Legal

Privacy Policy

Last updated: 2026-04-16

Summary: HappyNikki.io respects your privacy. We collect only the data needed to run your account, deliver the products you use, and process payments. We do not sell, rent, or trade your personal data. We do not run third-party advertising or behavioral tracking. This policy explains exactly what is collected, why, and how you can remove it.

On this page

Scope & who we are
Data we collect
How we use your data
Third-party services
Cookies & local storage
DMCA Harvester (Chrome extension)
Data retention
Your rights
Security
Children
Changes to this policy
Contact

1. Scope & who we are

This policy applies to the HappyNikki.io website (happynikki.io), the HappyNikki.io account system, and all software products published under HappyNikki.io — including the DMCA Harvester Chrome extension. HappyNikki.io is operated as an independent project. References to "we", "us", or "our" mean HappyNikki.io.

2. Data we collect

Account data

Email address — required to create an account, log in, send transactional emails (verification, password reset, license activation, billing notifications), and contact you for support.
Display name — optional, used to personalize the dashboard and emails.
Password — only stored as a salted bcrypt hash. We never see or store your plaintext password. If you sign in with Google, no password is stored at all.
Google account identifier — if you use "Sign in with Google", we receive your verified email address and Google user ID. We do not request access to Gmail, Drive, Calendar, Contacts, or any other Google service.

Subscription & billing data

Subscription status, plan, renewal dates — stored in our database to determine which features you can use.
Payment history (amount, date, currency, Stripe transaction ID) — stored for accounting and to display your receipts.
Credit card details — NEVER stored on our servers. All card data is collected and processed by Stripe directly via Stripe Checkout. We only receive the result of the transaction.

Device data (for license enforcement)

Device fingerprint — a hashed identifier derived from non-sensitive browser properties (browser, operating system, screen resolution, timezone). Used to enforce the 3-device-per-license limit and to display your "Activated Devices" list. The fingerprint is not linkable across websites and is not shared with any third party.
Friendly device name — a human-readable label such as "Chrome 146 on Windows 11", derived from your browser's user agent. Used only to help you identify which devices are yours when managing your license.

Diagnostic data

Server logs — like every web server, ours records request URLs, IP addresses, user agents, and timestamps for the standard purposes of security, abuse prevention, and debugging. These logs are rotated and discarded on a routine schedule.
We do NOT use Google Analytics, Facebook Pixel, or any third-party behavioral tracking. We operate our own internal analytics for traffic counts and product usage metrics, with no cross-site tracking.

3. How we use your data

We use the data described above only for the following purposes:

Account management — letting you log in, recover your password, verify your email, and manage your subscription.
Service delivery — letting paid features (such as automated DMCA email sending) work for licensed users only.
Payment processing — through Stripe; see Section 4.
Transactional email — verification, password reset, license activation, payment receipts, payment failure notifications, subscription cancellation confirmation. We do not send marketing email without your explicit opt-in.
Support — responding to your messages when you contact us.
Security & abuse prevention — rate limiting, fraud detection, and protecting accounts from unauthorized access.
Legal compliance — when required by law or legal process.

We do not use your data for advertising, behavioral profiling, or training machine-learning models.

4. Third-party services

We use the following third-party services to operate HappyNikki.io. Each one is listed with what data they receive and a link to their privacy policy.

Stripe (payment processor) — receives your email, name, billing address, and credit card details when you purchase a subscription. Stripe handles all card data directly; we never see card numbers. Stripe Privacy Policy.
Google (Sign in with Google) — if you choose Google sign-in, Google authenticates you and returns your verified email and user ID to us. We do not request any other Google scopes. Google Privacy Policy.
Google reCAPTCHA — used on the login, registration, and password-reset forms to prevent automated abuse. reCAPTCHA may set cookies and collect device data per Google's privacy policy.
Email delivery — transactional emails are sent from [email protected] via standard SMTP. The recipient address is the only data passed.

We do not share your data with any other third parties. We do not sell user data to data brokers, advertisers, or anyone else.

5. Cookies & local storage

HappyNikki.io uses a small number of essential cookies and local storage entries. We do not use any tracking, advertising, or analytics cookies.

hn_user_token — your login session cookie. Set when you log in, cleared when you log out. HttpOnly, Secure, SameSite. This is the only cookie we set for your account.
reCAPTCHA cookies — set by Google on auth pages to detect automated abuse. Managed by Google.
Stripe cookies — set by Stripe on the Stripe Checkout page (not on our domain) for fraud prevention and session continuity.

