Logo

Privacy Policy

Whimper — Privacy Policy
Last updated : 11 June 2025

This Privacy Policy (“Policy”) explains how Whimper (“we,” “us,” or “our”) collects, uses, stores, and shares information when you (“you” or “user”) access or use the Whimper app, website, or any related features (“Services”). If you do not agree with this Policy, please do not use the Services.

1. What data we collect

Contact data
• Display name and e-mail address (if you sign in or contact support).
• Retention — kept until you delete your account or 24 months after your last activity, whichever comes first.

Internet / network activity
• IP address, device identifiers (IDFA / AAID), timezone, language, pages viewed, interaction timestamps.
• Retention — aggregated or anonymised as soon as practicable.

User-supplied content
• Text you paste or type and any images you upload to generate AI suggestions.
• Retention — deleted within 30 days of upload unless needed to fulfil your request or meet legal obligations.

Long-term retention is extended only where the law requires it (e.g., fraud prevention, tax, or litigation holds).

2. Why we collect data and our legal bases

  1. Account creation and management
     Legal basis — contract performance (GDPR Art. 6 (1)(b)).
     We need basic credentials so you can sign in and sync settings.

  2. Core AI chat-coaching features
     Legal basis — contract performance.
     Your pasted text and optional images power reply generation; we never use uploads for facial recognition or identity.

  3. Service improvement and debugging
     Legal basis — legitimate interest (Art. 6 (1)(f)).
     We analyse aggregated usage to fix bugs and improve relevance; raw logs are anonymised quickly.

  4. Product e-mails about similar features
     Legal basis — legitimate interest.
     You can opt out at any time via in-app settings or the unsubscribe link.

  5. Personalised offers or experimental features
     Legal basis — consent (Art. 6 (1)(a)).
     Only active if you enable “personalised tips” in Settings.

  6. Legal compliance, fraud prevention, or rights defence
     Legal basis — legal obligation or legitimate interest.
     We may keep minimal records for up to 10 years where required.

3. How we process and protect information

Data is transmitted over encrypted connections (TLS) and stored on secure servers in the European Economic Area (EEA). We apply strict technical and organisational safeguards to prevent unauthorised access, loss, or misuse.

4. International transfers

If data must leave the EEA, we rely on GDPR-approved mechanisms such as adequacy decisions or Standard Contractual Clauses.

5. Sharing and disclosure

We never sell your personal data. We share it only:
• With vetted service providers (cloud hosting, analytics, payment processors) bound by confidentiality agreements.
• As part of a corporate transaction (e.g., merger or acquisition) with privacy protections in place.
• With legal or regulatory authorities when required by law or to protect rights, safety, or property.

6. Your rights

Depending on your location, you may:
• Access, correct, or delete your data.
• Restrict or object to certain processing.
• Receive a portable copy of information you provided.
• Lodge a complaint with your local supervisory authority.

You can exercise these rights in-app under Settings › Privacy or by e-mailing support@whimper.app (please write from the same e-mail used to log in so we can verify you).

7. California Consumer Privacy Act (CCPA) notice

In the past 12 months, we have collected the categories listed in Section 1 and disclosed them only as described in Section 5. California residents may, after verification:

  1. Request details of personal information collected, used, or disclosed.

  2. Ask us to delete personal information.

  3. Opt out of any “sale” (we do not sell data).

  4. Exercise these rights without discrimination.

Submit requests via Settings › Privacy › California Request or e-mail support@whimper.app

8. Children

The Services are not directed to anyone under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided information, contact us so we can delete it.

9. Security

We follow industry-standard practices such as encryption in transit and at rest, strict access controls, and regular security audits. No system is 100 % secure; please keep your password safe and report any suspected unauthorised activity immediately.

10. Changes to this Policy

We may update this Policy periodically. Significant changes will be announced in-app or on our website before they take effect; the “Last updated” date will always show the latest version. Continued use of the Services after changes means you accept the revised Policy.

11. Contact

For privacy questions or requests, e-mail support@whimper.app