Privacy policy

Happypath AS (Norwegian organisation number 935 422 191), Colletts gate 43, 0456 Oslo, Norway, is the data controller for the processing described in this notice, except where we solely process personal data on behalf of a customer or partner—in those cases the customer may be the controller for relevant datasets.

For privacy questions or requests, contact us at hello@happypath.no.

This policy describes how we handle personal data on this marketing website (happypath.no), including newsletter signup, contact requests, embedded mapping demos, language preferences, optional third-party sign-in flows linked from the site, and aggregated statistics displayed publicly.

Happypath also operates separate web and companion experiences—including internal collection tools (Happypath™ Collection / Entry), a Partner Portal for API access and integration management, residential and commercial property manager portals, courier-facing navigation experiences (web and native companion shell), and a demo integration application. Those products process operational and location-related data under applicable agreements, authentication rules, and access controls. This policy summarizes typical categories of processing so you know what to expect; additional terms or notices may apply when you use a specific product.

We use HubSpot for marketing automation, forms, and CRM. The site loads HubSpot JavaScript (for example from hs-scripts.com). HubSpot may set cookies (such as hubspotutk), collect device and usage signals, and help us attribute visits to campaigns.

Processing by HubSpot is also described in HubSpot’s privacy notice. Marketing emails are sent in line with applicable rules (for example consent or legitimate interest, depending on the activity), and you can unsubscribe using the link in each marketing email where that applies.

When you use our contact or newsletter forms, we collect the information you submit (such as name and email address). These submissions are sent from our servers to HubSpot using secure server-side integrations.

We may include contextual metadata that helps attribute and secure the request—for example the page URL, page title, and HubSpot visitor token when that cookie is present—so we can reduce spam and understand which part of the site you contacted us from.

Some pages load interactive maps (for example using Google Maps). When you interact with a map, the map provider may process technical data such as IP address, device information, and interaction events under that provider’s privacy policy.

Figures shown on the marketing site (such as high-level counts related to doors, paths, or metadata in our dataset) are loaded from an API that returns aggregated metrics only. These responses are not designed to identify individuals.

Where we offer sign-in with Vipps for certain resident-oriented flows, Vipps MobilePay facilitates authentication. We receive the limited profile details needed to complete the login or onboarding step you started. Vipps’s own privacy information explains how they process data during authentication.

Across our product surfaces we may process personal data needed to operate accounts and permissions—for example email address, profile or role information, organization or customer association, API keys or tokens where applicable, and audit-relevant technical logs.

Operational datasets can include geospatial and building-access metadata (such as entrance locations, paths, access instructions, and related feedback) required to deliver navigation, property workflows, and integrations. Access is enforced with authentication, tenant scoping, and database policies appropriate to each application.

Common technical components include Supabase (hosted PostgreSQL, authentication, and real-time features for several apps); mapping providers such as Google Maps and Mapbox where maps are shown; application monitoring and error reporting (for example Sentry, including session replay in some internal/administrative interfaces); payment processing where payout-related features use providers such as Stripe; and our own APIs for directions, assets, and integration examples.

Courier and navigation experiences may request device location only when needed for routing or on-site guidance and where you grant permission in the browser or operating system. The native companion shell wraps the courier web experience with WebView features such as cookies and geolocation enabled for continuity with the web application.

The Happypath™ Companion mobile apps (including the Android build you distribute through Google Play) may request permission to use the device camera. Camera access is used only when you actively choose to capture a new photo—for example when contributing optional images related to an entrance, path, or delivery context. If you do not grant camera permission, you can still use other parts of the app; only features that require taking a new photo will be limited.

You may also be able to pick an existing image from your photo library using the system image picker. Depending on your device and operating system version, that can involve separate storage or media library permissions; those prompts are controlled by the platform and are only used to let you select an image you already have.

When you submit a photo, the image (and any caption or related metadata you provide in the app) is uploaded over HTTPS to Happypath’s systems as part of your signed-in contribution or correction workflow, so it can be processed and used to improve operational location and access information. We do not use the camera in the background and we do not access the camera for unrelated advertising purposes.

We use trusted service providers (hosting, CRM, analytics and communications, mapping, authentication, payments, and security tooling) to run our services. They may process personal data on our instructions and under contractual safeguards.

We may also disclose information where required by law, or to protect the rights, safety, and security of our users, our services, or the public.

Some providers may store or process data outside Norway or the European Economic Area. Where such transfers occur, we rely on appropriate mechanisms under applicable law, such as the EU Standard Contractual Clauses and vendor compliance programmes.

We retain personal data only as long as necessary for the purposes described in this policy, including legal, tax, accounting, or security requirements. Marketing contact records follow HubSpot configuration and our data housekeeping practices.

Depending on applicable law (including the GDPR where it applies), you may have the right to access, rectify, erase, restrict processing, object to certain processing, data portability, and to withdraw consent where processing is based on consent.

You may lodge a complaint with a supervisory authority. In Norway the supervisory authority is Datatilsynet (www.datatilsynet.no).

We may update this privacy policy from time to time. The current version is always available on this page with the “Last updated” date above.