Privacy isn't a feature we added later. It's the reason Wheespr exists. Here's exactly how we protect your conversations.
All data between your device and our servers is encrypted using HTTPS/TLS. No one can intercept your messages on the network.
Your messages and media are encrypted on our servers (Supabase). Data at rest is protected even if the underlying storage were ever compromised.
Conversations are permanently deleted after 7 days (free) or 30 days (Plus). We can't share data we no longer have.
Photos and voice messages cannot be saved to a recipient's camera roll or device storage. They exist only within the conversation.
You sign in with Apple or Google — we receive only your email and a unique ID. No phone number, no real name, no contact list.
We do not sell, rent, or trade your personal data. Ever. Our business model is subscriptions — not advertising.
Wheespr runs on Supabase, a trusted backend platform used by thousands of production apps worldwide. Our database and file storage are hosted in the United States, chosen to provide reliable performance for both US and European users. Data transfers from the EEA to the US are covered by Standard Contractual Clauses (SCCs) in accordance with GDPR.
Subscription management is handled by RevenueCat. We never see or store your payment card details — billing is processed entirely by Apple or Google.
We take security reports seriously. If you've discovered a potential security issue in Wheespr, please let us know before disclosing it publicly. We commit to responding within 48 hours and working with you to resolve the issue promptly.
Contact us at hello@wheespr.app with the subject line "Security disclosure". Please include a description of the issue, steps to reproduce it, and any potential impact. We appreciate your help in keeping Wheespr safe.