Privacy Policy
Introduction
Yap Studios ("we," "us," or "our") operates WhatsGen, an AI-powered conversation practice application available on Apple's App Store and at whatsgen.app(collectively, the "Service").
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By using WhatsGen, you consent to the data practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
Information We Collect
We collect information that you provide directly to us, as well as information that is generated automatically when you use our Service.
Account Information
When you create an account, we collect:
- Apple Sign In — Your Apple-provided unique user identifier (hashed) and, if you choose to share it, your email address and display name
- Google Sign In — Your Google account identifier, email address, and display name
Conversation Data
When you use WhatsGen to practice conversations:
- Messages you send — The text content you type or dictate during practice conversations with AI personas
- AI-generated responses — Messages generated by our AI system in response to your input
- Conversation metadata — Timestamps, the AI persona selected, the conversation mode (Social, Dating/Rizz, Professional, or Language Practice), and conversation context summaries
Custom Persona Data
If you create custom AI personas, we store:
- Persona name, description, tagline, and personality trait tags that you provide or that are AI-generated from your scenario description
- The AI system prompt generated for the persona (defines the persona's communication style and personality)
Voice Input (On-Device Dictation)
Voice dictation(speaking instead of typing) is transcribed entirely on your iPhone using Apple's on-device Speech Recognition framework. Dictation audio never leaves your iPhone and is discarded immediately after transcription. Only the transcribed text — if you choose to send it — enters our backend via the standard chat pipeline.
Voice Messages (Stored Until You Delete Them)
Voice messages (audio recordings you deliberately record and send as a chat message, like in WhatsApp) work differently: the audio recording is uploaded to and stored in our backend (Supabase Storage) so it can be played back inside your conversation. Transcription of received voice messages still happens on-device. Voice message audio is deleted when you delete the message, clear the conversation, or delete your account.
Usage Data
- Message activity — We keep a per-day count of messages sent to enforce fair-use limits and protect against automated abuse. Chat usage is generous and unmetered for normal personal practice, subject to daily fair-use limits (see our Terms of Service).
- Subscription status — Your entitlement status (active subscription, trial, or expired) is managed through RevenueCat
Information We Do NOT Collect
- We do not use any analytics SDKs, crash reporting tools, or behavioral tracking libraries in the app
- We do not collect device identifiers (IDFA) or use App Tracking Transparency for cross-app tracking
- We do notcollect location data, contacts, or any data from other apps on your device. The only photo we ever store is one you deliberately choose as a custom persona's avatar (uploaded to our storage, deleted with the persona or your account).
How We Use Your Information
We use the information we collect exclusively to:
- Provide the Service — Deliver AI-powered conversation practice, maintain conversation context, and manage your account
- Process AI conversations — Chat replies are generated entirely on your device using an MLX-quantized Llama 3.2 model (or Apple Foundation Models as a selectable alternative). Your actual chat messages never leave your device for chat generation. Optional features (conversation reviews, custom persona generation, persona tweaks) send anonymized prompt context to our cloud AI provider (DeepInfra) — see the AI Usage section below
- Prevent abuse — Keep a per-day message count to enforce our fair-use limits and protect against automated abuse. Chat usage is generous for normal personal practice but is subject to daily fair-use limits (see our Terms of Service)
- Manage subscriptions — Process and validate your subscription status through RevenueCat and Apple
- Respond to requests — Address your support inquiries, account deletion requests, and privacy rights requests
We do not use your data for advertising. We do not sell, rent, or trade your personal information to third parties. We do not use your data for profiling or automated decision-making.
AI Usage & Data Processing
WhatsGen uses artificial intelligence to generate conversation responses from AI personas. This section explains exactly how your data interacts with AI systems.
On-Device Chat (iPhone)
On iPhone, all chat messages in WhatsGen are generated entirely on your device. Your conversations never leave your iPhone for chat generation. (On Android, chat is generated in the cloud — see "Android Chat (Cloud)" below.) On iPhone we use:
- Llama 3.2 (3B, MLX int4)— the default on-device chat model on iPhone. Ships inside the app itself (no separate download), so replies are composed on your device rather than on a server. "Built with Llama."
