Privacy Policy

Last updated: March 2026

Hapnd collects the minimum data needed to run the platform. We don't sell your data, we don't serve ads, and we don't do anything clever with your event data. It's yours.

Who we are

Hapnd is a product of Lightest Night, a company registered in England. When we say "Hapnd", "we", "us", or "our", we mean Lightest Night operating the Hapnd platform at hapnd.dev.

Two roles, clearly separated

This matters. We act in two distinct capacities:

As a data controller, for your account information. Your name, email, billing details. We decide what we collect and why.

As a data processor, for the event data you push through the platform. Your events, your aggregates, your projections. You decide what goes in. We store it, compute against it, and return it to you. We don't inspect it, mine it, or use it for anything other than running your workloads.

What we collect

Account data
Name, email address, and authentication credentials (managed by our auth provider). If you're on a paid plan, billing information processed by our payment provider. We never see or store full card numbers.
Event data
The events, aggregates, reducer logic, and projection logic you send to the platform. This is your business data. We store it to operate the service.
Usage data
Event counts, API call volumes, error rates, and compute metrics. We use these for billing, capacity planning, and keeping the platform healthy.
Log data
IP addresses, request timestamps, user agent strings, and API endpoint paths. Standard operational data for security monitoring and debugging.

Why we collect it

  • To operate and deliver the platform to you
  • To authenticate you and secure your account
  • To bill you accurately
  • To monitor, maintain, and improve platform reliability
  • To detect and prevent abuse or security threats
  • To communicate with you about the service (outages, breaking changes, security notices)

We don't use your data for advertising, profiling, or training machine learning models.

Where data is processed

Hapnd runs on Cloudflare's global edge network. Your requests are routed to the nearest Cloudflare point of presence, which means data may be processed in multiple regions depending on where you're making requests from.

Durable storage (events, projections, platform state) is managed by Cloudflare's infrastructure. We don't operate our own data centres or choose specific regions for storage. Cloudflare determines data placement based on their infrastructure architecture.

Third parties

We use a small number of third-party services to operate the platform:

Cloudflare
Infrastructure, compute, storage, CDN, and DDoS protection
Clerk
Authentication and identity management
Resend
Transactional email (service notifications only)
Payment provider
Payment processing for paid plans

We don't share your data with anyone else. We don't use analytics platforms, advertising networks, or tracking pixels.

Data retention

Account data
Retained while your account is active. If you close your account, we delete your data within 30 days, except where we're required by law to retain it (for example, billing records).
Event data
Retained while your account is active. When you delete aggregates or close your account, event data is permanently removed. We don't keep copies.
Log data
Retained for up to 90 days for security and debugging purposes, then automatically deleted.

Your rights

Regardless of where you are, you can:

  • Access your data (ask us what we hold)
  • Export your event data (your data is always available through the API)
  • Delete your account and all associated data
  • Correct inaccurate account information

If you're in the UK, EEA, or another jurisdiction with specific data protection legislation (GDPR, UK GDPR, LGPD, POPIA, etc.), you may have additional rights including the right to restrict processing, object to processing, or lodge a complaint with your local supervisory authority.

To exercise any of these rights, email us at the address below.

Cookies

hapnd.dev (website)
May use cookies for authentication, session management, and site functionality such as remembering preferences. If we introduce any non-essential cookies (for example, analytics to understand how visitors use the site), we'll ask for your consent first.
Hapnd platform (API and dashboard)
Uses only strictly necessary cookies for authentication and session management. No tracking, no analytics, no third-party cookies.

We'll never use advertising cookies anywhere.

Security

We take security seriously. It's foundational to the platform, not an afterthought. Customer code goes through a three-layer security model (compile-time analysis, cryptographic signature verification, and container isolation). Platform access is encrypted in transit. Authentication is handled by a dedicated identity provider.

If you discover a security vulnerability, please contact us privately at the address below.

Children

Hapnd is a developer platform. We don't knowingly collect data from anyone under 16. If we discover we have, we'll delete it immediately.

Changes to this policy

If we make material changes, we'll notify you via the email on your account before they take effect. The "last updated" date at the top always reflects the current version.

Contact

For anything related to this policy or your data, email us at [email protected].