Privacy Policy

How we handle your data — written so a human can actually read it.

Digitanomics Inc. (“WhisqAI”, “we”, “our”) operates https://whisqai.com and related services. This policy explains, in plain language plus full legal detail, how we handle the information you give us.

1. What we collect

We only collect what we need to run the service:

  • Account info — name, email, and password hash if you create an account.
  • OAuth info — your profile basics (name, email, avatar URL) if you sign in with Google or GitHub.
  • Tool inputs and outputs — whatever you type into a tool, and the numbers we compute back. Stored against an anonymous session ID unless you submit your email.
  • Session data — a random session ID in a cookie, your IP address (hashed before storage), and the country we derive from it.
  • Payment info — Stripe processes any payments; we only see your Stripe customer ID and subscription status. We never see raw card numbers.
  • Analytics — page views and feature clicks via PostHog. No third-party ad tracking.
  • Error logs — stack traces and request context via Sentry, used only for debugging.

2. How we use it

  • Run the platform: serve pages, compute tool outputs, store your projects.
  • Send transactional emails: email verification, password resets, export-ready notices.
  • Send marketing emails you opted into — unsubscribe in one click from any email.
  • Detect abuse: rate limits, Turnstile checks, anti-spam.
  • Comply with the law when we have to.

3. Legal basis (GDPR)

If you’re in the EEA / UK, we process your data under one of these GDPR bases:

  • Contract — to deliver the service you signed up for (Article 6(1)(b)).
  • Consent — for opt-in marketing emails and non-essential cookies (Article 6(1)(a)). Withdraw any time.
  • Legitimate interests — for security, abuse prevention, and basic product analytics (Article 6(1)(f)). We balance these against your rights.
  • Legal obligation — when we have to respond to lawful requests.

4. Sharing and sub-processors

We don’t sell your data. We share it only with vendors that help us run the service, each under their own privacy commitments:

  • Neon — database hosting (US)
  • Vercel — application hosting (US/EU)
  • Resend — transactional email (US)
  • Stripe — payment processing (US)
  • Cloudflare — CDN, R2 object storage, Turnstile bot protection
  • Upstash — Redis cache and background job queue (US)
  • PostHog — product analytics
  • Sentry — error tracking

We may also disclose information if required by law or to protect rights, property, or safety.

5. How long we keep it

  • Account data — while your account is active; deleted within 30 days of account deletion.
  • Tool inputs/outputs — 24 months, then purged.
  • Anonymous aggregate data— kept indefinitely (it can’t be tied to you).
  • Error logs — 90 days.
  • Billing records — 7 years (tax-law requirement).

6. Your rights

Depending on where you live (GDPR, UK GDPR, CCPA, etc.) you may have the right to:

  • Access what we hold about you
  • Correct anything inaccurate
  • Delete your data (the “right to be forgotten”)
  • Export your data in a portable format
  • Object to processing or restrict it
  • Withdraw consent for marketing at any time
  • Lodge a complaint with your local data-protection authority

To exercise any of these, email privacy@whisqai.com from the address on file. We respond within 30 days at no cost.

7. Security

We use industry-standard safeguards: HTTPS everywhere, encryption at rest, hashed passwords, scoped API keys, rate limiting, and least-privilege access. No system is perfectly secure, but we take this seriously and disclose breaches as required by law.

8. International transfers

Our infrastructure is primarily in the US and EU. If you’re outside these regions, your data may be processed in either. We rely on Standard Contractual Clauses with our sub-processors when transferring out of the EEA / UK.

9. Children

WhisqAI is not directed at people under 16. We don’t knowingly collect data from children. If you believe a child has provided data, email privacy@whisqai.comand we’ll delete it promptly.

10. Changes and contact

We may update this policy. When we do, we’ll bump the “Last updated” date at the top and, for material changes, notify you by email. Questions or requests: privacy@whisqai.com.