For full detail, our SOC 2 report is the best resource.
At a high level, we follow strict internal access policies to ensure that only the necessary team members can view customer-specific data.
All access to your HubSpot portal uses OAuth with industry-standard authentication. Requests are logged and monitored as part of our ongoing operational reviews.
Customer data is only lightly processed on our servers in the United States. We intentionally keep stored data to the bare minimum. The only information we retain is the list of HubSpot users who have access to the event•hapily admin interface.
All event data, including records created through our app, is stored directly in HubSpot according to HubSpot’s infrastructure and compliance standards. We do not currently support EU or UK alternatives for data storage or processing.
No.
We do not use subcontractors for customer data handling. The third-party sub-processors listed on our website support platform-level operations but do not act as subcontractors with direct access to customer data.
Our privacy and security framework follows the same control structure we use for our SOC 2 alignment. This includes strict data handling processes, controlled system access, and regular security reviews.
These safeguards support compliance with UK GDPR and other applicable data protection requirements.
Because we store very little data, segregation is simple and controlled. Any customer information we do retain is partitioned by HubSpot portal ID, keeping each environment isolated and properly separated.
For customers who need deeper detail, our SOC 2 documentation provides the full technical breakdown.
If you have questions about a specific security concern, our team is always available to help at care@hapily.com.