FREE SHIPPING ON ALL ORDERS!

PRIVACY POLICY

This website is owned and operated by NURTURE, INC DBA HAPPYFAMILY. At HAPPYFAMILY, we recognize that visitors to our site may be concerned about the information they provide to us and how we handle that information. We’ve prepared this website Privacy Policy to address those concerns. This policy relates to information collected through this website and our Facebook page.

Personally-Identifiable Information

On our website and on Facebook, we may collect certain personally-identifiable information about our online visitors. Personally-identifiable information relates to an individual consumer – for example, name, address, telephone number and e-mail address. You may provide personally-identifiable information, for example, by entering a promotion. We don’t require you to register or provide personally-identifiable information to view our site or access much of its content. Here are the ways we collect personally-identifiable information.

Contests, Sweepstakes and Games

Our site and our Facebook page contain notices of contests, sweepstakes and games we are conducting, which you may enter electronically in some cases. We use the information you provide to conduct the promotion (for example, to contact you if you’re a winner). We won’t use the information you for any other purpose unless you’ve agreed otherwise.

Other Site Features

We offer visitors to our website various features for their enjoyment, which we change from time to time. We may ask you to submit certain personally-identifiable information so we can provide you with these features.

Aggregate and Non-Personal Information

We collect certain aggregate and non-personal information when you visit our website. Aggregate and non-personal information does not relate to a single, identifiable visitor. It tells us how many users visited our site or the pages accessed. By collecting this information, we learn how to best tailor our website to our visitors. We collect this information through “cookie” technology, as explained below.

Cookies

Like many companies, we use “cookies” on our website. Cookies are bits of text that are placed on your computer’s hard drive when you visit certain websites. Cookies may enhance your online experience by saving your preferences while you are visiting a particular site.

When you visit our website, cookies are placed on your computer. We use cookies to tell us, for example, whether you’ve visited us before or if you’re a new visitor. We collect this information to enhance your experience on our website.

How We Use Personally-Identifiable Information

If you ask to be contacted by us, we may use the information you provide to contact you from time to time. For example, we may (i) send you promotional materials and other communications you request, (ii) respond to your comments or questions, or (iii) contact you if needed while processing service you requested through our website.
We also use personally-identifiable information about you to improve our website features and content and to analyze website usage. In addition, we use personally-identifiable information for market research purposes. We also may use personally-identifiable information about you to deliver content that is customized to your interests as we understand from the information you’ve provided to us and your activities on the site.

How We Share Personally-Identifiable Information

Except as described below, we don’t sell, transfer or otherwise disclose to third parties the personally-identifiable information we collect on this website or on Facebook without your prior consent. We disclose information where we think it’s necessary to investigate or prevent an actual or suspected crime or injury to ourselves or others or where disclosure is required by law. We also may disclose information in response to a request from law enforcement authorities or other government officials.

On our website and on Facebook, we may conduct joint promotions with other companies. We may share with our promotional partners (and their service providers) certain personally-identifiable information as necessary to conduct the promotion. We will not share this information with our promotional partners for any other purpose unless you tell us it’s ok to do so.

We reserve the right to transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to require that the transferee use personal information provided through this website or through Facebook in a manner that is consistent with this Privacy Policy.

Links to Other Websites

This website or our Facebook page may contain links to other websites. We provide these links solely for your convenience and information. Different websites have different privacy practices. You should always check the privacy policy of the specific site you’re visiting to understand the privacy practices associated with that site.

Children’s Privacy

Some portions of our website and Facebook page may be directed to kids under 13. In these areas of our website, our conduct is governed by federal law and regulations that address children’s online privacy.
We do not knowingly collect personally-identifiable information from kids under 13 on our website or Facebook page. We sometimes offer promotions on our website and Facebook page, such as contests or sweepstakes. We may permit a child to enter promotions directed to children by submitting a first name and e-mail address only, along with the name and e-mail address of the child’s parent. We then notify the parent about the child’s entry and offer the parent an opportunity to withdraw the entry and remove the submitted information from our database. If the parent permits the child’s participation in the promotion and the child wins, we contact the parent (not the child) for further information needed for any prize delivery. Unless the parent has explicitly consented, we do not (i) use the child’s personal information for any purpose other than to complete the promotion or (ii) share the information with third parties except as described above in this Privacy Policy. We do not retain the child’s or the parent’s personally-identifiable information in our database unless the parent has given us permission to do so.

