WheraLegal

Privacy Policy — Beta Outline

BETA VERSION — This document is provided for use during Whera's private beta testing period. It is substantially complete but has not yet undergone final legal review. This version is not intended for public distribution. A finalized version will be published before public launch.

Effective date: Effective upon acceptance during private beta period Entity: Whera LLC, a Wyoming limited liability company Last updated: 2026-02-07

Design Principles for This Policy

This policy should be a competitive advantage, not boilerplate. Whera's privacy policy should:

  • Be readable at an 8th-grade level — no legalese walls
  • Include a plain-English summary at the top
  • Use tables for data inventory (what, why, how long)
  • Clearly distinguish between the two privacy modes
  • State what we don't do as prominently as what we do
  • Be short enough that someone would actually read it

1. Plain-English Summary (Top of Published Policy)

Before the full legal text, lead with a human-readable summary:

The short version:

  • Whera is a family location sharing app. We need your location to do our job — share it with your family.
  • In Enhanced Privacy mode, your location is end-to-end encrypted. We literally cannot see it. Not our servers, not our employees, not anyone but your family group.
  • In Enhanced Features mode, our servers process your location to power features like geofence alerts, crash detection, and driving reports. We still never sell, rent, or share your location data with anyone.
  • We do not sell your data. Not to advertisers, not to data brokers, not to anyone. Ever.
  • We show ads to free-tier users. These are contextual ads, not based on your location or behavior.
  • You can delete your account and all your data at any time from the app.
  • We collect the minimum data necessary to provide the service.

In short: We only collect the data we need to keep your family connected. Your location is either end-to-end encrypted (so we can't see it) or processed on our servers to give you alerts and insights. We never sell or share that data with advertisers, data brokers, or anyone else. You can delete your account—and all your data—anytime.

Our Privacy Commitments

These are not just policies — they are promises we make to every Whera user:

  • We will never sell your location data. Not to advertisers, not to data brokers, not to anyone. This is not a "for now" statement — it is a foundational principle of this company.
  • We will never show location-based ads. Free-tier ads are contextual only. Your location, behavior, and movement patterns are never used for ad targeting.
  • We will never provide insurers with your movement history. Your driving data, location trails, and crash reports belong to you and your family — not third parties.
  • We will notify you of government data requests unless legally prohibited. If law enforcement requests your data, we will tell you, unless a court order specifically prevents us from doing so.
  • We will always offer an end-to-end encrypted mode. You should always have the option to use Whera in a way where even we cannot see your location.

If we ever break these commitments, you should leave — and tell everyone why.

App Store Privacy Summary

TL;DR for App Store Reviewers and Users:

  • We collect precise location only to provide family and friends location-sharing features.
  • We do not track you across apps or websites.
  • We do not sell your data to anyone.
  • We do not use your data for advertising profiles or behavioral targeting.
  • You can delete your account and all your data at any time from the app.

This summary aligns with the data disclosures in our Apple App Store Privacy Nutrition Label and Google Play Data Safety section.

2. Introduction

This Privacy Policy explains how Whera LLC ("Whera," "we," "us," "our") collects, uses, stores, and protects your information when you use the Whera mobile application and related services (the "Service").

By using Whera, you agree to the collection and use of information as described in this policy. This policy should be read alongside our Terms of Service.

3. Information We Collect

3A. Information You Provide

Data Purpose Required?
Email address Account creation, login, communications Yes
Display name Shown to group members Yes
Profile photo Shown to group members No
Password (hashed) Authentication Yes
Group names Group identification Yes
Geofence/zone names and locations Alert functionality No (user-created)
Emergency contact info SOS feature No
Payment information Subscription billing No (free tier requires none)

Note on payment data: We do not store credit card numbers. Payment is processed by Stripe, Apple, or Google. We receive only a subscription status confirmation and transaction ID.

