Privacy Policy
This Privacy Policy explains how Who's In Labs, LLC, an Illinois limited liability company ("Who's In Labs," "we," "us," or "our"), collects, uses, shares, and protects information when you use the Whosly™ app and whosly.app (collectively, the "Service"). By using the Service, you agree to this Policy. If you do not agree, do not use the Service.
1. Information We Collect
We collect the following categories of information, directly from you, automatically through your use of the Service, and from third parties such as our service providers and partners:
- Account & profile information — your name, an identifier from Sign in with Apple, an optional phone number, and an optional profile photo, so friends' invitations can find you and so people on a plan can recognize you.
- Plans & activity — the plans you create or join, invitations, RSVPs, comments, votes, saved places, notes, lists, ticket notes, groups and shared circles (including circle chat messages and any "who's around" status you post), templates, settings, and — only if you opt in — your arrival at an event.
- Web RSVPs — if you respond to a plan from a web invite link without the app, the first name, last name, and phone number you enter, plus any comment you leave (which posts to the plan's chat). We use them to record and display your response, to let you update it later from any device, and to let the plan's host see who is coming and reach you about the plan.
- Website waitlist — if you join our launch waitlist on whosly.app, the email address you submit. We use it only to notify you when the app launches; it is not linked to any app account, and deleting an app account does not remove it. To have it removed, email admin@whos-in-labs.com.
- Contacts — if you invite people from your address book, we access contacts on your device so you can pick them; the contacts you add are stored privately with your account so they follow you to your other devices — only you can access them, and they are never shared with other users. We do not bulk-upload your address book. For contact matching, our directory stores your name, identifier, optional photo, and a one-way hash of your phone number — never your raw number.
- Location information — if you allow it, we use your device location (which may include precise location, treated as "sensitive") to suggest nearby places, recommend a local starter pack, support maps and directions, and tailor suggestions to your area — generally only while the app is open — and, only if you turn on arrival sharing for a specific plan, to detect when you reach that plan's venue and let your group know. Arrival detection may use your location in the background until the plan ends or you turn sharing off; it watches only that plan's venue, and your exact location is never stored. When location is granted, we also derive and store your general location — your city, state, and country only, never your coordinates — to tailor recommendations to your area and decide which city packs to build — our own first-party use; we do not use it to track you or share it with advertisers or data brokers. If you turn off "Personalized recommendations" in the app's Settings, we stop collecting your general location and delete the general location we've stored. You can revoke location access at any time in iOS Settings. We may also infer approximate location from your IP address.
- Purchase information — records of in-app purchases and subscriptions (processed by Apple; we do not receive your full payment card details).
- AI feature inputs — text and context you submit to AI-assisted lookup or place import are sent to our proxy and AI provider to generate a response.
- Device, usage & identifiers — IP address, device and app information, identifiers, diagnostics, log data, approximate location, cookies and similar local-storage technologies (on the website), and information about how you interact with the Service.
- Inferences — characteristics, interests, and preferences we derive from the above to personalize content and recommendations (such as which places and city packs to suggest).
2. How We Use Information
We use information for the following purposes:
- Provide, operate, maintain, secure, and support the Service — create and show plans, deliver invitations and RSVPs, match invitations to the right people, power places and AI features, and send notifications you've enabled.
- Personalize your experience and improve, develop, and analyze the Service and build new features and products.
- Recommend content, places, venues, events, and businesses to you — and decide which city packs and features to build.
- First-party analytics — to understand how the Service is used and improve it, using aggregated and de-identified data where we can. We do not use your information for third-party or cross-app targeted advertising.
- Conduct research and analytics, including aggregated and de-identified analysis.
- Protect the Service and our users, detect and prevent fraud and abuse, enforce our Terms, and comply with law.
- Communicate with you about the Service, and with your consent where required.
3. Recommendations & Analytics — We Don't Track You
We use your information only for our own first-party purposes — to tailor recommendations and decide which city packs and features to build. We do not track you: we do not link your information with data from other companies' apps or websites for advertising, we do not share your information with data brokers, and we do not sell it or share it for "targeted advertising" or "cross-context behavioral advertising." Our analytics are first-party and privacy-respecting (including aggregated and de-identified data). If we ever introduce third-party advertising or tracking, we will update this Policy first and provide the choices the law requires (including, on iOS, an App Tracking Transparency prompt).
4. How We Share Information
- With people on your plans — your name, photo, RSVP status, comments, votes, and (if enabled) arrival are visible to others on the same plan, including people who RSVP through a web link. If you join a shared circle, its name and member list, the messages you post in its chat, and any "who's around" status you set are visible to that circle's members.