- Apple Foundation Models (iOS 26+, devices with Apple Intelligence hardware) — selectable alternative in Settings
- Gemma 3 270M (MLX) — a small bundled on-device safety classifier that screens every generated reply before it is shown
On iPhone, no data from your chat conversations is transmitted to any cloud AI provider for chat generation — your messages stay on your device.
Android Chat (Cloud)
On Android, chat replies are generated by our secure cloud AI provider (DeepInfra), not on-device. The bundled on-device model used on iPhone relies on Apple-Silicon hardware that is not available across Android devices, so on Android your chat messages for the conversation you are in are sent over an encrypted connection to DeepInfra to generate the reply, and are not used to train any model or retained beyond what is needed to produce the response. Subscription, usage caps, and abuse protections are the same as on iPhone. This Android cloud processing is disclosed in-app.
Optional Cloud Analysis Features (Disclosed)
Two optional features use our cloud AI provider. Both are clearly disclosed in-app and are distinct from your primary chat feature:
- Conversation reviews (chat debrief / coaching summary) — user-initiated. When you tap "Review" on a conversation, a summary prompt + recent message context is sent to DeepInfra for analysis
- Custom persona generation— one-time per custom persona you create. The persona description you provide is sent to DeepInfra to generate the AI character's system prompt
- Persona tweaks— one-time when you adjust an existing persona's behavior
All cloud requests are routed through our secure server infrastructure (Supabase Edge Functions) — your device never communicates directly with cloud AI providers, and API credentials are never exposed to the client. Our cloud provider (DeepInfra, model: Qwen3-Next-80B-A3B-Instruct) is rate-limited and cost-controlled via a scoped API token with a hard monthly spending ceiling.
Data NOT Sent to AI
- Your user ID, email address, or any account identifiers
- Your device information or IP address
- Data from other conversations or personas
- Any data from other apps on your device
AI Model Training
Your conversations are notused to train or fine-tune our AI models. Messages are processed in real-time to generate responses and are not retained by the cloud AI provider for training purposes. For details on our provider's data handling, please refer to DeepInfra's Privacy Policy.
Voice Input (On-Device Dictation)
Voice dictation is transcribed entirely on your iPhone using Apple's Speech Recognition framework. Dictation audio never leaves your device, is not sent to any third party, and is discarded locally after the text result is produced. Voice messagesyou deliberately record and send are different: that audio is stored in our backend (Supabase Storage) so it can be played back in your conversation — see "Voice Messages" under Information We Collect. No audio is ever sent to any AI provider.
Third-Party Services
We use the following third-party services to operate WhatsGen. Each service receives only the minimum data necessary for its function.
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | User authentication, database storage, Edge Functions | Account credentials, conversations, messages, custom personas |
| DeepInfra | Cloud AI (Qwen3-Next-80B). On Android, generates your chat replies. On both platforms, powers the optional analysis features (conversation reviews, custom persona generation, persona tweaks). On iPhone, chat is generated on-device and is not sent to DeepInfra. | On Android: the active conversation's message text, sent encrypted to generate each reply. On both platforms: the prompt + recent context for analysis requests. Not used to train models; no advertising identifiers. |
| RevenueCat | Subscription management and entitlement verification | Anonymous user ID, purchase status, entitlement state |
| Apple | Sign In with Apple, App Store payment processing | Hashed Apple ID, purchase transactions (managed by Apple) |
| Google Sign-In authentication | Google account ID, email address, display name |
We do not use any advertising networks, analytics SDKs, or cross-application tracking services. Each third-party service listed above is governed by its own privacy policy, which we encourage you to review.
Data Storage & Security
We implement industry-standard security measures to protect your information.
