Privacy policy
Effective 5 July 2026
The short version: Whenabouts has no user accounts, no ads, no analytics, and no tracking. The only things our server stores are the nickname and avatar you pick, the games you play, and — if you turn on notifications — a push token. Everything is deleted automatically on a short schedule, and we never sell or share your data with anyone.
What this policy covers
This policy applies to the Whenabouts mobile app for iOS and Android and the websites at whenabouts.app and join.whenabouts.app. The service is operated by the Whenabouts developer (“we”), reachable at admin@whenabouts.app.
What we store, and why
- Your guest profile. There are no accounts. When you first open the app you choose a nickname (up to 24 characters) and an animal avatar from a fixed set. That is the entire profile — no email address, no phone number, no password, no real name. It exists so other players can see who they are playing with, and you can change it at any time in the app.
- Game data. The games you host or join: the join code, game settings, whose turn it is, card placements, and results. This is the game itself — the server needs it to referee the rules and to show the same game to every player in it.
- A push token (optional). If you enable notifications, the app registers a device push token with our server so we can tell you when it’s your turn in an online game. The token is used for nothing else and is write-only — it is never exposed back through the API. Declining or revoking notification permission unregisters it, and the token is deleted with your guest profile.
- Technical logs. Like nearly every web server, ours keeps short-lived operational logs (such as IP address and request path) used solely to run and secure the service. They are not linked to your game profile and are not used for analytics.
What we don’t do
- No advertising and no ad networks.
- No analytics or tracking SDKs — the app contains no third-party trackers.
- No selling, renting, or sharing of data with data brokers. Ever.
- No profiling, and no linking of your play data to your identity — we never learn who you are.
Who processes data on our behalf
Game data lives on our own server infrastructure — not on a third-party analytics or advertising platform. One exception exists, and only if you enable notifications: push messages are delivered through Google Firebase Cloud Messaging (and, on iOS, Apple’s Push Notification service), which handle your device token as part of delivering the notification. If you never enable notifications, nothing about you touches these services.
How long we keep things
Deletion is automatic and runs on the server every day:
| Data | Deleted |
|---|---|
| Game lobbies that never start | after 24 hours |
| Finished games | 7 days after they end |
| Abandoned games | 30 days after the last activity |
| Guest profiles (nickname, avatar, push token) | 90 days after your last activity, once your games have expired |
In other words: stop using the app, and within about three months nothing about you remains.
Your choices and rights
- Notifications are optional; you can revoke them in your device settings at any time, which also unregisters the push token from our server.
- Nickname and avatar can be changed in the app whenever you like.
- Deletion on request: everything expires automatically on the schedule above, but if you want your data gone sooner, email us and we will delete it. Depending on where you live (for example under the GDPR), you may also have formal rights to access, correct, or erase your data — the same email address handles all of these.
Children
Whenabouts is a general-audience trivia game. It has no ads, no chat with strangers, no purchases, and collects nothing beyond the nickname and avatar described above, regardless of the player’s age.
Changes to this policy
If the app ever starts collecting something new, we will update this page and change the effective date at the top before the change ships.
Contact
Questions, requests, or complaints: admin@whenabouts.app.