Privacy Policy

Effective: April 2, 2026Last updated: April 2, 2026

Introduction

Yap Studios ("we," "us," or "our") operates WhatsGen, an AI-powered conversation practice application available on Apple's App Store and at whatsgen.app(collectively, the "Service").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By using WhatsGen, you consent to the data practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

Information We Collect

We collect information that you provide directly to us, as well as information that is generated automatically when you use our Service.

Account Information

When you create an account, we collect:

  • Apple Sign In — Your Apple-provided unique user identifier (hashed) and, if you choose to share it, your email address and display name
  • Google Sign In — Your Google account identifier, email address, and display name
  • Guest Access — If you continue as a guest, we create an anonymous account with no personally identifiable information. A synthetic identifier is generated for data isolation purposes only

Conversation Data

When you use WhatsGen to practice conversations:

  • Messages you send — The text content you type or dictate during practice conversations with AI personas
  • AI-generated responses — Messages generated by our AI system in response to your input
  • Conversation metadata — Timestamps, the AI persona selected, the conversation mode (Social, Dating/Rizz, Professional, or Language Practice), and conversation context summaries

Custom Persona Data

If you create custom AI personas, we store:

  • Persona name, description, tagline, and personality trait tags that you provide or that are AI-generated from your scenario description
  • The AI system prompt generated for the persona (defines the persona's communication style and personality)

Voice Input Data

If you use the voice input feature, your audio recording is sent to a speech-to-text transcription service via our secure server. The audio is processed in real-time and is not stored after transcription. Only the resulting text is retained as part of your conversation.

Usage Data

  • Daily message count — We track the number of messages sent per day to enforce usage limits
  • Subscription status — Your entitlement status (free or Pro) is managed through RevenueCat

Information We Do NOT Collect

  • We do not use any analytics SDKs, crash reporting tools, or behavioral tracking libraries in the app
  • We do not collect device identifiers (IDFA) or use App Tracking Transparency for cross-app tracking
  • We do not collect location data, contacts, photos, or any data from other apps on your device

How We Use Your Information

We use the information we collect exclusively to:

  • Provide the Service — Deliver AI-powered conversation practice, maintain conversation context, and manage your account
  • Process AI conversations — Send your messages and conversation context to our AI provider (xAI) to generate persona responses
  • Enforce usage limits — Track daily message counts to manage free tier limits (35 messages per day) and Pro tier access
  • Manage subscriptions — Process and validate your subscription status through RevenueCat and Apple
  • Respond to requests — Address your support inquiries, account deletion requests, and privacy rights requests

We do not use your data for advertising. We do not sell, rent, or trade your personal information to third parties. We do not use your data for profiling or automated decision-making.

AI Usage & Data Processing

WhatsGen uses artificial intelligence to generate conversation responses from AI personas. This section explains exactly how your data interacts with AI systems.

AI Provider

We use xAI's Grok API (model: grok-3-mini) as our primary AI provider. All AI API requests are routed through our secure server infrastructure (Supabase Edge Functions) — your device never communicates directly with the AI provider, and API credentials are never exposed to the client.

Data Sent to AI

When you send a message, the following is transmitted to the AI provider:

  • The AI persona's system prompt (defines the character's personality, communication style, and behavioral boundaries)
  • A sliding window of recent messages from the current conversation (typically the last 12–20 messages for context continuity)
  • Your latest message

Data NOT Sent to AI

  • Your user ID, email address, or any account identifiers
  • Your device information or IP address
  • Data from other conversations or personas
  • Any data from other apps on your device

AI Model Training

Your conversations are notused to train or fine-tune our AI models. Messages are processed in real-time to generate responses and are not retained by the AI provider for training purposes. For details on xAI's data handling, please refer to xAI's Privacy Policy.

Voice Transcription

Voice input is transcribed using OpenAI's Whisper API via our secure server. Audio data is processed in real-time and is not stored by us or the transcription provider after the text result is returned.

Third-Party Services

We use the following third-party services to operate WhatsGen. Each service receives only the minimum data necessary for its function.

