This Privacy Policy explains how Radu Sterie (“we”, “us”, or “our”) collects, uses, shares and protects your personal data when you use Whispair (the “App”) and any related services.
We act as the data controller for the processing of your personal data in connection with the App.
If you have any questions, you can contact us at:
whispair.dev@gmail.comRadu Sterie, Groningen, Robijnstraat 12
This Privacy Policy works together with our Terms of Use and Cookies Policy.
1. What this Privacy Policy covers
This Privacy Policy applies when you:
use the App;
visit our websites related to the App;
contact us (e.g., by email or in-app support);
take part in our surveys, promotions or beta programmes.
It does not apply to third-party websites, services or apps that may be linked from within the App. Those are governed by their own privacy policies.
2. The types of data we collect
We collect different types of data depending on how you use the App. Some of this data is provided directly by you; some is generated by your use of the App; some may be collected from third parties (like app stores or analytics providers).
2.1 Data you provide directly
Account and profile data
Username
Profile picture
Vibe “chips” or similar profile tags you select
One-liner introduction
Information you add to your profile “chapters” (photos, descriptions, answers to prompts)
Country or language preference (if you set it in the App)
Content you create
Voice messages you send as:
Global Whispers
1-on-1 chat messages
Photos you upload to your profile and chapters
Any text, audio or images you share as part of prompts, streaks or other features
Communications with us
Emails or messages you send to us (e.g., support requests, feedback, bug reports)
Data you provide when participating in surveys, promotions or beta tests
Reports and safety-related information
Content of reports and complaints you submit about Whispers or other users
Additional information you choose to provide when reporting (e.g., screenshots, descriptions)
2.2 Data we collect automatically
When you use the App, we automatically collect certain information about your device and how you use the App. This typically includes:
Device and technical data
Device type and model
Operating system and version
App version
Unique device identifiers (e.g., IDFA, GAID, or similar identifiers provided by your device or OS, where permitted)
Push notification tokens (e.g., a Firebase Cloud Messaging (FCM) registration token) and associated device/platform information used to deliver notifications
Language and time zone
IP address and approximate location (e.g., country or city, inferred from IP)
In-app pages/screens you view and actions you take
Interaction events (e.g., how often you open the App, session length, streaks, ranking-related actions)
Logs of errors or crashes (for example, via Firebase Crashlytics)
In-app analytics
How many likes your Whispers receive
How often your content is caught, liked, frozen, listened to
How many messages you send/receive with specific users (for chapter unlocking and safety)
We may use third-party analytics tools to help us collect and analyse this information (see Section 7).
2.3 Data from third parties
Depending on your device and permissions, we may receive data from:
App stores (e.g., Apple App Store, Google Play Store):
basic account info and transaction data (e.g., purchases, subscriptions, refunds);
Payment processors:
limited payment verification information (e.g., successful purchase, order ID);
Ad networks and analytics providers:
aggregated or pseudonymous data about ad performance, attribution and installations;
Social media or sign-in providers (if you choose to use them):
basic profile info such as name, email address, and profile picture (depending on the provider and permissions you grant).
We only receive what those third parties choose to share with us in accordance with their own privacy policies and your settings with them.
3. Why we use your data (purposes) and legal bases
Because Whispair is established in the Netherlands (EU), our processing of personal data in connection with providing the App is subject to the GDPR. Below is a summary of the purposes and corresponding legal bases.
3.1 To provide and operate the App
For example, to:
create and manage your account;
let you send, receive, like and freeze Whispers;
enable 1-on-1 turn-based voice chats;
manage TTLs for Whispers and messages;
unlock and lock profile chapters based on message counts;
maintain streaks, rankings, badges;
provide support and respond to your requests.
Legal basis:
Performance of a contract (Article 6(1)(b) GDPR)
Our legitimate interests in providing and improving the App (Article 6(1)(f) GDPR)
3.2 To personalise and improve the App
For example, to:
understand how users interact with the App;
optimise the interface, features and performance;
suggest relevant content or features (e.g., prompts, filters);
test and roll out new features.
Legal basis:
Our legitimate interests in analysing and improving our services (Article 6(1)(f) GDPR)
Where required for certain tracking, your consent (Article 6(1)(a) GDPR) – see also Cookies Policy.
3.3 To ensure safety, security and integrity
For example, to:
detect and prevent abuse, spam, fraud and illegal activity;
moderate content (including through AI/automated tools);
enforce our Terms of Use and the community rules set out in our Terms (see “Community rules”);
investigate and respond to reports and complaints;
protect the safety of our users and others.
Legal basis:
Our legitimate interests in keeping the App safe and secure (Article 6(1)(f) GDPR)
Contextual ads (no tracking / no profiling):
We may show ads based on the context of the App (for example, the screen you are viewing or non-tracking signals such as language or approximate region), without using advertising identifiers or tracking technologies to personalise ads.
Legal basis:
Our legitimate interests in funding and operating the App through advertising (Article 6(1)(f) GDPR)
Personalised ads, ad measurement, and attribution (tracking-based):
If we (or our partners) use cookies/SDKs or device identifiers (such as IDFA/GAID) to personalise ads, measure ad performance (e.g., conversions), or perform attribution, we will do so only where permitted and, in the EU/EEA/UK, only with your consent. Where applicable (e.g., iOS App Tracking Transparency), we will also rely on your device-level permissions.
