Privacy Policy
Last updated: April 10, 2026This Privacy Policy ("Policy") describes how Whenote Tecnologia Ltda. ("Company", "we", "us", "our") collects, processes, stores, and shares the personal data of users of the Whenote platform and mobile application ("Platform"). This Policy applies globally and complies with: (a) the Brazilian General Data Protection Law — LGPD (Law No. 13,709/2018); (b) the General Data Protection Regulation of the European Union — GDPR (Regulation EU 2016/679); (c) the California Consumer Privacy Act and California Privacy Rights Act — CCPA/CPRA (California Civil Code §§ 1798.100–1798.199.100); (d) the Brazilian Internet Civil Framework (Law No. 12,965/2014); and (e) the U.S. Children's Online Privacy Protection Act — COPPA (16 CFR Part 312). The Company acts as Data Controller (LGPD Art. 5 VI / GDPR Art. 4(7)) and as a "Business" under CCPA.
For the purposes of this Policy: "Personal Data" means any information relating to an identified or identifiable natural person (LGPD Art. 5 I / GDPR Art. 4(1)); "Personal Information" (PI) has the meaning defined in CCPA § 1798.140(v); "Processing" means any operation performed on personal data (LGPD Art. 5 X / GDPR Art. 4(2)); "Data Subject" or "Consumer" means any natural person whose personal data is processed; "Controller" means the entity that determines the purposes and means of processing; "Processor" or "Operator" means the entity that processes data on behalf of the Controller; "Sensitive Personal Data" means data concerning racial or ethnic origin, religious belief, political opinion, health, sexual life, or biometric/genetic data (LGPD Art. 5 II / GDPR Art. 9).
(a) Registration Data: full name, display name, email address, username, profile photo (optional), and biographical text (optional). (b) User-Generated Content: letters (text, title, emotional state), handwritten letter images (captured via camera), voice messages (up to 1 minute, captured via microphone), time capsules (text, theme, photos), comments on public letters, and optional music links. (c) Precise Location Data (opt-in): when you choose to attach a location to a letter or capsule, we collect your precise GPS coordinates (latitude and longitude) and the timestamp of capture. You may also enable a proximity requirement (approximately 10 meters) for the recipient to open the letter. Location collection is always optional and requested per letter or capsule — we never collect location data in the background. (d) Technical and Device Data: IP address, device identifier, operating system, app version, push notification token (Firebase Cloud Messaging), device platform (Android/iOS/web), preferred locale, and access logs pursuant to Article 15 of the Internet Civil Framework. (e) Analytics Data: usage events (letters created, opened, shared; capsules created, opened; feed views; likes, comments, follows; profile views; theme and language changes), screen views, and crash/error reports, collected via Firebase Analytics and Firebase Crashlytics. (f) Social Data: follower/following relationships, user blocks, likes on public letters, and comments. (g) Billing Data: when subscription features are enabled, we store your Stripe customer identifier, subscription identifier, subscription tier (free/plus/pro), and subscription status. Payment card details are processed and stored exclusively by Stripe and never touch our servers. (h) Moderation Data: content reports submitted by users, AI moderation analysis results, human moderation review records, and moderation incident logs. (i) Communication Data: product feedback messages and support requests. (j) Gamification Data: badge unlock records and in-app notification history. For CCPA purposes, categories of PI collected in the preceding 12 months include: identifiers; internet/electronic network activity; geolocation data; audio/visual information; and personal information inferred from content you create.
(a) Directly from you: when you create an account, write letters or capsules, upload photos or voice messages, grant location permission, submit feedback, post comments, or interact with other users. (b) Automatically: device and technical data, analytics events, crash reports, and push notification tokens are collected automatically when you use the Platform, through Firebase SDKs integrated into the app. (c) From third parties: payment status updates from Stripe (via webhooks) when subscription features are active; device attestation from Firebase App Check.
Under the LGPD (Art. 7) and GDPR (Art. 6), we process your data based on: (a) Consent — expressed at registration; for optional features, consent is obtained at the moment of use. (b) Contract Performance — necessary to provide Platform services. (c) Legitimate Interest — Platform improvement, fraud prevention, content moderation, security, and analytics. (d) Legal Obligation — retention of access logs, compliance with court orders. Under CCPA, collection and use of PI is disclosed in Sections 2, 6, and 8. We do not use sensitive personal information beyond what is permitted by CCPA § 1798.121.
