← Back to Whacka

Privacy Policy

Last updated: March 20, 2026

This Privacy Policy describes how Whacka (“we,” “us,” or “our”) collects, uses, and protects your information when you use our service at whacka.app (the “Service”).

1. Information We Collect

Information You Provide

  • Account information: email address, display name, username (handle), and avatar.
  • Authentication credentials: password (stored securely via Supabase Auth) or Google OAuth tokens.
  • Payment information: processed by Stripe; we store your Stripe customer ID but do not directly store credit card numbers.
  • Content you create: app descriptions, published apps, comments, and profile information.

Information Collected Automatically

  • Usage data: pages visited, features used, app generation requests.
  • Device information: browser type, operating system, screen size.
  • Push notification tokens: if you opt in to push notifications.

Information from Third Parties

  • Google OAuth: if you sign in with Google, we receive your email address and profile information as authorized by you.

2. How We Use Your Information

We use your information to:

  • Provide and maintain the Service.
  • Process app generation requests using AI services.
  • Process payments and manage subscriptions.
  • Send transactional emails (account verification, password reset).
  • Send push notifications (if opted in).
  • Display your profile and published apps to other users.
  • Enable social features (likes, comments, follows, bookmarks).
  • Improve the Service and develop new features.
  • Prevent fraud and enforce our Terms of Service.

3. AI Processing

  • Your app descriptions and prompts are sent to third-party AI services (Anthropic Claude, OpenAI) to generate application code.
  • We do not use your prompts or generated content to train our own AI models.
  • Third-party AI providers may have their own data processing policies.

4. Data Sharing

We do not sell your personal information. We share data only with:

  • Supabase: database hosting and authentication.
  • Stripe: payment processing.
  • AI providers (Anthropic, OpenAI): to process app generation requests.
  • Google: if you use Google OAuth for authentication.
  • Law enforcement: when required by law or to protect rights and safety.

5. Published Apps and Public Data

  • When you publish an app, its name, description, icon, and your profile (name, handle, avatar) are publicly visible.
  • Social interactions (likes, comments) are visible to other users.
  • Your follower/following counts and total likes are publicly visible on your profile.

6. Data Within Published Apps

  • Published apps may collect and store data from their end users (“App Data”).
  • App Data is stored in our database and is accessible to the app owner.
  • App owners are responsible for informing their end users about data collection within their published apps.

7. Push Notifications

  • We use web push notifications to inform you about social interactions, app updates, and platform announcements.
  • You can opt in or out of push notifications at any time through your notification preferences.

8. Data Security

  • We use industry-standard security measures to protect your data.
  • Passwords are hashed and never stored in plain text.
  • Data is transmitted over encrypted connections (HTTPS).
  • Database access is controlled through Row Level Security (RLS) policies.

9. Data Retention

  • Account data is retained as long as your account is active.
  • Upon account deletion, your personal data will be removed within 30 days.
  • Published apps may be retained for a reasonable period after account deletion to prevent disruption to end users.
  • Payment records may be retained as required by law.

10. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate personal data.
  • Request deletion of your account and personal data.
  • Export your data.
  • Opt out of non-essential communications.
  • Withdraw consent for push notifications.

To exercise these rights, contact us at wow@whacka.app.

11. Children’s Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover such data has been collected, we will delete it promptly.

12. Cookies and Local Storage

  • We use browser local storage and cookies for authentication session management.
  • We do not use third-party tracking cookies for advertising.

13. International Data Transfers

Your data may be processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification.

15. Contact

If you have questions about this Privacy Policy, please contact us at wow@whacka.app.

© 2026 Whacka. All rights reserved.

Terms of Service →