Whispr — Privacy Policy

🧭 Overview

Whispr is built around a simple promise: anonymous questions stay anonymous, and answers stay private. This policy explains exactly what data we collect, why we collect it, and how we protect it.

            We never sell your data. We never show your answers publicly.
            The person you ask a question to never knows who you are.
        

📦 Data We Collect

We collect the minimum data necessary to provide the service:

Apple ID token — used solely to authenticate you. We never receive your real name or email unless you choose to share it.
Display name & username — chosen by you during setup, shown on your public profile.
Questions & answers — stored securely in Firestore. Questions are linked to both sender and recipient by user ID, but the sender's ID is never exposed to the recipient.
FCM device token — used only to deliver push notifications to your device. Cleared when you sign out.
Notification preferences — whether you want to receive answer notifications.

🔐 How We Protect Anonymity

Anonymity is enforced at the database level, not just the app level:

Firestore security rules prevent the answerer from ever reading the fromUserId field of a question.
Answers are only readable by the person who asked (matched by fromUserId) or the person who answered (matched by toUserId).
No public feed of answers exists anywhere in the app or database.
Blocked users are silently prevented from asking — they are not informed that they have been blocked.

📣 Push Notifications

We use Firebase Cloud Messaging (FCM) to send push notifications. Notifications are sent only to the person who asked a question, when their question receives an answer.

The answerer is never notified of who asked, and notifications never reveal the asker's identity to anyone.

You can disable notifications at any time in the app under Profile → Notifications, or in your iOS Settings.

🗂 Data Retention

Your data is retained for as long as your account is active.
Deleting your account permanently removes your user profile, all questions sent to you, and all questions you have sent.
FCM tokens are deleted from our database when you sign out.
Deletion is immediate and cannot be undone.

🤝 Third-Party Services

Whispr uses the following third-party services, each with their own privacy policies:

Firebase (Google) — authentication, database, push notifications
Apple — Sign In with Apple, APNs push delivery

We do not use any advertising SDKs, analytics services, or data brokers.

👶 Children's Privacy

Whispr is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has created an account, please contact us and we will delete it promptly.

✏️ Your Rights

You have the right to:

Access the data we hold about you (contact us by email)
Delete your account and all associated data (in-app, instant)
Opt out of push notifications (in-app or iOS Settings)
Report abusive content (in-app report flow)

📬 Contact

If you have questions about this policy or want to request data deletion, contact us at:

privacy@whispr.app