We process your personal data for: (i) providing Platform services; (ii) personalizing your experience; (iii) sending service-related notifications; (iv) content moderation; (v) analytics and improvement; (vi) fraud prevention and security; (vii) processing payments (when enabled); (viii) legal compliance; (ix) exercise of rights in proceedings. We do not use your data for third-party advertising or sale to data brokers.
The Platform uses automated content moderation powered by AI (OpenAI Moderations API) to analyze text content for potentially harmful material. This system may allow, warn, or block content based on risk scores. When human moderation is enabled, flagged content is queued for manual review. You have the right to contest automated moderation decisions (GDPR Art. 22 / LGPD Art. 20) by contacting privacy@whenote.app.
We do not sell, rent, or trade your personal data. For CCPA purposes: we have not sold or shared consumers' personal information in the preceding 12 months. Data is shared with: (a) Google LLC / Firebase — cloud infrastructure, analytics, crash reporting, push notifications, authentication, App Check; (b) OpenAI, Inc. — text-only content moderation (no user identifiers sent); (c) Twilio Inc. (SendGrid) — invitation emails for external letter recipients; (d) Stripe, Inc. — payment processing (card data never touches our servers); (e) Google Fonts — font serving; (f) Public authorities when required by law; (g) Successor entity in corporate transactions.
Your data is stored on Google Cloud Platform servers, which may be located outside your country. Transfers comply with LGPD Art. 33 (ANPD-approved SCCs), GDPR Chapter V (European Commission SCCs, Decision 2021/914), and contractual commitments for US-based processors.
Account/profile: until deletion. Letters/capsules: until deletion or account anonymization. FCM tokens: overwritten on login, deleted with account. Location data: opt-in only, deleted with account. Billing data: deleted with account (Stripe retains per its policy). Reports: anonymized 90 days post-resolution. Feedback: anonymized after 1 year. Moderation logs: 2 years. Analytics: 14 months (Firebase default). Audit logs: 3 years (hashed IDs, no PII). Access logs: 6 months.
LGPD (Brazil — Art. 18): confirmation, access, correction, anonymization, portability, deletion, information on sharing, consent revocation. Response: 15 business days. Complaint: ANPD (gov.br/anpd). GDPR (EU/EEA — Arts. 15–22): access, rectification, erasure, restriction, portability, objection, automated decision rights, consent withdrawal. Response: 30 days. Complaint: local supervisory authority. CCPA/CPRA (California): Right to Know, Right to Delete (45 days), Right to Correct, Opt-Out of Sale/Sharing (we do not sell), Limit Use of Sensitive PI, Non-discrimination, authorized agent. Exercise via: Settings > Data and Privacy, or email privacy@whenote.app / privacidade@whenote.app.
Delete your account via Settings > Data and Privacy > Delete Account. Two modes: (a) Delete All — permanently removes everything; (b) Anonymize — preserves letters for recipients with your name replaced by "Deleted user". In both modes: Stripe subscriptions are cancelled, an audit log is recorded (no PII), and deletion is irreversible.
Export your data via Settings > Data and Privacy > Export My Data. The export includes profile, letters, capsules, comments, likes, followers, and badges as a ZIP archive (JSON + media files). Manual exports available via privacidade@whenote.app.
Whenote is not directed at children under 13. We do not knowingly collect data from children under 13 (COPPA). Users must confirm they are 13+ during registration. Parents may contact privacidade@whenote.app to request deletion of a child's data.
We implement: TLS 1.3 encryption in transit, encryption at rest, Firebase App Check, role-based access control, Firestore Security Rules, and continuous monitoring. Breach notification: 72 hours to supervisory authority (GDPR Art. 33), reasonable time to ANPD (LGPD Art. 48), California consumers per Cal. Civ. Code § 1798.82.
No traditional cookies. Firebase Analytics (anonymous usage events, 14-month retention), Firebase Crashlytics (crash reports), and Firebase App Check (device integrity) are used for operation and security only. No advertising tracking. We honor Global Privacy Control (GPC) signals under CCPA.
Material changes: 15 days advance notice via in-app notification and/or email. Changes requiring consent will request explicit re-consent. Previous versions available upon request.
DPO: dpo@whenote.app Privacy (Portuguese): privacidade@whenote.app Privacy (English): privacy@whenote.app Legal: juridico@whenote.app Support: suporte@whenote.app Brazil: ANPD — gov.br/anpd EU/EEA: Local supervisory authority California: Attorney General — oag.ca.gov/privacy Whenote Tecnologia Ltda.