3B. Information Collected Automatically

Data Purpose Retention
Precise GPS location Core service — sharing with your groups Per tier (2–365 days), then deleted
Device type and OS version App compatibility, bug fixes 90 days (in logs)
App version Compatibility, update prompts 90 days (in logs)
IP address Security, rate limiting, abuse prevention 90 days (in logs)
Crash logs Bug fixing, stability 90 days
Battery level Shown to group members, low-battery alerts Not retained (real-time only)
Timestamps Location history, alert timing Matches location retention

What we do NOT collect:

  • Contacts or address book
  • Call or text message logs
  • Browsing history
  • Photos or media (beyond optional profile photo)
  • Advertising identifiers for tracking purposes
  • Health or fitness data
  • Microphone or camera data
  • Data from other apps

3C. Location Data — Special Section

Location data is the core of Whera's service and deserves detailed explanation.

When is location collected?

  • Only when you have enabled location sharing in at least one group
  • Collected in the background (with your permission) to keep your family updated when the app isn't open
  • You can pause sharing at any time, per group or globally

How precise is it?

  • GPS-level precision (typically within 5–20 meters)
  • We do not collect coarse/approximate location separately — if you share, you share precise location

How is it handled in each mode?

Aspect Enhanced Privacy Enhanced Features
Encrypted on device before upload? ✅ Yes (E2E) ❌ No (encrypted in transit via TLS)
Whera servers can read it? ❌ No ✅ Yes
Used for server-side alerts? ❌ No ✅ Yes (geofences, crash, speed)
Stored encrypted at rest? ✅ (ciphertext only) ✅ (AES-256 at rest)
Included in data export? ✅ (encrypted — you decrypt locally) ✅ (plaintext to you)
Recoverable if you lose keys? ❌ No — permanently inaccessible ✅ Yes

Location history retention:

Tier Retention Period
Free 24 hours
Standard 30 days
Premium 90 days
Teams/Enterprise 365 days

After the retention period, location history is automatically deleted. You can manually delete history at any time.

4. How We Use Your Information

Legal bases under GDPR:

  • Performance of contract — providing the core location-sharing service (including Enhanced Privacy mode, where location data is end-to-end encrypted and never processed by our servers), sending service-related communications, and processing payments.
  • Explicit consent — enabling Enhanced Features mode, which requires our servers to process your plaintext location data for geofence alerts, crash detection, driving reports, and similar features. This consent is revocable at any time by switching back to Enhanced Privacy mode in the app. Revoking consent disables server-side features but does not affect your core location-sharing service.
  • Legitimate interests — fraud prevention, abuse detection, and improving the app (only when the interest does not override your privacy rights). We do not rely on legitimate interests for location data processing.
  • Consent — opting into contextual ads (where required by local law).

We do NOT use your information for:

  • Selling to third parties
  • Behavioral advertising or profiling
  • Building advertising profiles
  • Data brokerage
  • Training AI/ML models on your personal location data
  • Any purpose not listed above

5. Who We Share Your Information With

5A. Your Family Groups

  • Your location is shared with the members of groups you have joined. This is the core service.
  • You control group membership and can leave any group at any time.

5B. Service Providers (Data Processors)

We use the following third-party services to operate Whera. These providers process data on our behalf under contract and may not use it for their own purposes.

Provider Purpose Data Accessed Location
Amazon Web Services (AWS) Cloud infrastructure, data storage All server-side data US (us-west-2)
Stripe Payment processing (web subscriptions) Email, payment status (not card numbers) US
Apple App distribution, IAP billing Apple ID, payment status US
Google App distribution, Play Billing Google account, payment status US
[Push notification service] Delivering alerts Device tokens, notification content US
[Error tracking — e.g., Sentry] Crash reports, bug fixing Device info, stack traces (no location) US

5C. Who We NEVER Share With

  • Advertisers — We do not run ads on any tier and do not share any user data with advertisers.
  • Data brokers — We do not sell or provide data to data brokers. Period.
  • Insurance companies — We do not share driving data, crash data, or any user data with insurers.
  • Employers — We do not provide data to employers (enterprise tier: the employer-admin sees only what their account is configured to see, per their own agreement with their employees).
  • Other users — Your data is only visible to groups you've joined. No public profiles, no discoverability.