Storage Infrastructure
- All user data is stored in Supabase (PostgreSQL databases hosted on AWS) with encryption at rest
- Row Level Security (RLS) policies enforce strict data isolation — each user can only access their own data
- Guest users receive the same data isolation protections as authenticated users
- Database backups are maintained automatically
Data in Transit
- All communication between the app and our servers uses TLS/HTTPS encryption
- AI API requests are proxied through Supabase Edge Functions — API keys are stored as server-side secrets and are never exposed to the client application
Authentication Security
- We use industry-standard OAuth 2.0 via Apple and Google identity providers
- We do not store your Apple or Google passwords — authentication is handled entirely by the identity provider
- Session tokens are managed using JSON Web Tokens (JWT) with standard expiration and refresh practices
Your Privacy Rights (EEA/UK)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):
To exercise any of these rights, contact us at support@whatsgen.app. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
Your Privacy Rights (California)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to Know — You can request the categories and specific pieces of personal information we collect, the purposes for collection, and the third parties with whom we share it
- Right to Delete — You can request deletion of your personal information via the in-app account deletion feature or by contacting us
- Right to Opt-Out of Sale or Sharing — We do not sell or share your personal information for cross-context behavioral advertising. No opt-out is necessary
- Right to Non-Discrimination — We will not discriminate against you for exercising your privacy rights
- Right to Correct — You can request correction of inaccurate personal information
To exercise your rights, contact us at support@whatsgen.app. We will verify your identity and respond within 45 days as required by law.
Children's Privacy
WhatsGen is rated 17+ on the App Store and is not directed at children under 17. We do not knowingly collect personal information from anyone under 17. This minimum age exceeds the threshold set by the Children's Online Privacy Protection Act (COPPA) and reflects the fact that WhatsGen includes conversation modes (Dating/Rizz, mature Social scenarios) that are unsuitable for minors.
- You must be at least 17 years old to create an account, use WhatsGen, or submit any personal information to the App
- If we become aware that we have collected personal information from anyone under 17, we will promptly delete that information and terminate the associated account without refund
- If you are a parent or guardian and believe your child under 17 has used WhatsGen, please contact us at support@whatsgen.app and we will take appropriate action (account deletion, data purge, return of payment records to Apple for refund consideration)
- Apple's App Store age-gating is the primary enforcement mechanism. You must not misrepresent your age, enable age-bypass features, or assist a minor in accessing the App
Data Retention & Deletion
Active Accounts
- Account information and conversation data are retained for the duration of your account
- We keep a per-day message count to enforce fair-use limits and prevent abuse; chat usage is generous for normal personal practice but is subject to daily fair-use limits (see our Terms of Service)
Account Deletion
You can permanently delete your account at any time through Settings → Account → Delete Account. When you delete your account:
- Your account, all conversations, all messages, all custom personas, and all usage data are permanently deleted via cascade deletion
- Deletion is processed immediately and cannot be undone
- If you have an active subscription, you must cancel it separately through Apple Settings — deleting your WhatsGen account does not automatically cancel Apple subscriptions
Inactive Accounts
Accounts that have been inactive for more than 12 months may be deleted after providing 30 days' notice to the registered email address (if available). Guest accounts without email addresses may be deleted after 12 months of inactivity without notice.
International Data Transfers
Your data may be processed in jurisdictions outside your country of residence. Our service providers operate in the following regions:
- Supabase (AWS) — Database infrastructure in the United States
- DeepInfra — Cloud AI processing in the United States (Qwen3-Next-80B) for analysis-only features (conversation reviews + custom persona generation + persona tweaks). Chat messages never leave your device.
- RevenueCat — Subscription data processing in the United States
- Apple & Google — Sign-in and payment processing per their respective privacy policies
Where data is transferred internationally, we ensure appropriate safeguards are in place, including data processing agreements with our service providers, to protect your data in accordance with applicable data protection laws including GDPR.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will update the "Last Updated" date at the top of this page
- For material changes that affect how we handle your personal data, we will provide notice through the app or via email at least 30 days before the changes take effect
- Your continued use of WhatsGen after changes take effect constitutes your acceptance of the updated policy
We encourage you to review this Privacy Policy periodically.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Yap Studios
Email: support@whatsgen.app
We aim to respond to all privacy-related inquiries within 30 days. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.