The fastest way to lose someone's trust is to be vague about their data. So this post is the opposite of vague. It is a complete walkthrough of what Happening stores, where it lives, who can see it, and the things we deliberately chose not to do. If there is anything in here that surprises you or worries you, please tell us. The only way to be trustworthy is to be wrong out loud and then fix it.
The minimum we need
To run Happening, we need a small handful of things:
- An email address, so we can reach you and so you can recover your account.
- A display name, so your friends can see who you are.
- An optional profile picture.
- The events you create or are invited to.
- The dates you mark as available within those events.
- Your friends list.
That is almost everything. We do not ask for your phone number, your date of birth, your contacts, or anything else we don't need. The app does not request any device permissions on first run beyond what is technically necessary to display notifications.
There is one thing we do collect that we want to be upfront about. When you use Happening, our server sees the IP address your request came from. We use that for rough location: roughly which city or region you are in. That is how features like finding friends nearby can work at all. We do not ask for precise GPS, we do not pull location permissions from your phone, and we do not build a history of where you have been. The IP itself is not kept in a profile that gets attached to your events or shown to other users.
What we don't store
This is the part that matters more than the list above.
We do not currently read your device calendar. Right now, Happening does not pull data from Google Calendar, Apple Calendar, or any other calendar you keep on your phone. You choose the dates you are available by tapping them yourself. Calendar integration is on the roadmap as an opt-in feature, because a lot of people have asked for it and I want to build it properly, but it will always be something you turn on, never something that happens quietly in the background. Until it ships, the availability you mark in Happening lives in Happening only.
We do not track your GPS. Events have names, not coordinates. As covered above, we do use your IP address to get a rough sense of where you are so that proximity features can work, but we do not ask for precise location permissions and we do not keep a history of your movements. If you want to coordinate where to meet for a specific event, you do that in your group chat or in the conversation that happens after Happening has done its job.
We do not have an analytics SDK in the app. No PostHog, no Mixpanel, no Segment, no Firebase. If we ever add anything like that, we will say so explicitly in this blog and in the privacy policy on the same day.
We do not sell or share data with advertisers. There are no ads in Happening. There is no advertising business model. There is no scenario in which your event data is given to a third party for marketing purposes, ever. The product is paid for by us, for now, and one day will be paid for by a small premium tier with extra features. You and your data are not the product.
We do not send marketing emails. The only emails Happening will ever send you are: account verification, password resets, and event-related notifications you have opted into. There is no newsletter. If we ever want to send you product news, we will ask first.
Who can see your events
The visibility model is deliberately simple, because complicated permission systems are how data leaks happen.
For any event:
- The host can see the full event, including who has responded and what they said.
- Each invitee can see the event, the host's name, the date range, and the aggregated availability counts. They cannot see who else has been invited unless the host turns on a "show attendees" toggle.
- Nobody else can see anything. There is no public discovery, no friends-of-friends visibility, no "people you may know" pipeline.
If you mark yourself as available on a date, that information is visible to the host. It is not visible to other invitees, and it is not visible outside the event. When the event is over, that data sticks around in your account history (so you can look it up later), but it is never aggregated across events into some "Marcus's typical availability" profile. We don't build that profile. We don't want it.
How long we keep things
Active events live as long as you want them to. You can delete an event at any time, and when you do, it is removed from the database, not just hidden from view. The same goes for your account: deleting your account deletes the underlying data, with the exception of audit logs we are legally required to keep for things like billing.
If your account has been inactive for a long time and you have not enabled any premium features, we may eventually delete it after warning you by email. The exact threshold is in the privacy policy. The point is: we don't want to be sitting on data we don't need.
Where things live
Happening's backend runs on infrastructure in the European Union. Data is encrypted at rest and in transit. Backups are encrypted. Access to production systems is limited to a very small number of people and is audited. Passwords are hashed using bcrypt with a high work factor. Refresh tokens are stored as HTTP-only secure cookies. None of this is unusual. It is all table stakes for a modern web application. I want to say it out loud anyway, because "we take security seriously" without specifics is meaningless.
The honest caveats
I want to end on the things that aren't perfect, because pretending everything is perfect is how trust gets broken.
Happening is a small product run by a small team. We do not have a dedicated security team. We rely on standard libraries, sensible defaults, regular dependency updates, and an incident response plan that boils down to "tell users immediately, fix it fast, write up what happened". If something does go wrong, and at some point in any product's life something will, you will hear about it from us in plain language, with a clear account of what happened and what we are doing about it.
If you ever want to know what we have on file for you, or want it deleted, or want to ask a question about anything in this post, the email address at the bottom of the privacy policy is a real inbox that I personally read. Privacy isn't a feature you ship once. It's a posture you maintain, and it requires a way for users to talk to you when something looks wrong.
Thank you for trusting us with your social calendar. We know how much that matters.