
Yes. Exported files are processed in-memory and either downloaded directly or temporarily stored in secure AWS infrastructure. Temporary files automatically expire within 24 hours.
All data is processed within HappyLoop’s U.S.-based AWS infrastructure using ephemeral AWS Lambda databases. Data is never stored or shared with Arist during or after analysis.
All customer-related data and configurations are permanently deleted in accordance with GDPR and SOC 2 standards. Nothing is retained beyond legally required retention periods.
No. HappyLoop does not use customer data for training, fine-tuning, or feedback loops. Our AI models are fully insulated from customer usage, we just log questions and answers for troubleshooting purposes.
By default, no customer data is sent to third-party AI providers. In rare cases involving chained API requests, minimal data (e.g., an ID returned from one endpoint) may be passed to the next operation builder. Customers can choose to run all processing internally to avoid external exposure entirely.
Yes. Where third-party APIs are used for infrastructure, all data retention and training options are explicitly opted out of. However, we do not send any customer data to external AI models by default.
All data is processed and stored within AWS regions located in the United States.
Yes. All customer data is confined to U.S.-based AWS infrastructure unless a customer explicitly requests otherwise.
Yes. Query logs are maintained for observability and auditability in line with SOC 2. Logs include metadata only and never include payload content or personally identifiable information (PII).
We do not connect to customer databases directly. Instead, data is accessed via APIs using credentials provided by the customer. These credentials are salted, encrypted, and stored securely. We support time-limited credentials and can handle token-based or expiring access (e.g., via secure CURLs).
Yes. Customers can configure both role-based and organization-based access controls to manage which users can access AI capabilities.
We display exactly what is being analyzed in real time. Only schema-level metadata is analyzed unless explicit authorization is given to process raw values.
Yes. We proactively notify customers via email and in-app messages before any material changes to AI vendors, data handling, or privacy/security policies are enacted.
