isthishappinesssign in

Privacy Policy

Last updated: 2026-05-31

This policy describes what we collect, why, where it is stored, and what rights you have over it. It applies to everyone who uses this site, whether you are an email subscriber, a paying customer, or a visitor who closed the tab.

What We Collect

We collect the following categories of personal data:

  • Your email address, when you subscribe to an email list or purchase a program or product.
  • Account profile data, which includes: the primary concern you select during onboarding, the archetype you choose, your selected notification time, and a short free-text answer you provide to the question “why does this matter right now?” This free-text answer is used only to display back to you at reset moments and inside the Urge Protocol. It is not analyzed or reviewed.
  • Behavioral data generated by your use of the program: streak history, quest completions, Urge Protocol session timestamps, and reset events.
  • Technical metadata: your IP address, browser type, device type, and basic session data. This is captured automatically by Vercel and PostHog.
  • Error reports, which may include the URL where an error occurred and limited browser context. Sentry receives these.

We do not collect your name, phone number, mailing address, date of birth, geographic location beyond what is implied by IP, or any health or clinical information. The reset “what happened” text input is processed in your browser only and is never transmitted to or stored by us.

We do not store credit card numbers, bank account information, or any payment data. Paddle, as our merchant of record, handles all payment information directly.

Why We Collect It

We collect this data to operate the service. Specifically: to authenticate you when you log in, to deliver email communications to your inbox, to display your streak and Proof, to render the Urge Protocol, to diagnose and fix errors, and to understand which parts of the product are working.

We do not sell or share your personal data with third parties for marketing or advertising purposes. We never will. The only third parties who handle your data are the service providers listed below, and they handle it strictly to operate the service on our behalf.

Third-Party Services

We use the following service providers. Each receives only the data necessary for its specific function:

  • Supabase (Canada region): hosts the database that stores account profiles, streak history, and Reading subscriptions.
  • Vercel (United States): hosts the website code and serves all pages. Receives standard server logs including IP addresses.
  • Loops (United States): delivers transactional emails (purchase confirmations, account notifications) and email list broadcasts. Receives your email address and the content of those messages.
  • PostHog (United States): records anonymized page-view analytics and product usage events. We do not send personally identifying information beyond what is technically necessary to attribute events to a session.
  • Sentry (United States): receives technical error reports including the URL where an error occurred and limited browser metadata.
  • Paddle.com Market Ltd. (Ireland, with US and UK operations): processes all purchases as merchant of record. Paddle, not we, receives and stores your payment information. Paddle’s privacy policy governs the data they hold.

We do not share data with any other third parties. We do not use advertising trackers, retargeting pixels on the authenticated app surface, or social media tracking.

Cookies

We use minimal essential cookies for session authentication. PostHog uses cookies to attribute analytics events to a session. Full details, including how to disable analytics cookies, are in our Cookie Policy.

Data Security

All data is transmitted over HTTPS. Our database uses row-level security, meaning users can access only their own data. Access to service provider accounts is restricted to named accounts with multi-factor authentication enabled.

We use commercially reasonable security measures. We cannot, however, guarantee absolute security against every possible threat. You are responsible for protecting your login credentials and notifying us at hey@isthishappiness.com if you believe your account has been compromised.

Retention and Deletion

We retain your data for the lifetime of your account, plus 90 days after closure. After this period, all personally identifying data is deleted automatically.

You may delete your account and all associated data at any time from your account settings or by emailing hey@isthishappiness.com. Anonymized usage data, which cannot be associated with you after account deletion, may be retained indefinitely for product analytics.

If you receive a refund, your program account and data are deleted immediately upon refund completion. Any email subscription, if you have one, is unaffected and remains subject to separate unsubscribe controls.

Your Rights

You have the following rights regarding your personal data, available regardless of where you live:

  • Right of access: you can request a copy of all personal data we hold about you.
  • Right to rectification: you can request that we correct inaccurate or incomplete data.
  • Right to erasure: you can request that we delete your data.
  • Right to data portability: you can request your data in a portable, machine-readable format.
  • Right to restrict processing: you can ask us to limit how we use your data.
  • Right to object: you can object to specific uses of your data.
  • Right to lodge a complaint: you can complain to a data protection authority in your jurisdiction.

To exercise any of these rights, email hey@isthishappiness.com. We respond within 30 days. We will not discriminate against you for exercising any of these rights.

Regional Compliance

We comply with the General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).

If you are in the European Union or the United Kingdom: your data may be processed in Canada and the United States. Both jurisdictions are subject to data-protection regimes recognized as adequate or governed by Standard Contractual Clauses where applicable. You retain all rights under GDPR and UK GDPR.

If you are in California: you have the rights described above plus any additional rights conferred by the CCPA, including the right to know what categories of data we collect and the right to opt out of any sale of personal data. We do not sell personal data.

Not Medical Records

This program is a structured behavior-change tool. It is not medical or mental health treatment.

The data you enter — including your primary concern, your reason for using the program, and your streak and reset history — is not a clinical record. It is not protected health information under HIPAA in the United States or PHIPA in Canada. It is not reviewed or processed by any licensed clinician.

If you are seeking medical or mental health care, please consult a qualified professional. The crisis resources at the bottom of every page on this site will direct you to appropriate immediate help.

Children

This service is not directed at, and we do not knowingly collect personal data from, children under the age of 16. If you become aware that a child has provided us with personal data, please contact us and we will delete it.

Changes to This Policy

If we make material changes to this policy, we will notify subscribers by email and update the “Last updated” date above. Continued use of the service after a change constitutes acceptance of the updated policy.

Contact

Direct all privacy inquiries, data subject requests, and questions about this policy to hey@isthishappiness.com. We respond within 30 days, typically much sooner.