WHOMIPrivacy Policy

Legal

Privacy Policy

Last updated: April 16, 2026

Whomi ("we", "our", "us") operates whomi.page. This policy explains what data we collect, why, and how you can control it. We keep it plain — no legalese.

01Information We Collect

  • Account information: name, email address, and password (hashed) when you sign up.
  • Profile content: bio, links, profile photo, featured project details — everything you choose to add.
  • GitHub data: public repository stats, contribution counts, and language usage if you connect your GitHub account.
  • Payment information: handled entirely by Razorpay. We store only your subscription status and billing email — never your card or UPI details.
  • Usage data: page view counts, link click counts, and referrer domains for your own analytics dashboard. We use no third-party analytics on whomi.page itself.

02How We Use Your Information

  • To render and serve your WHOMI page at your claimed handle.
  • To process subscription payments and send receipts.
  • To display GitHub stats on your page (if connected).
  • To send transactional emails (account creation, payment confirmation, handle changes). We send no marketing emails without explicit opt-in.
  • To debug errors and improve the service. Logs are retained for 30 days then auto-deleted.

03Information We Share

  • We do not sell your personal data — ever.
  • Razorpay processes payments and is subject to their privacy policy. They receive your billing email and payment instrument.
  • GitHub API is queried on your behalf if you authorize the integration. We only read public data.
  • We may disclose data if required by law (court order, government request) after verifying the request is legally valid.

04Cookies & Tracking

  • We use one session cookie to keep you signed in to your dashboard. No tracking cookies.
  • Your public WHOMI page uses zero cookies. Visitor analytics are done server-side using IP truncation — no fingerprinting, no persistent identifiers.
  • We do not use Google Analytics, Meta Pixel, or any advertising network.

05Data Retention

  • Your profile data is retained as long as your account is active.
  • If you delete your account, all profile data and content are permanently deleted within 30 days.
  • Analytics data (page views, clicks) is retained in aggregate for 12 months then purged.
  • Payment records are retained for 7 years as required by Indian tax law (GST compliance).

06Your Rights

  • Access: Request a full export of your data at any time from Settings → Export Data.
  • Correction: Update any profile information directly from your dashboard.
  • Deletion: Delete your account and all associated data from Settings → Delete Account.
  • Portability: Your exported data is provided in JSON format.
  • For any data requests not covered above, email [email protected].

07Security

  • Passwords are hashed using bcrypt with a minimum cost factor of 12.
  • All data in transit is encrypted via TLS 1.3.
  • Database backups are encrypted at rest using AES-256.
  • We run regular dependency audits and penetration tests quarterly.

08Changes to This Policy

  • We will notify registered users by email at least 14 days before any material change to this policy.
  • The "Last Updated" date at the top of this page reflects the most recent revision.
  • Continued use of WHOMI after a policy change constitutes acceptance of the updated terms.

Questions about this policy?

[email protected]
Terms of Service →Documentation →