Legal
Data Processing Agreement
Effective date: March 14, 2026
This Data Processing Agreement ("DPA") forms part of the agreement between Happy Hear Audio ("Processor") and the operator using our platform ("Controller"). It governs the processing of personal data submitted to the Service by the Controller, as required by the EU General Data Protection Regulation (GDPR) and applicable data protection laws.
1. Definitions
"Personal Data" means any information relating to an identified or identifiable natural person, including voice recordings, names, email addresses, and event data uploaded to the Service.
"Processing" means any operation performed on Personal Data, including storage, retrieval, transmission, and deletion.
"Data Subject" means the natural persons whose Personal Data is processed (e.g., guests whose voices are recorded).
2. Scope and Purpose
The Controller (operator) submits Personal Data to the Service for the purpose of audio guestbook management: storing recordings, generating transcriptions, sharing galleries, and providing analytics.
Happy Hear Audio processes this data solely on behalf of and under the instructions of the Controller, and only for the purposes set out in this DPA and the Terms of Service.
3. Controller Responsibilities
The Controller represents and warrants that:
- It has a lawful basis for processing the Personal Data (including obtaining appropriate consent from Data Subjects where required)
- It has informed Data Subjects about the processing in accordance with applicable law
- It is authorized to instruct Happy Hear Audio to process the data on its behalf
4. Processor Obligations
Happy Hear Audio agrees to:
- Process Personal Data only on documented instructions from the Controller
- Ensure that personnel authorized to process the data are bound by confidentiality
- Implement appropriate technical and organizational security measures
- Not engage sub-processors without informing the Controller
- Assist the Controller in responding to Data Subject requests (access, deletion, correction)
- Delete or return all Personal Data upon termination of the agreement
- Make available all information necessary to demonstrate compliance
5. Sub-Processors
We use the following sub-processors to deliver the Service. By agreeing to this DPA, the Controller authorizes their use:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Supabase | Database & file storage | US / EU |
| Vercel | Hosting & compute | US / Global |
| OpenAI | Transcription & AI tagging | US |
| Auphonic | Audio noise reduction | EU (Austria) |
| Stripe | Payment processing | US |
We will notify Controllers of any changes to this list with reasonable advance notice.
6. International Transfers
Where Personal Data is transferred outside the EEA, Happy Hear Audio relies on Standard Contractual Clauses (SCCs) adopted by the European Commission, or other appropriate transfer mechanisms, to ensure adequate protection.
7. Data Security
We implement the following measures to protect Personal Data:
- Encryption in transit (TLS 1.2+) and at rest
- Access controls and authentication (Supabase Row Level Security)
- Regular security reviews
- Incident response procedures
8. Data Breach Notification
In the event of a personal data breach, we will notify the Controller without undue delay (and in any event within 72 hours of becoming aware) with all available information about the nature, scope, and impact of the breach.
9. Data Retention & Deletion
Personal Data is retained for as long as the Controller's account is active. Upon account termination or a written deletion request, all Personal Data is deleted within 30 days.
10. Governing Law
This DPA is governed by the laws of the State of California and, where applicable, by the GDPR and other applicable EU data protection laws.
11. Contact
For DPA-related inquiries or to exercise Data Subject rights, contact our Data Protection contact at hello@happyhearaudio.com.