ServicePurposeData Shared
SupabaseUser authentication, database storage, Edge FunctionsAccount credentials, conversations, messages, custom personas
xAI (Grok)AI conversation response generationMessage content and persona context (no user identifiers)
RevenueCatSubscription management and entitlement verificationAnonymous user ID, purchase status, entitlement state
OpenAI WhisperSpeech-to-text transcriptionAudio recording (not stored after transcription)
AppleSign In with Apple, App Store payment processingHashed Apple ID, purchase transactions (managed by Apple)
GoogleGoogle Sign-In authenticationGoogle account ID, email address, display name

We do not use any advertising networks, analytics SDKs, or cross-application tracking services. Each third-party service listed above is governed by its own privacy policy, which we encourage you to review.

Data Storage & Security

We implement industry-standard security measures to protect your information.

Storage Infrastructure

  • All user data is stored in Supabase (PostgreSQL databases hosted on AWS) with encryption at rest
  • Row Level Security (RLS) policies enforce strict data isolation — each user can only access their own data
  • Guest users receive the same data isolation protections as authenticated users
  • Database backups are maintained automatically

Data in Transit

  • All communication between the app and our servers uses TLS/HTTPS encryption
  • AI API requests are proxied through Supabase Edge Functions — API keys are stored as server-side secrets and are never exposed to the client application

Authentication Security

  • We use industry-standard OAuth 2.0 via Apple and Google identity providers
  • We do not store your Apple or Google passwords — authentication is handled entirely by the identity provider
  • Session tokens are managed using JSON Web Tokens (JWT) with standard expiration and refresh practices

Your Privacy Rights (EEA/UK)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

To exercise any of these rights, contact us at support@whatsgen.app. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

Your Privacy Rights (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know — You can request the categories and specific pieces of personal information we collect, the purposes for collection, and the third parties with whom we share it
  • Right to Delete — You can request deletion of your personal information via the in-app account deletion feature or by contacting us
  • Right to Opt-Out of Sale or Sharing — We do not sell or share your personal information for cross-context behavioral advertising. No opt-out is necessary
  • Right to Non-Discrimination — We will not discriminate against you for exercising your privacy rights
  • Right to Correct — You can request correction of inaccurate personal information

To exercise your rights, contact us at support@whatsgen.app. We will verify your identity and respond within 45 days as required by law.

Children's Privacy

WhatsGen is not directed at children under 13. We do not knowingly collect personal information from children under the age of 13 in compliance with the Children's Online Privacy Protection Act (COPPA).

  • Users must be at least 13 years old to use WhatsGen
  • Users between 13 and 17 should use WhatsGen with parental awareness and consent
  • If we become aware that we have collected personal information from a child under 13, we will promptly delete that information and terminate the associated account
  • If you are a parent or guardian and believe your child under 13 has used WhatsGen, please contact us at support@whatsgen.app so we can take appropriate action

Some conversation modes within WhatsGen (such as Dating/Rizz) are designed for adults practicing social communication skills. We recommend parental guidance for users under 18.

Data Retention & Deletion

Active Accounts

  • Account information and conversation data are retained for the duration of your account
  • Daily message usage counts reset at midnight each day

Account Deletion

You can permanently delete your account at any time through Settings → Account → Delete Account. When you delete your account:

  • Your account, all conversations, all messages, all custom personas, and all usage data are permanently deleted via cascade deletion
  • Deletion is processed immediately and cannot be undone
  • If you have an active subscription, you must cancel it separately through Apple Settings — deleting your WhatsGen account does not automatically cancel Apple subscriptions

Inactive Accounts

Accounts that have been inactive for more than 12 months may be deleted after providing 30 days' notice to the registered email address (if available). Guest accounts without email addresses may be deleted after 12 months of inactivity without notice.

International Data Transfers

Your data may be processed in jurisdictions outside your country of residence. Our service providers operate in the following regions:

  • Supabase (AWS) — Database infrastructure in the United States
  • xAI — AI processing in the United States
  • RevenueCat — Subscription data processing in the United States
  • OpenAI — Voice transcription processing in the United States

Where data is transferred internationally, we ensure appropriate safeguards are in place, including data processing agreements with our service providers, to protect your data in accordance with applicable data protection laws including GDPR.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the "Last Updated" date at the top of this page
  • For material changes that affect how we handle your personal data, we will provide notice through the app or via email at least 30 days before the changes take effect
  • Your continued use of WhatsGen after changes take effect constitutes your acceptance of the updated policy

We encourage you to review this Privacy Policy periodically.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Yap Studios

Email: support@whatsgen.app

We aim to respond to all privacy-related inquiries within 30 days. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.