→ Last updated: December 2024

Privacy
Policy

Your data privacy is non-negotiable. Here's exactly what we collect, why we collect it, and how we protect it.

Our Core Commitments

Your ideas stay private

We never share, sell, or publicize your startup ideas

Enterprise-grade security

Bank-level encryption for all data in transit and at rest

Delete anytime

Request complete data deletion within 30 days

Information We Collect

Account Information

When you create an account, we collect:

  • Email address (required for authentication)
  • Name (optional)
  • Company name (optional)
  • Password (encrypted, we never store plaintext passwords)

Validation Data

When you validate an idea, we collect:

  • Your idea description and details
  • Target market information you provide
  • Validation results and reports generated

Important: Your idea data is encrypted and never used for training AI models or shared with third parties.

Payment Information

For paid subscriptions:

  • Payment details are processed by Stripe (we never store credit card numbers)
  • Billing address
  • Transaction history

Usage Analytics

We collect anonymized data to improve our service:

  • Page views and feature usage
  • Device type and browser information
  • Time spent on platform
  • IP address (for security and fraud prevention only)

How We Use Your Information

Provide Our Service

Generate validation reports, maintain your account, process payments, and deliver the core Whisone experience.

Improve Our Product

Analyze anonymized usage patterns to enhance features, fix bugs, and optimize performance.

Communication

Send transactional emails (reports, billing), product updates (opt-in only), and critical security notifications.

Security & Fraud Prevention

Detect and prevent unauthorized access, fraudulent activity, and security threats.

Data Protection & Security

We implement industry-standard security measures:

  • AES-256 encryption for data at rest
  • TLS 1.3 for data in transit
  • Regular security audits by third-party experts
  • SOC 2 Type II compliance (in progress)
  • GDPR & CCPA compliant data handling
  • Access controls - strict employee access limits

Data Sharing & Third Parties

We share data only in limited circumstances:

Service Providers

We work with trusted third parties who help us operate:

  • Stripe: Payment processing
  • AWS: Cloud hosting and infrastructure
  • PostHog: Anonymized analytics
  • SendGrid: Transactional emails

All providers are contractually bound to protect your data and use it only for specified purposes.

We Never:

  • Sell your data to third parties
  • Share your startup ideas publicly or with competitors
  • Use your data to train AI models
  • Display your ideas in public feeds or galleries

Your Rights & Control

You have full control over your data:

Access

Request a copy of all personal data we hold about you

Correction

Update or correct inaccurate information anytime

Deletion

Request complete account and data deletion (30-day processing)

Export

Download your validation reports and data in portable format

Opt-out

Unsubscribe from marketing emails (one-click)

Object

Object to processing for specific purposes

To exercise any of these rights, email us at privacy@whisone.com

Data Retention

We retain your data as follows:

  • Active accounts: Data retained while account is active
  • Inactive accounts: Deleted after 2 years of inactivity (with notification)
  • Deleted accounts: Permanently removed within 30 days
  • Billing records: Kept for 7 years (legal requirement)
  • Anonymized analytics: Retained indefinitely (no personal identifiers)

Cookies & Tracking

We use minimal cookies for essential functionality:

Essential Cookies (Required)

Authentication, security, and core functionality

These cannot be disabled

Analytics Cookies (Optional)

Help us understand how you use Whisone

Can be disabled in settings

We do not use advertising cookies or third-party tracking pixels.

See our Cookie Policy for details.

International Data Transfers

Whisone is based in the United States. If you access our service from outside the US:

  • Your data may be transferred to and processed in the US
  • We comply with GDPR for EU users (standard contractual clauses)
  • Data stored on AWS servers with regional compliance

Children's Privacy

Whisone is not intended for users under 18. We do not knowingly collect personal information from children.

If you believe we have inadvertently collected data from a minor, contact us immediately at privacy@whisone.com

Changes to This Policy

We may update this Privacy Policy periodically. When we do:

  • We'll update the "Last updated" date at the top
  • Material changes will be emailed to active users
  • Continued use after changes constitutes acceptance

Questions About Privacy?

We're committed to transparency. If you have questions, concerns, or requests regarding your data:

Email: privacy@whisone.com

Response time: Within 48 hours

Data Protection Officer: Available upon request