Skip to content

Legal

Privacy notice

Last updated 2026-07-17.

Draft — pending owner review

This document describes the site's current practices in plain language. Owner-input placeholders appear as [OWNER: …] and must be filled before this page is treated as final legal text.

This notice explains what the World Happiness Foundation ("WHF", "we") collects when you use worldhappiness.foundation and related properties, why we collect it, and the choices you have. We write from the same abundance we practice: we collect only what we need to serve the mission.

Who we are

  • Legal entity: [OWNER: legal entity name]
  • Registration: [OWNER: registration / EIN number]
  • Registered address: [OWNER: registered mailing address, incl. country]
  • Privacy contact: privacy@worldhappiness.foundation
  • Data Protection Officer: [OWNER: Data Protection Officer name & email — optional]

What we collect and why

1. Anonymous website analytics

We use Google Analytics 4 with IP anonymization on and advertising signals off. We do not collect cross-site tracking data and we honour the browser signals Do Not Track and Global Privacy Control — if either is set, no analytics load. Analytics is only enabled on the production domain worldhappiness.foundation. Events we send:

  • Page views (path, referrer, language, screen size).
  • Anonymous interaction events: navigation clicks, search queries as keywords only, RSVP attempts, checkout starts, newsletter signups, share actions, AI companion opens.
  • We never send personally identifiable text (email, name, or the content of AI questions) to Google.

2. Account & profile data (Members)

When you create an account we store, in our database (Supabase / Lovable Cloud):

  • Email address (from Supabase Auth).
  • Fields you optionally provide in your profile: display name, pronouns, city, country, bio, social links, role/expertise tags, offering & contribution notes, preferred language, avatar image.
  • Whether you opted your profile into the public Directory, and whether an admin has approved it.
  • Bookmarks: essays and podcast episodes you saved.
  • Event RSVPs and Agora group memberships.

3. Newsletter subscribers

If you subscribe: email address, chosen language, source page, interest tags you selected, and confirmation status. Confirmation is opt-in (double opt-in). Each newsletter includes a one-click unsubscribe link.

4. Payments

Payments are processed by Stripe. Card details are entered on Stripe's own hosted form and never touch our servers. From Stripe we receive and store: subscription and one-time payment records (product, price, status, period, environment), the Stripe customer id linked to your account, and — for access control — a record of which entitlements your purchase granted. We do not store card numbers, CVCs, or bank details.

5. AI companion

When you ask the WHF AI companion (Ask the Foundation, Explain this passage): your question is sent through the Lovable AI Gateway to the model provider (currently Google Gemini). For signed-in members we persist the question and answer to ai_threads / ai_messages so you can revisit your own conversations from the portal; you can delete any thread. For anonymous visitors the exchange is not stored with any identity. We separately record anonymous usage counters (endpoint name, hashed IP, hashed session, request/response size) for rate-limiting and cost control — the question text itself is not written to that counter.

6. Contact form & email

When you write to us: your email, name, and message are sent to our inbox and used to reply. Confirmation emails are sent from our email domain via Lovable's managed email infrastructure.

Third parties we share data with

  • Google (Analytics 4) — anonymized page views and events on the production domain only.
  • Stripe — for payment processing and subscription management.
  • Supabase (via Lovable Cloud) — hosts our database, authentication, and file storage.
  • Lovable AI Gateway and its upstream model providers (currently Google Gemini) — for AI companion responses.
  • Lovable managed email — for transactional and newsletter delivery.

We do not sell personal data. We do not use it for advertising.

Retention

  • Analytics: retained by Google for the default GA4 window (14 months).
  • Account & profile: retained while your account exists. Deleting your account (see below) removes it.
  • Newsletter: retained until you unsubscribe; unsubscribed rows are kept only to honour the suppression.
  • Payments & entitlements: retained for as long as required by accounting and tax obligations. If you delete your account, the user identifier on these rows is nullified, but the transaction record itself is retained (anonymized).
  • AI conversations: retained until you delete the thread or your account.

Your rights

You can, from your portal:

  • Download your data — a JSON export of your profile, bookmarks, RSVPs, memberships, entitlements, and subscription metadata.
  • Delete your account — a confirm-twice flow removes your profile, bookmarks, RSVPs, memberships, and newsletter subscription. Purchase records are anonymized (see Retention).
  • Unsubscribe — one click in any newsletter.
  • Correction & access — edit your profile from the portal, or write to privacy@worldhappiness.foundation for anything the portal does not cover.

Security

Row-level security is enforced on every table containing user-owned data; each row is only readable by the user it belongs to (with narrow public exceptions for opted-in Directory profiles). Payment card data never touches our systems. Stripe webhooks are verified by HMAC signature. Admin routes are gated on a server-side secret.

Governing law

[OWNER: governing law / jurisdiction]

Changes

When this notice changes materially we will post a note at the top and, for account holders, send an email. Continued use after a change means you accept it.

Contact

Privacy questions: privacy@worldhappiness.foundation. General support: hello@worldhappiness.foundation. Postal: [OWNER: registered mailing address, incl. country].