Privacy policy

Effective April 15, 2026

WhosIn ("we", "us", "our"), developed by Renzo Barrantes, operates the WhosIn mobile and web application. This policy describes how we collect, use, and protect your information.

Information we collect

• Account data: email address, display name, and avatar (if provided).
• Poll data: polls you create, dates and times you propose, and votes you cast.
• Device data: push notification tokens so we can send you notifications about your polls.
• Usage data: anonymous interaction signals to improve recommendations. No personally identifiable information is included.

How we use your information

• To operate and improve the WhosIn service (scheduling polls, sending reminders).
• To send push notifications you have opted into (votes, confirmations, reminders).
• To detect and prevent abuse.

Data sharing

We do not sell your personal data. We share data only with:

• Google Places API: when you search for venues, your search query and approximate location are sent to Google (privacy policy).
• Apple Sign In: if you sign in with Apple, your identity is verified through Apple's servers (privacy policy).
• Google Sign In: if you sign in with Google, your identity is verified through Google's servers (privacy policy).
• Cloudinary: poll hero images are stored on Cloudinary's CDN (privacy policy).
• Expo Push Notifications: push notification tokens are processed by Expo to deliver notifications to your device (privacy policy).
• Infrastructure providers: hosting and database providers that process data on our behalf under their own privacy policies.

Data retention

We retain your account and poll data for as long as your account is active. If you delete your account, we anonymize your personal data within 30 days. Anonymized poll records (with your name replaced by "Deleted User") may be retained indefinitely for service improvement, analytics, and abuse prevention.

Your rights

• Access and export: contact us to request a copy of your data.
• Deletion: you can delete your account from the Profile screen in the app, or contact us.
• Correction: update your name and avatar from the Profile screen.

Local storage

We use browser localStorage to save your theme preference, authentication tokens, and guest identity. You can clear this data via your browser settings.

Your privacy rights (US residents)

Depending on your state of residence, you may have rights to access, correct, delete, or export your personal data. California residents have these rights under the CCPA (Cal. Civ. Code 1798.100+). Residents of Colorado, Connecticut, Virginia, and Utah have similar rights under their respective state privacy laws.

To exercise your rights, email privacy@seewhosin.com or delete your account from the Profile screen in the app.

Security

Passwords are hashed with bcrypt. All communication uses HTTPS. Authentication uses short-lived access tokens with rotating refresh tokens.

Breach notification

In the event of a data breach affecting your personal information, we will notify affected users via email within 30 days of discovery.

Children

WhosIn is intended for users aged 13 and older. We do not knowingly collect data from children under 13.

Changes

We may update this policy from time to time. We will notify you of material changes via the app or email.

Contact

Questions? Email us at privacy@seewhosin.com.