Legal basis:
Your consent (Article 6(1)(a) GDPR) and, where applicable, consent under ePrivacy rules for storing/accessing information on your device (see Cookies Policy).
3.5 To offer and manage paid features
For example, to:
process in-app purchases and subscriptions;
enable premium features such as transcriptions, filters, increased limits or ad removal;
In general, we do not require you to provide special categories of personal data (e.g., data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, or sexual orientation).
However, you may sometimes choose to share such information in:
your voice messages (Whispers or 1-on-1 chats);
your profile chapters, photos, or prompt answers.
If you choose to include this type of information in your User Content, we will process it only to the extent needed to:
provide the App’s features (for example, letting other users hear your Whispers or chat messages, and displaying your profile/chapter content according to the App’s mechanics);
maintain safety and integrity (for example, handling reports and enforcing our rules); and
comply with legal obligations where applicable.
You should only share what you are comfortable making available to other users under the App’s mechanics and time-to-live rules.
5. How long we keep your data (retention)
We keep your personal data only for as long as necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law.
Because the App is built around TTL (time-to-live) and ephemerality, many types of content are stored for limited durations:
Global Whispers:
Available to other users for the TTL shown in the App (e.g., a few days), extended in some cases when liked.
After TTL expiry, Whispers are no longer accessible in the normal user interface. Copies may still exist in backups or logs for a limited period.
Frozen Whispers:
Accessible to the user who froze them for as long as the feature is available, or until they delete them, subject to our general retention policies and legal obligations.
1-on-1 chat voice messages:
Retained for a period shown in the App (e.g., 30 days per message) before expiring in the user interface.
Expired messages may still be temporarily stored in backups or logs.
Profile data and chapters:
Kept for as long as you have an account and do not delete or modify the information.
If you delete your account, we generally delete or anonymise your profile data within a reasonable period, subject to legal and safety-related retention.
Analytics and technical logs:
Retention periods vary but are typically limited to what is necessary for security, troubleshooting, analytics and service improvement (for example, a few months).
Reports and moderation data:
We may retain reports, associated content, and moderation records for longer periods where necessary to ensure the safety of the App, prevent repeated abuse, or comply with legal obligations.
When we no longer need personal data for the purposes described, we will either delete it, anonymise it or, if that is not possible, securely store it and isolate it from further use.
6. How we share your data
We do not sell your personal data. We may share your data in the following situations:
6.1 With other users of the App
The App is social by design. Depending on how you use it, other users may see:
Your Whispers, as determined by the App’s mechanics (including TTL, likes, and freezing);
Your profile picture when they reveal you as a Whisper sender;
Your introduction (profile picture, username, vibe chips, one-liner) when you start a 1-on-1 chat;
Your profile chapters, once unlocked based on the message thresholds and retaining enough unexpired messages;
Your voice messages in 1-on-1 chats;
Certain activity indicators (e.g., your rank or badges).
Always be mindful that the content you share may be heard or viewed by others in these ways.
6.2 With our service providers (processors)
We use carefully selected third-party service providers who process data on our behalf, such as:
Cloud hosting and infrastructure providers;
Analytics and crash-reporting tools;
Content delivery networks (CDNs);
Customer support and ticketing systems;
Email and push notification services;
Content moderation and safety tools (including AI-based moderation providers);
Payment processors and app stores;
Ad networks and measurement providers.
We require these providers to process personal data only in accordance with our instructions and applicable data protection laws, and to implement appropriate security measures.
6.2.1 Key third-party providers we currently use
Below are examples of key third parties used by Whispair at the time of this Privacy Policy. This list is not exhaustive and may change as we add, remove, or replace providers. For the most up-to-date information about ad technology partners, see the in-app Privacy Options screen (where available).
Google Mobile Ads (AdMob) and Google User Messaging Platform (UMP) – to display ads and manage ad-related consent choices (including in the EU/EEA/UK).
Google Firebase (Firebase Core, Firebase Cloud Messaging, and Firebase Crashlytics) – to support app infrastructure, register/store push notification tokens, deliver push notifications, and collect crash reports to help us diagnose and fix stability issues.
Google Analytics for Firebase – to understand how the App is used (feature usage, screens viewed, sessions, and similar interaction events) so we can measure and improve the App. In the EU/EEA/UK, this analytics processing runs only with your consent (see our Cookies Policy). Aggregated and pseudonymous analytics data may also be exported to Google BigQuery for analysis.
Google Sign-In – if you choose to sign in using your Google account.
Sign in with Apple – if you choose to sign in using your Apple account.
Cloudflare Turnstile – to help prevent abuse and automated sign-ups or other suspicious activity.
Apple App Store / Google Play Store – for app distribution and, where applicable, processing in-app purchases/subscriptions under their own terms and policies.
MaxMind – we use MaxMind’s GeoLite2 databases to infer an approximate location (city and country) from your IP address when you upload a Whisper. This location tag helps users discover Whispers from specific regions. We do not store your raw IP address — only the inferred city and country are saved. This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.
