How HappySupport protects your data
Is HappySupport GDPR compliant?
Yes. HappySupport processes customer data only within the European Union and signs a Data Processing Agreement (DPA) with you under Art. 28 GDPR. Access to your GitHub is read-only, sensitive data is encrypted, and your content is not used to train AI. The individual points are in the sections below, from hosting through encryption to deletion.
What access does HappySupport have to our GitHub?
Read-only, and only the repos you choose.
- Access is scoped to specific GitHub repositories, not your whole account.
- You choose which repos are connected.
- The connection uses OAuth, a GitHub App, or a Personal Access Token, whichever fits your setup.
- You can revoke access at any time directly from your GitHub.
Why read-only is enough: HappyAgent reads the code diffs from your releases to spot which guides have gone out of date, then suggests updates. HappySupport writes nothing back to your repository.
Where is our data hosted?
Only in the EU, most of it in Germany. Application, database, and file storage sit in German data centers. No transfer to a third country happens without your prior consent.
| Provider | Service | Location |
|---|---|---|
| Netcup | Application hosting | Nuremberg, Germany |
| AWS | File storage (S3) | Frankfurt, Germany (eu-central-1) |
| Neon | Database (PostgreSQL) | Frankfurt, Germany |
| AWS and Azure | LLM processing | Frankfurt (DE) and Sweden (EU) |
| Browserbase | Browser automation | Frankfurt, Germany |
| Langfuse | LLM observability | Ireland (AWS eu-west-1) |
| Stripe | Payment processing | EU and global (PCI-DSS Level 1) |
The full subprocessor list is available on request.
How is our data encrypted?
- In transit: all connections use TLS (HTTPS).
- At rest: server-side encryption on the Neon database and AWS S3 object storage.
Who can access our data internally?
- Strict per-organization tenant isolation at the query layer. Your data is separated from every other organization's.
Does HappySupport use our data to train AI?
No. There is no training on customer data. This is contractually confirmed with OpenAI, Anthropic, and Browserbase, which exclude customer content from third-party model training. LLM processing runs in EU data centers in Frankfurt and Sweden.
What happens in a security incident?
HappySupport commits to notifying affected customers without undue delay, and within 72 hours of becoming aware, of any security incident that may affect their data (analogous to Art. 33 GDPR). Notifications include: nature and scope, affected data categories, mitigations taken, and a contact for follow-up.
What happens to our data if we cancel?
Once there is no active subscription, all data is deleted from the server. At the end of the contract, HappySupport returns the processed data to you or destroys it in line with data protection rules. A deletion log is available on request. The only exception is data subject to a statutory retention period.
How can we prove compliance for an audit?
- DPA: a Data Processing Agreement under Art. 28 GDPR with HappySupport UG (haftungsbeschränkt) can be signed at any time.
- Data protection officer: one is appointed. Contact details are in the DPA.
- Audit rights: you have the right to review the technical and organizational measures, including information, attestations, and certification evidence.
- Subprocessors: the full list is available on request.
- ISO: an ISO certification is on the roadmap for 2026.
Powered by happysupport.ai