WhereWereTerms of Service

Privacy Policy

Effective July 7, 2026 · Version 2026-07-07

WhereWere is a peer-to-peer location-timestamping service. Location is the most sensitive data we handle, so this policy explains in plain terms exactly what we collect, who processes it, how long we keep it, and the rights you have. If anything here is unclear, contact us at privacy@wherewere.com.

1. Who we are

"WhereWere", "we", "us" is the operator of wherewere.com and the data controller for the personal data described below. For business/organization accounts, the organization is the controller of its members' work-related records and we act as its processor for those records.

2. What we collect

We collect only what the product needs to function:

3. How we use it & our legal bases

We do not sell your personal data, we do not use it for advertising, and we do not run third-party ad or tracking cookies.

4. Cookies & similar technologies

We use a small number of first-party cookies and browser storage:

We do not use advertising, marketing, or cross-site tracking cookies.

5. Who processes your data (sub-processors)

We share data only with the service providers needed to run WhereWere. Each is bound by contract to protect it and use it only on our instructions. These providers are primarily in the United States.

ProviderWhat it processes
SupabaseAuthentication, database, and photo storage (all app data)
GoogleSign-in (your email, name, avatar)
Firebase Cloud MessagingPush notifications (device token + message text)
StripePayments & subscriptions
ResendTransactional email delivery
Upstash (Redis)Rate-limiting & short-term caching (identifiers, not stamp content)
OpenStreetMap / NominatimReverse-geocoding rounded (~111 m) coordinates to a place name
VercelHosting, request logs, cookieless analytics
Sentry (optional)Error diagnostics, with personal data (coordinates, emails, tokens) scrubbed before sending

6. Sharing you choose to do

The point of WhereWere is to share proof with people you trust — so some sharing is driven by you: adding a witness reveals a stamp to that person; creating a share link (/s/…) lets anyone with the link view that one record until it expires or you revoke it; opting a stamp into the public nearby map shows an approximate (~111 m), time-limited location; and joining an organization lets its owners/admins see the work stamps you make for that organization. You control each of these, and share links are revocable.

7. Retention & legal hold

8. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. You can access and export much of your data in-app, and delete your account from Settings (subject to the legal hold in §7). To exercise any other right, email privacy@wherewere.com. You may also complain to your local data-protection authority.

9. Security

Data is encrypted in transit. Access is enforced at the database with row-level security so users can only reach their own records and the records shared with them. Each stamp carries a SHA-256 hash chained to your previous stamp, making tampering detectable. Photos are served through short-lived signed links. No system is perfectly secure, but we design access to fail closed.

10. International transfers & children

Our providers are primarily in the United States; using WhereWere involves transferring your data there under appropriate safeguards. WhereWere is not directed to children and is not intended for anyone under 16 (or the minimum age in your country). Do not create an account or stamp a location for a child without the necessary consent and legal right.

11. Changes

If we make material changes we will update the version and effective date above and, where appropriate, ask you to re-accept. Continued use after an update means you accept the revised policy.

Questions or requests: privacy@wherewere.com.