6. DMCA Harvester (Chrome extension)

The DMCA Harvester Chrome extension is one of our products. It is installed locally in your browser and exchanges a small amount of data with happynikki.io to deliver paid features. This section is the canonical privacy disclosure for the extension and matches the data-handling declarations made on its Chrome Web Store listing.

What the extension stores locally on your device

Your contact details for DMCA templates — name, organization, address, artist name, IP role. Saved in chrome.storage.local so the extension can pre-fill DMCA takedown notices. This data never leaves your browser. It is not transmitted to our servers or any third party. It is included in the email body only when you click "SEND EMAILS" and your local email client opens with a pre-filled message.
Harvest filter rules and bookmark lists — saved in chrome.storage.sync so they're available across your Chrome instances. Synced through Chrome's own infrastructure, not ours.
Cached account state — your login email, license status, and subscription details, mirrored from happynikki.io after each popup open. Cleared automatically when you log out. Used only to render the extension UI offline-friendly.
Device fingerprint — generated locally and cached, used as your identifier when calling our API.

What the extension sends to our server

Login session cookie — read from your existing happynikki.io login cookie via chrome.cookies, sent with each API call so we can verify you're authenticated.
Device fingerprint & friendly device name — sent on each popup open so we can update the "Activated Devices" list on your dashboard and enforce the per-license device limit.
Harvested URLs — sent only when you click "SEND EMAILS". Our server uses them to compose the grouped DMCA email drafts and returns the resulting mailto: URLs to your browser. The harvested URLs are not retained on our server after the response is returned. They exist only in memory during the request.

What the extension does NOT do

It does not read or analyze the content of any web page. It only collects URLs from open tabs (and only when you explicitly click "CURRENT TAB" or "ALL TABS"), or from links you click via the right-click drag-select harvester.
It does not automatically send any email. Every DMCA email is composed and opened in your local email client for you to review and send manually.
It does not collect telemetry, behavioral data, or product usage analytics.
It does not sell or share data with anyone.
It does not load or execute any remote code. All extension code is bundled with the package, in compliance with Chrome Web Store policy.

Why each Chrome permission is requested

tabs — to read URLs from your open browser tabs when you click "CURRENT TAB" or "ALL TABS" to harvest links.
storage — to save your harvest settings, bookmarks, DMCA template fields, and account state locally.
cookies — to read your existing happynikki.io session cookie to authenticate API requests.
scripting — to inject a tiny clipboard helper into the active tab when you copy harvested URLs to your clipboard.
clipboardWrite — to copy harvested URLs to your system clipboard when you click "COPY".
notifications — to show a brief desktop notification when a background URL resolution job completes.
sidePanel — so the extension can open as a Chrome side panel (alongside the popup mode).
<all_urls> host permission — required so you can harvest links on any website where you find piracy of your own content. The extension does not access page content beyond what you explicitly action.

7. Data retention

Account data — kept while your account is active. Deleted within 7 days of account deletion request.
Payment history — kept for 7 years for accounting and tax compliance, even after account deletion.
Login session cookies — until you log out or the cookie expires.
Device fingerprints — until you remove the device from your dashboard.
Harvested URLs sent to the compose endpoint — not retained. Held in memory only for the duration of the request.
Server logs — rotated on a routine schedule (typically 30 days).

8. Your rights

You have the following rights regarding your personal data, regardless of which jurisdiction you live in:

Access — request a copy of the data we hold about you. Email [email protected].
Correction — update your name, email, or other account details from your dashboard.
Deletion — request full account deletion. We will delete your account and all associated data within 7 days, except payment history which is retained for legal compliance.
Data portability — request an export of your data in a machine-readable format.
Withdraw consent — log out of any device, uninstall the extension, or delete your account at any time.
Lodge a complaint — if you believe we have mishandled your data, you may contact your local data protection authority.

9. Security

We protect your data using industry-standard practices: HTTPS for all traffic, bcrypt password hashing, prepared SQL statements to prevent injection, CSRF protection, rate limiting on auth endpoints, reCAPTCHA on public forms, and HttpOnly + Secure + SameSite session cookies. No system is perfectly secure, and we cannot guarantee absolute security, but we continuously work to keep your data safe.

10. Children

HappyNikki.io is not directed to children under 13, and we do not knowingly collect data from children under 13. If you believe a child has provided personal data to us, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this privacy policy from time to time. The "Last updated" date at the top of this page reflects the most recent change. Material changes will be announced via email to active users and via a prominent notice on the website. Your continued use of HappyNikki.io after a change constitutes acceptance of the revised policy.

12. Contact

Questions, requests, or complaints about this privacy policy or how we handle your data can be sent to:

Email: [email protected]
Website: https://happynikki.io

We respond to privacy requests within 30 days.