Privacy Policy
Last updated: May 26, 2025
1. Who we are
WhereWere ("we", "us", or "our") is a peer-to-peer location timestamping service. We are the data controller for personal data processed through wherewere.com.
Contact: 1337.geek@gmail.com
2. What data we collect
- Account data: email address, display name, and hashed password (stored by Supabase Auth).
- Location stamps: GPS latitude/longitude coordinates you submit at the moment you tap "Stamp Me Here." We do not track your location at any other time.
- Witness records: the user ID and server timestamp of contacts who acknowledge your stamps.
- Circle contacts: email addresses of trusted contacts you add to your circle.
- Photos (Premium): images you attach to stamps, stored in Supabase Storage.
- Push notification tokens: Firebase Cloud Messaging device tokens, stored to deliver witness notifications.
- Payment data: billing is handled entirely by Stripe. We receive only a customer ID and subscription status — never your full card number.
- Usage logs: standard server access logs (IP address, user agent, timestamp) retained for up to 30 days for security and debugging.
3. Why we process your data (legal basis)
- Contract performance: account creation, stamp creation, witness notification, and subscription management are necessary to provide the service you signed up for (GDPR Art. 6(1)(b)).
- Legitimate interests: security logging and fraud prevention (GDPR Art. 6(1)(f)).
- Legal obligation: we may retain records if required by applicable law.
4. How we use your data
- To create and display your location stamps and witness records.
- To notify trusted circle contacts when you stamp a location.
- To process subscription payments via Stripe.
- To send transactional emails (witness invitations, account confirmations) via Resend.
- To detect and prevent abuse.
We do not sell your data. We do not use your location data for advertising.
5. Third-party processors
| Processor | Purpose | Data shared |
|---|---|---|
| Supabase (US) | Database, auth, file storage | All account + stamp data |
| Firebase / Google (US) | Push notifications (FCM) | Device push token |
| Stripe (US) | Payment processing | Email, billing info |
| Resend (US) | Transactional email | Email address |
| Vercel (US) | Hosting, edge functions | IP address, request logs |
All processors are contractually bound to process data only as instructed and maintain appropriate security measures.
6. Data retention
- Witnessed stamps: permanent by design — immutability is the core product guarantee. Even after account deletion, witnessed stamp records are anonymized (user data removed) but the timestamp and GPS record remains.
- Unwitnessed stamps: deleted when you delete them or when your account is deleted.
- Account data: deleted within 30 days of account deletion request.
- Circle contacts: removed immediately on account deletion.
- Push tokens: deleted when you log out or delete your account.
- Server logs: 30-day rolling retention.
7. Your rights (GDPR / CCPA)
Depending on your jurisdiction, you have the right to:
- Access — request a copy of your personal data.
- Correction — request correction of inaccurate data.
- Deletion (Right to Erasure) — delete your account and non-witnessed data via Settings → Delete Account. Witnessed stamps are anonymized, not deleted, as third parties have a legitimate interest in the mutual record.
- Portability — export your stamps in CSV or PDF format (Premium feature).
- Object / Restrict — object to certain processing; contact us to restrict processing.
- Withdraw consent — where processing is based on consent, you may withdraw at any time without affecting prior lawfulness.
To exercise any right, email 1337.geek@gmail.com. We will respond within 30 days.
8. Cookies
We use only functional cookies necessary to operate the service:
- Auth session cookies (Supabase) — keep you logged in. Expire when you sign out or after 7 days of inactivity.
We do not use advertising cookies or third-party tracking cookies.
9. Security
We use HTTPS for all data in transit, Supabase Row Level Security for database access control, and Firebase Admin SDK for server-side push (private keys never exposed to browsers). Stamps are immutable server-side — timestamps are set by the server, not the client.
No system is 100% secure. If you discover a vulnerability, please disclose it responsibly at 1337.geek@gmail.com.
10. Children
WhereWere is not directed at children under 13 (or 16 in the EU). We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it promptly.
11. Changes to this policy
We will post material changes here and notify registered users by email at least 14 days before they take effect. Continued use after the effective date constitutes acceptance.