Privacy Policy
Last updated: June 19, 2026
This Privacy Policy describes how JustHappend (“we,” “us”) handles information when you use our service. We built JustHappend with a minimal-data philosophy — we collect what we need to operate, and nothing more.
1. What we collect
Account information. When you register, we collect your email address and a hashed password. Your display name is auto-generated from your email prefix at signup; you can update it. We store your account verification status.
Captured media. When you capture and submit a moment (photo or video), the media file and associated metadata (timestamp, optional caption, coarse city) are stored. We store only content you explicitly submit — we do not access your camera outside of an active capture session, and we do not access your device photo library.
Location — coarse only.If you choose to attach a location to a moment, we store the city name (e.g. “Mumbai” or “London”). We do not store, transmit, or expose precise GPS coordinates anywhere in the service. Location is always optional.
Session data. We maintain a session token linked to your account to keep you signed in. Anonymous sessions (before account creation) exist for Trade preview flows and are not linked to any personal information.
Connection graph. We store which accounts have accepted mutual connections (for Timeline participation). We do not expose your connection list publicly.
Technical logs. Standard server logs include IP addresses, request timestamps, and basic device/browser metadata. These are used for security, abuse prevention, and debugging. They are not linked to your content or profile for any other purpose.
2. What we do not collect
- We do not track behaviour across third-party websites or apps.
- We do not collect or store precise GPS coordinates.
- We do not access your camera roll, existing photos, or any media you did not explicitly submit.
- We do not build advertising profiles or interest graphs.
- We do not use your moments or account data to train AI or machine-learning models.
- We do not read your private messages — Timelines are private and only visible to their members.
3. How we use information
- Delivering the service: showing your Timeline, routing Trade moments, managing connections.
- Account security: verifying your email, preventing unauthorised access, and enforcing rate limits.
- Safety and moderation: detecting and removing content that violates our Content Policy.
- Transactional communications: email verification, password reset, critical security notices. We do not send marketing emails.
- Legal compliance: responding to valid legal requests, complying with applicable law, and protecting rights.
- Service improvement: aggregate, anonymous usage data (e.g. error rates, feature adoption) to improve the product.
4. The Trade — anonymity in practice
The Anonymous Trade feature is designed to be contactless by default. When you participate in a Trade:
- Your identity (account ID, display name, email) is never shared with the other party.
- Only your coarse location (city name) and the media itself are exchanged.
- Trade moments self-destruct within 24 hours. Once deleted, we do not retain the media.
- We maintain an internal record sufficient to enforce abuse policies (e.g. if a Trade moment is reported), but this is never exposed externally.
Even in an abuse investigation, we do not reveal trade partners to each other. We act as the intermediary. Law enforcement requests follow the process described below.
5. Sharing with third parties
We share information only in the following limited circumstances:
- Infrastructure providers: cloud hosting (compute, database, object storage) and CDN providers process data to deliver the service. They operate under data processing agreements.
- Email delivery: a transactional email service sends verification and security emails on our behalf.
- Legal process: if required by a valid court order, subpoena, or binding legal process, we may disclose information. We will attempt to notify you unless legally prohibited.
- Safety emergencies: we may disclose information without legal process if we believe disclosure is necessary to prevent imminent harm to a person.
- Business transfers: if JustHappend is acquired or merges, your information may transfer to the successor. We will notify you before your data becomes subject to a different privacy policy.
We do not sell, rent, or trade your personal information to any party for any purpose.
6. Retention
We retain your account and submitted moments for as long as your account is active. You may delete your account at any time, after which we remove your profile and moments from the live service. Deletion may take up to 30 days to fully propagate through backups.
Trade moments are deleted automatically within 24 hours of the trade window closing, regardless of account status.
Technical logs are retained for up to 90 days for security purposes, then deleted.
7. Your rights and choices
Depending on your location, you may have rights to access, correct, delete, or export your personal information. To exercise these rights, use in-app account settings or contact us at the address below. We will respond within 30 days.
You can revoke camera permissions at any time via your device settings. You can delete your account from the profile settings screen. You can block any connection at any time.
8. Security
We use industry-standard security practices: encrypted connections (HTTPS/TLS), hashed passwords (never stored in plain text), access controls, and rate limiting on sensitive endpoints. No security measure is perfect — if you discover a vulnerability, please disclose it responsibly via the contact details below.
9. Cookies and local storage
We use a small number of functional cookies and browser local storage to maintain your session. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. See our Cookie Policy for details.
10. Children
The service is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has registered, contact us and we will promptly delete the account.
11. International transfers
JustHappend operates globally. Your information may be stored or processed in countries outside your own, including countries whose data protection laws differ from yours. We take reasonable steps to ensure appropriate safeguards are in place for such transfers.
12. Changes to this policy
We may update this Privacy Policy. Material changes will be communicated via in-app notice or email at least 14 days before taking effect.
13. Contact
For privacy questions or data requests, contact us through the in-app support channel or the contact details provided on the site. For EU/UK residents: if you believe we have not handled your data lawfully, you have the right to complain to your local supervisory authority.