- Service providers — Apple (sign-in, notifications, payments), Cloudflare (hosting and database), Anthropic (AI features), and Apple Maps (places and directions) — which process information on our behalf.
- Legal, safety & rights — when we believe it is required by law, legal process, or to protect the rights, safety, or property of users, the public, or Who's In Labs, LLC.
- Business transfers — in connection with a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred to the successor.
- With your direction or consent — when you ask us to share, or otherwise with your consent.
We do not sell your personal information, and we do not share it with advertisers or data brokers or for targeted/cross-context behavioral advertising. We use first-party analytics only.
5. Phone Numbers
Your phone number is used to match invitations to your account. In our directory, numbers are matched using a one-way hash rather than stored in the clear, and we never return a raw number to other users.
6. AI Features
When you use AI-assisted lookup or place import, the text and context you enter are sent to our AI provider (Anthropic) to generate results. Please do not enter sensitive information you do not want processed by those services.
7. Cookies & Tracking Choices
On the website we use only essential cookies (for example, to remember team access to a pre-launch preview of the site) — no third-party advertising cookies. Our analytics are cookieless and first-party. You can control cookies through your browser and manage tracking permissions in your device settings. Because we do not sell or share personal information or use it for cross-context behavioral advertising, a Global Privacy Control (GPC) signal has no sale or share to act on.
8. Data Retention & Deletion
We keep information while your account is active or as needed to provide the Service, comply with law, resolve disputes, and enforce our agreements. You can delete plans you host, and you can delete your account in Settings → Account → Delete account, which removes your profile, directory listing, and associated data from our active systems. Some information may remain on other participants' devices or in records they created (such as their RSVPs or comments), and we may retain de-identified or aggregated data. To keep one-time promotional credits one-time, we also retain a minimal, anonymized fraud-prevention record of any free AI credits you have already used — a one-way hash derived from your Sign in with Apple identifier (never the identifier itself) plus the usage counts, nothing else — so deleting and recreating an account does not reset them. To request deletion or a copy of your data, email admin@whos-in-labs.com.
9. Security
We use reasonable technical and organizational measures to protect information, including encryption in transit and storing your account identifier in your device's Keychain. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
10. Children
The Service is intended for adults and is not directed to children. We do not knowingly collect personal information from anyone under 18 (and specifically anyone under 13). If you believe a minor has provided us information, contact us and we will delete it.
11. Your Choices & Rights
You can control contacts, location, photos, calendar, and notification permissions in your device settings, manage notification preferences in the app, turn off arrival sharing per plan, turn off "Personalized recommendations" in the app's Settings → Privacy (which stops general-location collection and deletes what we've stored), and remove your profile photo. Depending on where you live, you may also have the rights described below.
12. Your U.S. State Privacy Rights
Residents of California, Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive privacy laws may have some or all of the following rights, subject to that law's limits and exceptions:
- Know/Access — the categories and specific pieces of personal information we collect, use, and disclose.
- Delete — request deletion of your personal information.
- Correct — request correction of inaccurate personal information.
- Portability — obtain a copy in a portable format.
- Opt out — of the "sale" or "sharing" of personal information, of targeted/cross-context behavioral advertising, and of certain profiling. We do not do these, so there is currently nothing to opt out of.
- Limit sensitive information — limit our use of sensitive personal information (such as precise geolocation) where applicable.
- Non-discrimination — we will not discriminate against you for exercising these rights.
To exercise any of these rights, email admin@whos-in-labs.com (because we do not sell or share personal information or use it for targeted advertising, a GPC signal has nothing to opt out of). We will verify your request as required by law, and you may use an authorized agent. If we deny your request, you may appeal by replying to our response; where applicable you may also contact your state attorney general. California's "Shine the Light" law: you may request information about disclosures to third parties for their direct marketing.
13. Illinois & Biometric Information
We are based in Illinois, United States, and your information is processed in the United States. We do not collect, capture, use, store, or sell biometric identifiers or biometric information as defined by the Illinois Biometric Information Privacy Act (BIPA). Profile photos are used only to display your avatar and are not used for facial recognition or biometric identification.
14. Changes
We may update this Policy from time to time. We will revise the "Last updated" date above and, for material changes, provide notice where appropriate.
15. Contact
Questions about your privacy, or to exercise your rights? Contact Who's In Labs, LLC at admin@whos-in-labs.com.