5D. Law Enforcement and Legal Requests

We may disclose information if required by law, subpoena, court order, or other legal process. Our approach:

  • We review every request for legal validity before complying.
  • We will notify you of requests for your data unless legally prohibited from doing so.
  • For Enhanced Privacy (E2E encrypted) data: We can only provide encrypted ciphertext. We do not possess decryption keys and cannot provide plaintext location data.
  • For Enhanced Features data: We can provide location data as required by valid legal process.
  • We will publish a transparency report disclosing the number and type of legal requests received (planned for when volume warrants it).

6. Data Retention

Data Type Retention Period Deletion Trigger
Account information (email, name) Until account deletion User deletes account
Location history Per subscription tier (2–365 days) Automatic after retention period, or manual deletion
Server logs (IP, device info) 90 days Automatic
Crash/error reports 90 days Automatic
Payment records As required by tax law (typically 7 years) Legal requirement
Encrypted location data (E2E mode) Per tier, then deleted Automatic — we cannot read it regardless
Push notification tokens Until app uninstalled or token refreshed Automatic

After account deletion:

  • Personal data is deleted or anonymized within 30 days.
  • Backup systems may retain encrypted copies for up to 30 additional days, after which they are purged.
  • Note on encrypted backups: Encrypted backups of your location data may exist on AWS for up to 30 days after you delete your account. Because the backups are encrypted with a key that never leaves your device, we cannot read the data, and they are automatically purged after the 30-day window. Backups are access-restricted, immutable, and cannot be queried or restored for individual users.
  • Anonymized, aggregated data (e.g., total user counts) may be retained indefinitely but cannot be linked back to you.

7. Data Security

Technical Measures

Measure Implementation
Encryption in transit TLS 1.2+ for all API communication
Encryption at rest AES-256 for all stored data (AWS)
End-to-end encryption Optional per group — device-side encryption with keys never sent to server
Authentication Hashed passwords (bcrypt), token-based sessions
Access control Role-based access, principle of least privilege
Infrastructure AWS with VPC isolation, security groups, no public database access
Monitoring Automated alerting for anomalous access patterns

Organizational Measures

  • Minimal team access to production data.
  • No employee can access E2E encrypted location data (by design, not policy).
  • Security incident response plan documented and maintained.
  • Regular dependency updates and vulnerability scanning.

Breach Notification

If a data breach occurs that affects your personal data:

  • We will notify affected users without undue delay (and within 72 hours for GDPR).
  • We will notify the relevant supervisory authority as required by law.
  • We will describe the nature of the breach, the data affected, and steps we are taking.
  • Our incident response plan includes communication templates for rapid, transparent disclosure.

8. Your Rights

All Users

Right How to Exercise
Access your data Export from app settings or email support@whera.app
Correct your data Edit profile in app
Delete your data Delete account in app settings or email support@whera.app
Pause location sharing Toggle in app (per group or globally)
Leave a group Leave from group settings
Opt out of marketing emails Unsubscribe link in every email

Additional Rights for EU/EEA Users (GDPR)

Right How to Exercise
Data portability Request export in machine-readable format (JSON) via support@whera.app
Restrict processing Email support@whera.app — we will limit processing to storage only
Object to processing Email support@whera.app — we will cease non-essential processing
Withdraw consent Disable location sharing or delete account at any time
Lodge a complaint Contact your local Data Protection Authority

Data export (GDPR Art. 20):

  • For location data stored in Enhanced Privacy mode, we can only provide the encrypted ciphertext together with a short export tool that allows you to decrypt it on your own device.
  • For location data stored in Enhanced Features mode, we can provide a JSON file containing the plaintext records.
  • Export is performed via the "Export My Data" button in the app settings; the file is delivered to the email address on file.

Data Protection Contact: privacy@whera.app EU Representative: In accordance with GDPR Article 27, we have appointed [Name of EU Representative] (address: [EU address]) as our representative for data-protection matters in the European Economic Area. You may contact them at eu-rep@whera.app for any data-protection inquiries.

Additional Rights for California Users (CCPA/CPRA)

Right How to Exercise
Right to know what data is collected This privacy policy; or email privacy@whera.app
Right to delete Delete account in app or email privacy@whera.app
Right to opt out of sale We do not sell your data. No action needed.
Right to non-discrimination We will not penalize you for exercising any right

Do Not Sell or Share My Personal Information: Whera does not sell or share personal information as defined by the CCPA. We include this statement to be explicit, not because we engage in these practices.

