Privacy Policy

Analytics

Anonymous Analytics: We use Plausible.io for analytics to improve Whispeer. Plausible is GDPR compliant and now focuses exclusively on tracking anonymized page view events on the message viewing page, using techniques that do not log any personal data. This adjustment in our analytics approach allows us to understand app usage while fully respecting user privacy, eliminating the need for user consent for tracking.

Aggregate Data Collection

General Statistics: Whispeer collects aggregate data such as the total number of messages created, the number of messages expiring soon, and the total view count of all messages. This information is used to provide statistical insights on our homepage and enhance user experience. Importantly, this data is purely statistical and does not include any personal or identifiable information about our users.

No Logging of Personal Data

Respecting Privacy: While we track anonymized usage data for analytics, we do not log any personal data or content of your messages. Your privacy and the confidentiality of your messages are our top priorities.

Message Handling and Deletion

Automatic Deletion: Messages in Whispeer are automatically deleted after 24 hours. This process ensures that your messages are not stored on our servers beyond this time frame.

Data Management

Non-Personal Data Handling: In order to ensure the uniqueness of each message's ID, which forms part of the URL used by users to access their messages, Whispeer employs a system of randomly generated IDs. These are stored in a dedicated 'archived_ids' database table. These IDs are essential for operational purposes, helping to maintain the integrity and performance of our messaging service. Importantly, these IDs do not contain any personal data and cannot be linked back to individual users, ensuring that your privacy is always protected.

Encryption and Security

Client-Side Encryption: Whispeer ensures your security by encrypting messages directly on your device. When you choose the "Secure Message" option while creating a message, the encryption is performed client-side. Consequently, only the encrypted form of your message is stored in our database, maintaining its confidentiality.

Non-Encrypted Messages: If the "Secure Message" option is not selected, the message will be saved as plain text in our database. We recommend using the "Secure Message" option for sensitive communications.

Encryption Techniques: Whispeer uses AES encryption for messages, uniquely encrypting each message with a passphrase.

Encryption Process: The process involves generating a random salt and initialization vector (IV) for each encrypted message, ensuring enhanced security.

Passphrase-Based Encryption: The encryption key is derived from your passphrase using PBKDF2, further securing each message.

CBC Mode and Pkcs7 Padding: We use Cipher Block Chaining (CBC) mode and Pkcs7 padding for encryption, adhering to strong cryptographic standards.

User Responsibilities

Passphrase Security: We encourage users to use strong, unique passphrases for encrypting messages. The security of encrypted messages also depends on the strength and confidentiality of the passphrase.

Cautious Sharing: Always be careful when sharing encrypted messages and passphrases to maintain privacy and security.

Updates and Feedback

Policy Updates: We may update this Privacy Policy from time to time. Users will be notified of significant changes.

Open Communication: Your feedback is important to us. Feel free to reach out with any concerns or suggestions regarding our privacy practices.

Last updated: Feb 20th, 2024