Privacy Policy

Your privacy, plainly explained

Effective: January 1, 2025

The short version

We do not require accounts. We do not sell data. Message senders are never identified. Messages self-destruct after 48 hours.

Information we do not collect

whoispr is designed to minimise data collection. We do not collect:

  • Email addresses or phone numbers
  • Account credentials of any kind
  • Device identifiers or advertising IDs
  • Location data
  • Browsing history or tracking data across other sites

Information we temporarily store

When someone sends a message through whoispr, we store:

  • The message text (sanitised for safety)
  • A timestamp indicating when it was sent
  • The recipient's username (the link owner)
  • An expiry timestamp (48 hours from creation)

We do not store the sender's IP address in any readable or retrievable form associated with message content. The platform is architected so that there is no way to link a specific message back to an individual sender after the request completes.

Message expiry

All messages automatically expire 48 hours after they are sent. Expired messages are permanently deleted from our storage and cannot be recovered. We do not retain message archives.

Infrastructure

whoispr is hosted on Cloudflare Pages with Cloudflare KV storage. Standard Cloudflare infrastructure logs (connection metadata, error rates) may be retained by Cloudflare under their own privacy policy. These logs are not used by us to identify users or analyse behaviour.

Abuse prevention

We apply automatic rate limiting and content filtering to prevent spam and abuse. These systems operate on request-level signals and do not create persistent user profiles.

Cookies and local storage

We use browser session storage (not cookies) solely to track which messages you have already read, so the "unread" count in your dashboard stays accurate. This data never leaves your browser and is cleared when you close the tab.

Third-party services

We use Google Fonts to load typography. This results in a request to Google's servers. No message content or user data is involved in this request. No other third-party analytics or tracking services are used.

Children

whoispr is not intended for users under 13 years of age. We do not knowingly collect information from children. If you believe a minor has used the service in a concerning way, contact us and we will investigate promptly.

Changes to this policy

If we make material changes to this privacy policy, we will update the effective date at the top. Continued use of the service after changes are posted constitutes acceptance of those changes.

Contact

Questions about privacy? Reach us at privacy@whoispr.app. We will respond within 5 business days.