who.

Privacy Policy

Effective date: [Effective Date] · Last updated: [Last Updated Date]

In plain English: we collect what you put in your profile, basic account info from sign-in, and what’s needed to run search, connections, and messaging. We don’t sell your data. Strangers only ever see the limited preview your visibility settings allow — never your full profile, and never your messages. Messages are stored to make the messaging feature work; they are not end-to-end encrypted.
This document is a founder-drafted starting point, not legal advice. Have a qualified attorney licensed in your jurisdiction review it before public launch, particularly for GDPR/CCPA applicability if you expect users outside the U.S. or in California.

1. What We Collect

We collect the following categories of information:

  • Account info: your email and name, provided by your sign-in method (Google).
  • Profile content: whatever you choose to add to your profile — name, handle, photo, location, headline, values, interests, current focus, and any other fields you fill in.
  • Connections and messages: who you’ve requested/accepted as connections, and the content of messages you send.
  • Usage data: basic technical information (e.g. that you searched, viewed a profile, or sent a connection request) used to operate and improve the Service, and to detect abuse.

2. How We Use It

We use your information to:

  • Create and display your profile according to your visibility settings.
  • Power search, QR/link sharing, connection requests, and messaging.
  • Keep the Service secure and prevent abuse (e.g. rate-limiting, spam prevention, enforcing our Terms).
  • Communicate with you about your account (e.g. security notices), if we ever need to.

We do not sell your personal information, and we do not use your profile content to train third-party models.

3. Profile Visibility and Who Can See What

Your profile has a visibility setting: preview-until-connected (the default), fully public, or hidden from search. Regardless of setting, anyone with your link or QR code can view the limited preview (name, handle, photo, headline, and any location/status/what-you-do fields you’ve chosen to show). Your full profile is visible only to you, your accepted connections, or — if you set your profile to public — anyone. Fields you turn off in your visibility toggles are never included in what strangers, search results, or previews can see.

Search results and profile previews only ever include the limited preview fields — never your full About section, values, current focus, personality details, or anything you’ve marked hidden.

4. Messages

Messages are only exchanged between accepted connections and are stored so the messaging feature works — they are not end-to-end encrypted. We do not read your messages as a matter of course, but we may access message content if required to investigate abuse, enforce our Terms, or comply with law.

5. Sharing and Third Parties

We use a small number of infrastructure providers to run the Service, each of which processes data on our behalf:

  • Supabase — database, authentication, and file storage.
  • Vercel — hosting.
  • Google — sign-in (OAuth).

We do not sell your data to advertisers or data brokers. We may disclose information if required by law, to protect the rights and safety of our users, or in connection with a merger, acquisition, or sale of assets (in which case we’ll make reasonable efforts to notify you).

6. Data Retention and Deletion

We retain your profile and message data for as long as your account is active. You can request deletion of your account and data at any time from your account settings or by emailing support@getwho.app. Deleting your account removes your profile, connections, and messages; some information may be retained briefly in backups or logs for security and legal-compliance purposes before being fully purged.

7. Your Choices

  • Control what’s visible on your profile via the visibility toggles on each field.
  • Set your overall profile visibility to preview-only, public, or hidden from search.
  • Delete individual profile fields at any time.
  • Request full account deletion at any time.
  • Contact us with any privacy question at support@getwho.app.

8. Children’s Privacy

who. is not directed to, and is not intended for use by, anyone under the age of 13, and the Service overall is intended for users 18 and older. If we learn we’ve collected information from a child under 13, we will delete it promptly. See our Terms of Service for our full age policy.

9. Security

We use industry-standard practices to protect your data, including row-level database access controls that restrict who can read your profile and messages at the database layer, not just in the app’s interface. No method of transmission or storage is 100% secure, and we can’t guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we’ll make reasonable efforts to notify you (e.g. by posting a notice on the Service or updating the “Last updated” date above).

11. Contact

Questions about this policy or your data? Contact us at privacy@getwho.app or support@getwho.app.