We do not sell your personal data to anyone. We collect only what is necessary to run the platform and are transparent about every category of data we hold.
Whimgram is a social platform operated from Nigeria. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services. For any privacy-related questions, contact us at [email protected].
Information you provide directly:
| Data | Why We Collect It |
|---|---|
| Username & Display Name | To identify you on the platform |
| Email Address | Account creation, login, verification, and support |
| Phone Number (optional) | Optional identity verification |
| Password (hashed only) | Account authentication — we never store plaintext passwords |
| Profile Bio & Avatar | Personalise your public profile |
| Country | Localisation and compliance |
| Bank Account Details | Processing withdrawal requests only; deleted after processing |
| Payment Information | Processed by our payment gateway provider for room subscriptions — we do not store full card details |
| Messages & Media | Core chat and community functionality |
Information collected automatically:
| Data | Why We Collect It |
|---|---|
| IP Address | Fraud prevention, signup rate-limiting, security logging |
| Device Fingerprint | Detecting duplicate or abusive account creation at signup |
| Usage Data | Platform features including activity scores, levels, and room participation |
| Push Notification Token | Delivering browser push notifications (only if you opt in) |
| Content Quality Signals | Automated content moderation and quality systems |
We use the data we collect to:
- Create and manage your account and public profile
- Authenticate logins securely
- Track your activity, engagement, and platform scores
- Detect and act on spam, AI-generated content, and abusive behaviour
- Process room subscriptions via our payment gateway partner
- Credit and manage earned rewards in your Whimgram wallet
- Review and process withdrawal requests (bank details used solely for this purpose)
- Send push notifications you have explicitly opted into
- Display your public profile (username, level, avatar, bio) to other users
- Improve platform performance, security, and features
- Comply with legal obligations
Whimgram uses automated content moderation systems that evaluate messages in real time. These systems check for:
- AI-generated content — patterns associated with AI writing tools
- Duplicate or near-duplicate messages — detected using cryptographic hashing
- Spam and abusive patterns — matched against an extensive moderation library
If you believe your content was incorrectly flagged by our automated systems, contact us at [email protected] to request a human review.
We do not sell your personal data. We share data only in these limited circumstances:
- Other users: Your public profile (username, avatar, level, bio) is visible within the platform. Messages you post in rooms are visible to room members
- Direct messages: DMs are shared only between sender and recipient
- Legal requirements: We may disclose data if required by law, court order, or government authority
- Platform protection: We may share data to investigate fraud, security threats, or violations of our Terms
| Data Type | Retention Period |
|---|---|
| Account data | Active accounts + 90 days post-deletion for dispute resolution |
| Messages | Indefinitely as part of room history, unless deleted by you or a moderator |
| Moderation state | Hours to 24 hours — automatically expired and purged |
| Bank account details | Pending withdrawal period only; deleted after processing |
| Transaction records | Minimum 5 years for financial compliance |
We implement the following security measures to protect your data:
- Passwords stored as bcrypt hashes — never in plaintext
- Signed authentication tokens for secure session management
- Rate limiting on all API endpoints to prevent brute-force attacks
- Encrypted communications between the frontend and backend
- Database access restricted to server-side processes only
- IP and device monitoring during account creation to prevent abuse
If you discover a security vulnerability, please report it responsibly to [email protected] before disclosing it publicly.
Whimgram uses browser local storage and session tokens to maintain your logged-in state. We do not use third-party advertising cookies or tracking pixels. Push notification subscriptions are stored server-side only if you explicitly opt in. We do not share your browsing behaviour with any advertising networks.
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data via your profile settings or by contacting us
- Delete your account and associated data
- Object to certain processing of your data
- Withdraw consent for push notifications at any time through your browser settings
- Request human review of automated decisions that affected your account
To exercise these rights, contact us at [email protected]. We will respond within 30 days.
Whimgram is strictly for users aged 18 and above. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us and we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify users of significant changes through the Platform. Continued use after changes take effect constitutes acceptance of the revised policy.
For privacy-related questions, data access requests, or concerns about how your data is handled. We respond within 30 days.