Esta Politica de Privacidade ("Politica") descreve como a Whenote Tecnologia Ltda. ("Empresa", "nos") coleta, trata, armazena e compartilha os dados pessoais dos usuarios da plataforma e do aplicativo movel Whenote ("Plataforma"). Esta Politica tem alcance global e esta em conformidade com: (a) LGPD (Lei 13.709/2018); (b) GDPR (Regulamento EU 2016/679); (c) CCPA/CPRA (California Civil Code §§ 1798.100–1798.199.100); (d) Marco Civil da Internet (Lei 12.965/2014); (e) COPPA (16 CFR Part 312). A Empresa atua como Controladora de Dados (LGPD art. 5 VI / GDPR art. 4(7)) e como "Business" nos termos da CCPA. Data de vigencia: 10 de abril de 2026.
"Dados Pessoais": qualquer informacao relacionada a pessoa natural identificada ou identificavel. "Tratamento": qualquer operacao realizada com dados pessoais. "Titular dos Dados" ou "Consumidor": qualquer pessoa cujos dados sao tratados. "Controlador": entidade que determina finalidades e meios. "Operador": entidade que trata dados em nome do Controlador. "Dados Pessoais Sensiveis": dados sobre origem racial, conviccao religiosa, opiniao politica, saude, vida sexual ou dados biometricos/geneticos.
Coletamos: (a) Dados de Cadastro (nome, e-mail, username, foto, bio); (b) Conteudo Gerado pelo Usuario (cartas, imagens manuscritas, mensagens de voz, capsulas, comentarios, links de musica); (c) Localizacao Precisa (GPS opt-in por carta/capsula — nunca em segundo plano); (d) Dados Tecnicos (IP, dispositivo, OS, token FCM, plataforma, idioma, logs); (e) Analytics (Firebase Analytics e Crashlytics); (f) Dados Sociais (follows, bloqueios, curtidas, comentarios); (g) Dados de Cobranca (IDs Stripe — cartao nunca passa por nos); (h) Dados de Moderacao (denuncias, analise IA, revisao humana); (i) Comunicacao (feedback, suporte); (j) Gamificacao (badges, notificacoes).
Para o texto completo em portugues, acesse o app Whenote em Configuracoes > Legal > Politica de Privacidade, ou envie um e-mail para privacidade@whenote.app solicitando o documento completo.
Esta Politica de Privacidad ("Politica") describe como Whenote Tecnologia Ltda. ("Empresa", "nosotros") recopila, trata, almacena y comparte los datos personales de los usuarios de la plataforma y aplicacion movil Whenote ("Plataforma"). Esta Politica tiene alcance global y cumple con: (a) LGPD (Ley 13.709/2018); (b) GDPR (Reglamento UE 2016/679); (c) CCPA/CPRA (California Civil Code §§ 1798.100–1798.199.100); (d) Marco Civil de Internet (Ley 12.965/2014); (e) COPPA (16 CFR Part 312). La Empresa actua como Responsable del Tratamiento (LGPD art. 5 VI / GDPR art. 4(7)) y como "Business" segun la CCPA. Fecha de vigencia: 10 de abril de 2026.
"Datos Personales": cualquier informacion relacionada con una persona identificada o identificable. "Tratamiento": cualquier operacion realizada con datos personales. "Titular de los Datos" o "Consumidor": cualquier persona cuyos datos son tratados. "Responsable": entidad que determina fines y medios. "Encargado": entidad que trata datos en nombre del Responsable. "Datos Personales Sensibles": datos sobre origen racial, convicciones religiosas, opiniones politicas, salud, vida sexual o datos biometricos/geneticos.
Recopilamos: (a) Datos de Registro (nombre, correo, username, foto, bio); (b) Contenido Generado por el Usuario (cartas, imagenes manuscritas, mensajes de voz, capsulas, comentarios, enlaces de musica); (c) Ubicacion Precisa (GPS opt-in por carta/capsula — nunca en segundo plano); (d) Datos Tecnicos (IP, dispositivo, OS, token FCM, plataforma, idioma, registros); (e) Analytics (Firebase Analytics y Crashlytics); (f) Datos Sociales (follows, bloqueos, me gusta, comentarios); (g) Datos de Facturacion (IDs Stripe — tarjeta nunca pasa por nosotros); (h) Datos de Moderacion (denuncias, analisis IA, revision humana); (i) Comunicacion (retroalimentacion, soporte); (j) Gamificacion (insignias, notificaciones).
Para el texto completo en espanol, accede a la app Whenote en Configuracion > Legal > Politica de Privacidad, o envia un correo a privacy@whenote.app solicitando el documento completo.