6.3 For advertising and analytics
We may share certain pseudonymous or aggregated data with:
ad networks or partners to show and measure ads;
analytics providers to understand usage and performance.
Where required, we will ask for your consent for certain types of tracking or personalised advertising (see Cookies Policy).
6.4 For legal and safety reasons
We may disclose your data where necessary:
to comply with a legal obligation, court order or request from authorities;
to enforce our Terms of Use or protect our rights;
to investigate or respond to reported abuse, fraud, or security issues;
to protect the rights, safety and property of us, our users or others.
6.5 In case of business transfers
If we are involved in a merger, acquisition, restructuring, sale of assets, or similar transaction, your data may be transferred as part of that transaction, subject to confidentiality and data protection requirements. We will take steps to ensure that any acquiring entity honours this Privacy Policy or provides an equivalent level of protection.
7. International transfers
We are based in the Netherlands, but some of our service providers may be located outside the EU/EEA, including in countries that may not offer the same level of data protection.
When we transfer your personal data outside the EU/EEA, we will ensure that:
the European Commission has decided that the country offers an adequate level of protection; or
we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, and additional measures where required.
You can contact us at whispair.dev@gmail.com if you would like more information about these safeguards.
8. Cookies and similar technologies
We may use cookies, SDKs and similar technologies in our websites and App to:
remember your preferences;
keep you logged in;
measure usage and performance;
deliver and measure ads;
protect against fraud and abuse.
For more detail on the types of cookies we use, how long they last, and how you can manage your choices (including granting or withdrawing consent where required), please see our separate Cookies Policy.
9. How we protect your data
We implement appropriate technical and organisational measures designed to protect your personal data, including:
encryption in transit (e.g., HTTPS);
access controls and role-based permissions;
security monitoring and logging;
regular software updates and patching;
data minimisation and retention policies.
However, no system is completely secure. You are also responsible for:
keeping your account credentials confidential;
using a strong and unique password (where applicable);
notifying us promptly if you believe your account has been compromised.
10. Your rights under GDPR
If you are in the EU/EEA/UK, you have certain rights regarding your personal data. Subject to some limitations, these include:
Right of access – You can request confirmation of whether we process your personal data and receive a copy of that data.
Right to rectification – You can ask us to correct inaccurate or incomplete personal data.
Right to erasure (“right to be forgotten”) – You can ask us to delete your personal data in certain circumstances (for example, where it is no longer necessary for the purpose for which it was collected and we have no overriding legitimate grounds to keep it).
Right to restriction of processing – You can ask us to restrict how we use your personal data in certain circumstances.
Right to data portability – You can ask to receive your personal data in a structured, commonly used and machine-readable format and have it transmitted to another controller, where technically feasible.
Right to object – You can object to our processing of your personal data where it is based on our legitimate interests or for direct marketing.
Right to withdraw consent – Where we process your data based on consent, you can withdraw your consent at any time. This does not affect the lawfulness of processing that took place before withdrawal.
Right to lodge a complaint – You can lodge a complaint with your local data protection authority.
In the Netherlands, the supervisory authority is:
Autoriteit Persoonsgegevens (Dutch Data Protection Authority).
You can exercise most of your rights through the App (e.g., updating profile info, deleting content) or by contacting us at whispair.dev@gmail.com. We may need to verify your identity before fulfilling certain requests.
11. Children and minors
Whispair is not intended for children under 18. You must be at least 18 years old to create an account or use the App, and we do not knowingly collect personal data from children under that age.
If we become aware that we have collected personal data from a child under 18, we will take reasonable steps to delete it.
If you believe a child has provided us with personal data in violation of this Policy, please contact us at whispair.dev@gmail.com.
12. Automated decision-making and profiling
We may use certain forms of automated processing, including profiling, to:
help determine which Whispers to show or rank;
detect spam, abuse or suspicious behaviour;
help moderate content (e.g., detecting obvious violations of our community rules);
assign or update ranks and badges based on likes and other interactions.
These processes are primarily designed to improve your experience and maintain safety in the App. They do not produce legal effects or similarly significant effects for you in the sense of Article 22 GDPR.
12.1 No training of our AI models on your User Content
We may use automated tools (including AI-assisted systems) to help with safety and integrity—for example, detecting spam, abusive behaviour, or obvious violations of our rules.
However, at this time, we do not use your User Content (such as your Whispers, 1-on-1 chat voice messages, profile photos, chapter photos, or profile text) to train our own machine learning or AI models.
If you have questions about these processes or believe they have affected you unfairly, you can contact us at whispair.dev@gmail.com and we will review your case.
13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time, for example to reflect:
changes in the App’s features or data practices;
legal or regulatory developments;
feedback from users or authorities.
When we make changes, we will:
update the “Last updated” date at the top; and
where appropriate, provide additional notice (e.g., via in-App notifications or email).
If you continue to use the App after the new Privacy Policy takes effect, you will be considered to have accepted the updated version. If you do not agree with the changes, you should stop using the App and may delete your account.
14. Contact us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, you can contact us at: