Privacy Policy

Yap Studios ("we," "us," or "our") operates WhatsGen, an AI-powered conversation practice application available on Apple's App Store and at whatsgen.app(collectively, the "Service").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By using WhatsGen, you consent to the data practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

We collect information that you provide directly to us, as well as information that is generated automatically when you use our Service.

Account Information

When you create an account, we collect:

• Apple Sign In — Your Apple-provided unique user identifier (hashed) and, if you choose to share it, your email address and display name
• Google Sign In — Your Google account identifier, email address, and display name
• Guest Access — If you continue as a guest, we create an anonymous account with no personally identifiable information. A synthetic identifier is generated for data isolation purposes only

Conversation Data

When you use WhatsGen to practice conversations:

• Messages you send — The text content you type or dictate during practice conversations with AI personas
• AI-generated responses — Messages generated by our AI system in response to your input
• Conversation metadata — Timestamps, the AI persona selected, the conversation mode (Social, Dating/Rizz, Professional, or Language Practice), and conversation context summaries

Custom Persona Data

If you create custom AI personas, we store:

• Persona name, description, tagline, and personality trait tags that you provide or that are AI-generated from your scenario description
• The AI system prompt generated for the persona (defines the persona's communication style and personality)

Voice Input (On-Device)

We do not collect or process voice audio. Your iPhone's on-device Speech Recognition framework (part of iOS) transcribes your voice locally. Audio never leaves your iPhone and the original audio is discarded immediately on your device after transcription. Only the transcribed text — if you choose to send it — enters our backend via the standard chat pipeline.

Usage Data

• Daily message count — We track the number of messages sent per day to enforce usage limits
• Subscription status — Your entitlement status (free or Pro) is managed through RevenueCat

Information We Do NOT Collect

• We do not use any analytics SDKs, crash reporting tools, or behavioral tracking libraries in the app
• We do not collect device identifiers (IDFA) or use App Tracking Transparency for cross-app tracking
• We do not collect location data, contacts, photos, or any data from other apps on your device

We use the information we collect exclusively to:

• Provide the Service — Deliver AI-powered conversation practice, maintain conversation context, and manage your account
• Process AI conversations — Chat replies are generated entirely on your device using Apple Foundation Models and MLX-quantized Qwen3 models. Your actual chat messages never leave your device for chat generation. Optional features (conversation reviews, custom persona generation, persona tweaks) send anonymized prompt context to our cloud AI provider (DeepInfra) — see the AI Usage section below
• Enforce usage limits — Track daily message counts to manage free tier limits (25 messages per day) and Pro tier allowance (up to 500 messages per day under our fair-use policy)
• Manage subscriptions — Process and validate your subscription status through RevenueCat and Apple
• Respond to requests — Address your support inquiries, account deletion requests, and privacy rights requests

We do not use your data for advertising. We do not sell, rent, or trade your personal information to third parties. We do not use your data for profiling or automated decision-making.

WhatsGen uses artificial intelligence to generate conversation responses from AI personas. This section explains exactly how your data interacts with AI systems.

On-Device Chat (Primary)

All chat messages in WhatsGen are generated entirely on your iPhone. Your conversations never leave your device for chat generation. We use:

• Apple Foundation Models (iOS 26+, iPhone 15 Pro and later with Apple Intelligence hardware) — selectable alternative
• Qwen3-4B abliterated (MLX) — default on iPhone 17 Pro and later (≥12 GB RAM)
• Qwen3-1.7B abliterated v2 (MLX) — default on iPhone 14 through 16 class devices (4-12 GB RAM), distributed via Apple Background Assets (~1.05 GB download)

No data from your chat conversations is transmitted to any cloud AI provider. Your messages stay on your iPhone.

Optional Cloud Analysis Features (Disclosed)

Two optional features use our cloud AI provider. Both are clearly disclosed in-app and are distinct from your primary chat feature:

• Conversation reviews (chat debrief / coaching summary) — user-initiated. When you tap "Review" on a conversation, a summary prompt + recent message context is sent to DeepInfra for analysis
• Custom persona generation— one-time per custom persona you create. The persona description you provide is sent to DeepInfra to generate the AI character's system prompt
• Persona tweaks— one-time when you adjust an existing persona's behavior

All cloud requests are routed through our secure server infrastructure (Supabase Edge Functions) — your device never communicates directly with cloud AI providers, and API credentials are never exposed to the client. Our cloud provider (DeepInfra, model: Qwen3-Next-80B-A3B-Instruct) is rate-limited and cost-controlled via a scoped API token with a hard monthly spending ceiling.

Data NOT Sent to AI

• Your user ID, email address, or any account identifiers
• Your device information or IP address
• Data from other conversations or personas
• Any data from other apps on your device

AI Model Training

Your conversations are notused to train or fine-tune our AI models. Messages are processed in real-time to generate responses and are not retained by the cloud AI provider for training purposes. For details on our provider's data handling, please refer to DeepInfra's Privacy Policy.

Voice Input (On-Device)

Voice input is transcribed entirely on your iPhone using Apple's Speech Recognition framework. Audio never leaves your device, is not sent to any third party, and is discarded locally after the text result is produced. Only the text you choose to send enters our backend — no audio is ever transmitted or stored server-side.

We use the following third-party services to operate WhatsGen. Each service receives only the minimum data necessary for its function.

We do not use any advertising networks, analytics SDKs, or cross-application tracking services. Each third-party service listed above is governed by its own privacy policy, which we encourage you to review.

We implement industry-standard security measures to protect your information.

Storage Infrastructure

• All user data is stored in Supabase (PostgreSQL databases hosted on AWS) with encryption at rest
• Row Level Security (RLS) policies enforce strict data isolation — each user can only access their own data
• Guest users receive the same data isolation protections as authenticated users
• Database backups are maintained automatically

Data in Transit

• All communication between the app and our servers uses TLS/HTTPS encryption
• AI API requests are proxied through Supabase Edge Functions — API keys are stored as server-side secrets and are never exposed to the client application

Authentication Security

• We use industry-standard OAuth 2.0 via Apple and Google identity providers
• We do not store your Apple or Google passwords — authentication is handled entirely by the identity provider
• Session tokens are managed using JSON Web Tokens (JWT) with standard expiration and refresh practices

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

To exercise any of these rights, contact us at support@whatsgen.app. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know — You can request the categories and specific pieces of personal information we collect, the purposes for collection, and the third parties with whom we share it
• Right to Delete — You can request deletion of your personal information via the in-app account deletion feature or by contacting us
• Right to Opt-Out of Sale or Sharing — We do not sell or share your personal information for cross-context behavioral advertising. No opt-out is necessary
• Right to Non-Discrimination — We will not discriminate against you for exercising your privacy rights
• Right to Correct — You can request correction of inaccurate personal information

To exercise your rights, contact us at support@whatsgen.app. We will verify your identity and respond within 45 days as required by law.

WhatsGen is rated 17+ on the App Store and is not directed at children under 17. We do not knowingly collect personal information from anyone under 17. This minimum age exceeds the threshold set by the Children's Online Privacy Protection Act (COPPA) and reflects the fact that WhatsGen includes conversation modes (Dating/Rizz, mature Social scenarios) that are unsuitable for minors.

• You must be at least 17 years old to create an account, use WhatsGen, or submit any personal information to the App
• If we become aware that we have collected personal information from anyone under 17, we will promptly delete that information and terminate the associated account without refund
• If you are a parent or guardian and believe your child under 17 has used WhatsGen, please contact us at support@whatsgen.app and we will take appropriate action (account deletion, data purge, return of payment records to Apple for refund consideration)
• Apple's App Store age-gating is the primary enforcement mechanism. You must not misrepresent your age, enable age-bypass features, or assist a minor in accessing the App

Active Accounts

• Account information and conversation data are retained for the duration of your account
• Daily message usage counts reset at midnight each day

Account Deletion

You can permanently delete your account at any time through Settings → Account → Delete Account. When you delete your account:

• Your account, all conversations, all messages, all custom personas, and all usage data are permanently deleted via cascade deletion
• Deletion is processed immediately and cannot be undone
• If you have an active subscription, you must cancel it separately through Apple Settings — deleting your WhatsGen account does not automatically cancel Apple subscriptions

Inactive Accounts

Accounts that have been inactive for more than 12 months may be deleted after providing 30 days' notice to the registered email address (if available). Guest accounts without email addresses may be deleted after 12 months of inactivity without notice.

Your data may be processed in jurisdictions outside your country of residence. Our service providers operate in the following regions:

• Supabase (AWS) — Database infrastructure in the United States
• DeepInfra — Cloud AI processing in the United States (Qwen3-Next-80B) for analysis-only features (conversation reviews + custom persona generation + persona tweaks). Chat messages never leave your device.
• RevenueCat — Subscription data processing in the United States
• Apple & Google — Sign-in and payment processing per their respective privacy policies

Where data is transferred internationally, we ensure appropriate safeguards are in place, including data processing agreements with our service providers, to protect your data in accordance with applicable data protection laws including GDPR.

We may update this Privacy Policy from time to time. When we make changes:

• We will update the "Last Updated" date at the top of this page
• For material changes that affect how we handle your personal data, we will provide notice through the app or via email at least 30 days before the changes take effect
• Your continued use of WhatsGen after changes take effect constitutes your acceptance of the updated policy

We encourage you to review this Privacy Policy periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy-related inquiries within 30 days. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.