Responding to Rights Requests

  • We will respond to verifiable requests within 30 days (45 days if an extension is needed, with notice).
  • We may need to verify your identity before processing a request.
  • There is no fee for exercising your rights.

9. Children's Privacy

  • You must be at least 13 years old to create a Whera account.
  • In EU/EEA countries where the minimum age for data processing consent is higher (up to 16), that higher age applies.
  • Parents can add minor children to their family groups. In this case, the parent's account holds and controls the child's location data. The child does not have an independent account.
  • By adding a child to a group, the parent or legal guardian represents that they have authority to consent to the collection and processing of the child's location data. The parent or guardian is responsible for ensuring compliance with applicable child privacy laws in their jurisdiction.
  • Child profiles are internally flagged for stricter data retention and access controls. Location data associated with a child profile is subject to the same tier-based retention limits but may not be used for any purpose beyond the core location-sharing service.
  • We do not knowingly collect personal information from children under 13 without verifiable parental consent.
  • If we learn that we have collected data from a child under 13 without parental consent, we will delete it promptly. Contact us at privacy@whera.app.

10. Advertising

We serve non-personalized, contextual ads to adult free-tier users only. We do not use your location data, browsing history, or any personal identifiers for ad targeting. Child profiles flagged in the system are never shown ads.

  • Free-tier users see ads. Paid users do not.
  • Ads are contextual (based on app context, not user behavior or location).
  • We do not share your location, behavior, profile, or any personal data with ad networks.
  • We do not use advertising identifiers (IDFA/GAID) for tracking purposes.
  • We do not build advertising profiles about you.
  • If a third-party advertising SDK is found to collect data in a manner inconsistent with this policy, we will remove or replace that provider.

11. Cookies and Website Tracking

In the mobile app: We do not use cookies.

On whera.app (website):

  • We use minimal, privacy-respecting analytics (e.g., Plausible or Fathom — no cookies, no personal data).
  • We do not use Google Analytics.
  • We do not use tracking pixels or retargeting.
  • If we ever add cookies (e.g., for login sessions on the web dashboard), we will update this policy and implement a cookie consent banner where required.

12. International Data Transfers

Whera's servers are located in the United States (AWS us-west-2, Oregon).

If you are located outside the United States, your data will be transferred to and processed in the US. We protect this transfer through:

  • Standard Contractual Clauses (SCCs) as approved by the European Commission, incorporated into our agreements with AWS and other processors.
  • Encryption — data is encrypted in transit and at rest. E2E encrypted data is unreadable by anyone including Whera regardless of where it is stored.
  • Data minimization — we transfer only the data necessary to provide the service.

13. Changes to This Policy

  • We may update this policy from time to time.
  • Material changes (new data collection, new sharing, changes to retention) will be communicated via in-app notification and/or email at least 30 days before taking effect.
  • Minor changes (clarifications, formatting) may be made without notice.
  • The "Last updated" date at the top of this policy will always reflect the most recent revision.
  • Continued use of the service after changes take effect constitutes acceptance, except where applicable law requires explicit consent.
  • Where required by law (including GDPR), we will obtain your explicit consent to material changes before they take effect. If you do not consent, you may continue using the service under the prior version of the policy or delete your account.

14. Contact Us

For privacy questions, data requests, or concerns:

Response time: We aim to respond to all privacy inquiries within 5 business days.

15. Data Protection Impact Assessment (DPIA) Summary

A DPIA has been conducted for Whera's location data processing. Key findings:

Factor Assessment
Nature of processing Continuous location tracking of individuals
Risk level High (sensitive data — location)
Necessity Essential — location sharing is the core service
Proportionality Users opt in, can pause at any time, retention is limited
Mitigation — E2E option Enhanced Privacy mode eliminates server-side risk entirely
Mitigation — access controls Minimal team access, role-based permissions
Mitigation — retention limits Auto-deletion per tier, manual deletion available
Mitigation — transparency This privacy policy, in-app indicators
Residual risk Low for E2E mode; moderate for Enhanced Features mode (mitigated by encryption at rest, access controls, no sharing)