Privacy Policy

1. Information We Collect

a. Account and profile information

When you sign in with Google or Apple, our backend receives a verified sign-in token and extracts your email address and name from it. With Apple, your name is provided only on first sign-in, and you may choose to hide your real email (Apple relays a private address). We never receive your Google or Apple password.

You may also add profile details, including: name, age, gender, who you’re interested in, profile photo, and time zone.

b. People you add (“connections”)

Details you enter about people you’re talking to — such as name, gender, relationship stage, platform, and notes.

c. Content you upload for AI analysis (“User Content”)

Images you choose to upload — dating profile screenshots and conversation screenshots — and any free-text context, “vibe,” or “energy” you provide. These images are uploaded directly to our cloud storage (Amazon Web Services S3) using short-lived, pre-signed links; the image files themselves are stored there and referenced by our backend to generate your suggestions.

d. Approximate location

If you grant permission, the App reads your approximate (city-level) location and sends the coordinates to our backend, which resolves them to a city and region. We use this only to understand the regional and cultural context of where you’re dating so we can make your suggestions feel more natural — not to track your precise movements. Location is optional, checked only around sign-in, and refreshed only if you’ve moved roughly a kilometer or more. The App is fully usable without it, and you can revoke the permission at any time in your device settings.

e. Subscription information

We use RevenueCat to manage subscriptions purchased through the Apple App Store or Google Play. We receive your subscription status, tier, and transaction identifiers tied to your account. We never receive or store your payment card details — those are handled solely by Apple or Google.

f. Usage and analytics data

Via Amplitude, we collect product-interaction events (screens viewed, suggestions generated, copied, or regenerated, and similar actions), associated with your account user ID and a device/installation identifier. We have disabled IP-address collection in Amplitude.

g. Diagnostics

Via Sentry, we collect crash reports, error logs, and limited performance traces (sampled) to keep the App stable. These reports are associated with your account user ID so we can debug issues affecting you.

h. Push notification token

If you enable notifications, we register a Firebase Cloud Messaging device token with our backend so we can send you reminders and updates. You can disable notifications at any time in your device settings.

2. How We Use Information

We use your information to:

• Provide the core Service — process your uploaded screenshots and context to generate AI suggestions, openers, replies, and insights;
• Create and manage your account, profile, and subscription;
• Personalize features and surface location-relevant content (if enabled);
• Send service-related and, where permitted, promotional notifications;
• Analyze usage to understand and improve the App;
• Detect, prevent, and address fraud, abuse, security, and technical issues;
• Comply with legal obligations and enforce our Terms.

Legal bases (EEA/UK users). We rely on: performance of our contract with you (to provide the Service); your consent (location, photo access, any special-category data, and marketing); compliance with legal obligations; and our legitimate interests in operating, securing, and improving the Service.

3. Content About Other People

Whoopt lets you upload screenshots of conversations and profiles that contain information about other people. You are responsible for ensuring you have the legal right to share that content with us. Laws in some regions restrict recording or sharing private communications and may require all parties’ consent. Do not upload content you are not legally permitted to share. If you believe someone uploaded your information without authorization, contact us at support@whoopt.app and we will investigate.

4. How AI Processing Works

To generate suggestions, the context and image references you submit are sent to our backend and analyzed by third-party AI providers — currently Anthropic and OpenAI. These providers process your content solely to analyze it and return suggestions to us. We do not use your content, and our AI providers do not use it under their standard API terms, to train AI models. Providers may retain content only transiently as needed to deliver the service and for abuse monitoring, in accordance with their own policies.

AI-generated suggestions are produced automatically, may be inaccurate, and are not professional advice. You decide what to send and are responsible for your messages.

5. Photos and Media Permissions

The App accesses photos only when you choose to upload them for analysis. We access the specific images you select — we do not scan or index your photo library. You can revoke photo access at any time in your device settings.

6. How We Share Information

We do not sell your personal information, and we do not “share” it for cross-context behavioral advertising. We disclose information only to:

• Service providers / sub-processors, including:
  • Google and Apple — sign-in / authentication;
  • Amazon Web Services (S3) — storage of uploaded images and data;
  • Anthropic and OpenAI — AI suggestion generation;
  • RevenueCat — subscription management;
  • Amplitude — product analytics;
  • Sentry — crash and error monitoring;
  • Firebase Cloud Messaging (Google) — push notifications.
• Legal and safety — when required by law or legal process, or to protect the rights, safety, and property of Whoopt, our users, or others.
• Business transfers — in connection with a merger, acquisition, or asset sale, subject to this Policy.

A current list of sub-processors is available on request at support@whoopt.app.

7. Data Retention

We retain your personal information for as long as your account remains active, so the App keeps working for you — your profile, connections, history, and insights persist between sessions and are not automatically deleted while your account exists. When you delete your account from Profile → Account in the App, we delete your account data, normally within 30 days, except where we must keep limited records to meet legal obligations.

8. Your Rights and Choices

Depending on where you live, you may have rights to access, correct, delete, port, or restrict processing of your personal information, to object to certain processing, and to withdraw consent.

• In-app controls. Update your profile, manage location/photo/notification permissions, and delete your account from within the App.
• California (CCPA/CPRA). You may request access to or deletion of your personal information, and you have the right to non-discrimination for exercising these rights. We do not sell or “share” personal information for cross-context behavioral advertising.
• EEA/UK (GDPR). You may exercise the rights above and lodge a complaint with your local supervisory authority.
• India (DPDP Act, 2023). We process your personal data based on your consent or other lawful grounds under India’s Digital Personal Data Protection Act, 2023. You have the right to access and correct your data, to withdraw consent, to erasure, to nominate another individual to exercise your rights in the event of your death or incapacity, and to grievance redressal. To exercise these rights or raise a concern, contact our Grievance Officer (see Section 16).

To make a request, contact support@whoopt.app. We may need to verify your identity.

9. Security

We use administrative, technical, and organizational measures designed to protect your information, including encryption in transit (HTTPS/TLS) and time-limited, pre-signed links for image uploads. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. Children’s Privacy

Whoopt is intended only for users 18 years of age or older (or the age of majority in your jurisdiction). We do not knowingly collect personal information from anyone under 18 and will delete it if discovered. If you believe a minor has provided us information, contact support@whoopt.app.

11. Sensitive Information

Some details you provide — such as who you’re interested in, or the contents of conversations you upload — may reveal information that certain laws treat as sensitive or “special category” (for example, data that can indicate sexual orientation under the GDPR). Where we process such information, we rely on your explicit consent, which you may withdraw at any time by editing your profile, deleting the relevant content, or deleting your account.

12. International Data Transfers

We are based in India and process and store information in India, the United States, and other countries where our service providers operate (for example, our AI, storage, analytics, and monitoring providers). Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

13. Third-Party Links and Services

The App may link to third-party sites or services we do not control. Their privacy practices are governed by their own policies.

14. Changes to This Policy

We may update this Policy from time to time. We will revise the “Last updated” date and, for material changes, provide additional notice in the App or by other means. Your continued use after changes take effect constitutes acceptance.

15. Contact Us

Whoopt — operated by Balakrishnan P (India)
Support: support@whoopt.app
Technical/privacy: dev@whoopt.app

16. Grievance Officer (India)

In accordance with India’s Digital Personal Data Protection Act, 2023 and applicable IT rules, you may contact our Grievance Officer for any questions, requests, or complaints about your personal data:

We will acknowledge and address grievances within the timelines required by applicable law.