Upon proper identification, a parent may review any personal information we have collected from his or her child if we still have the information in our database. The parent also may request that the child’s information be deleted from our database and may refuse to permit further collection or use of the child’s information. If you are a parent and wish to exercise these rights, please contact us as described below.

How We Protect Personally-Identifiable Information

The security of personally-identifiable information is important to us. We maintain administrative, technical and physical safeguards to protect against unauthorized use, disclosure, alteration or destruction of the personally-identifiable information we collect on this website and on Facebook.

Updates to This Privacy Policy

We may change or update portions of this Privacy Policy at any time. Please check back from time to time so you are aware of any changes or updates to the Policy. We will indicate the Policy’s effective date on the first page of the Policy.

Use Signifies Acceptance

Your use of Happy Family’s website and/or Facebook page signifies that you agree to the terms of this Privacy Policy.

How to Contact Us

If you have any questions about this Privacy Policy, you can contact us at:

HAPPYFAMILY
40 Fulton St. FL 17
New York, NY 10038
Attention: Website Administrator

+1 (212) 374-2779, 9am – 5pm Eastern Time, Monday through Friday, excluding holidays.

 

CHARGEBEE SECURITY POLICIES & PROCEDURES

About Chargebee

Chargebee offers Subscription Management and Recurring Billing Solution for online businesses across various industries. Businesses can automate billing, invoicing and payments collection using Chargebee as their extended solution on the cloud. Businesses can leverage Chargebee's highly secure, scalable system to provide a great billing experience to their customers.
We take security very seriously and we continuously look for opportunities to make improvements.

PCI Compliance

Chargebee is PCI-DSS Level 1 Service Provider

The Payment Card Industry Data Security Standard (PCI DSS) is a set of policies and procedures that have to be followed by the organizations that process, store or transmit card data. The PCI Security Standards Council is governed by the five major payment card brands - American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc.

Physical & Network Security

We use Amazon's AWS platform and infrastructure for Chargebee. Chargebee employees do not have any physical access to our production environment.

Here are more details about security setup of AWS.

“Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, with military grade perimeter control berms. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in. They are also continually escorted by authorized staff.”

In addition to physical security, being on AWS platform also provides us significant protection against traditional network security issues on the infrastructure such as

  • Distributed Denial Of Service (DDoS) Attacks
  • Man In the Middle (MITM) Attacks
  • IP Spoofing
  • Port Scanning
  • Packet sniffing by other tenants

Administrative operations

We use two factor authentication for access to all our administrative operations including both infrastructure and Chargebee service. Administrative privileges are restricted to very few employees. Additionally both application level roles and AWS roles are used to ensure only required operations are allowed for specific users.

Any administrative access are automatically logged and mailed. A detailed information on when/why the operations are carried out are documented and notified to the security team before doing any changes in the production environment.

Host Security

SSH keys are required to gain console access to our servers and each login is identified by a user. All critical operations are logged to a central log server. In addition our servers can be accessed only from restricted IPs.

Hosts are segmented and access are restricted based on functionality. That is, application requests are allowed only from AWS ELB and database servers can be accessed only from application servers.

Application Security

Secure Access: Chargebee application servers can be accessed only via HTTPS. We use industry standard encryption for data traversing to and from the application servers.

XSS: All user inputs are properly encoded when displayed to ensure XSS vulnerabilities are avoided.

CSRF: All POST requests are checked for CSRF token before processing the request.

SQL Injection: We use prepared statements for database access to avoid SQL Injection.

Encrypted Data Storage: We do not store sensitive card details on any Chargebee network. The keys for various third party services (like payment gateway) are stored in our database in encrypted form.

Vulnerability Scanning & Patching

We periodically check and apply patches for third party software/services. As & when vulnerabilities are discovered we apply the fixes. We do periodic vulnerability scanning using the services of an authorized QSA.

Data Storage & Redundancy

We use Amazon's RDS for database. The automated backup feature is configured for RDS. We backup data for upto 30 days. We have configured amazon RDS in Multi-AZ which provides enhanced availability and durability. Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. More details here.

Monitoring

We use both internal and multiple external monitoring services to monitor Chargebee. Our monitoring system will alert the Operations & Security Team through emails and phone calls if there are any errors or abnormality in the request pattern.

Disclosure

We are working continuously to make our system secure. If you find any security issues, please submit it to security@chargebee.com. We take security as our highest priority. We will make sure the issue is fixed and updated at the earliest.