Legal Document

Privacy Policy

We are transparent about what data we collect, why we collect it, and how you can control it. Your privacy matters to us.

Effective: June 18, 2025
Last Updated: June 18, 2025
Nigeria
Contents
1Who We Are 2Data We Collect 3How We Use It 4Automated Systems 5Sharing Your Data 6Data Retention 7Security 8Cookies & Storage 9Your Rights 10Children's Privacy 11Changes 12Contact
Our Commitment

We do not sell your personal data to anyone. We collect only what is necessary to run the platform and are transparent about every category of data we hold.

🌐

Whimgram is a social platform operated from Nigeria. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services. For any privacy-related questions, contact us at [email protected].

📊

Information you provide directly:

DataWhy We Collect It
Username & Display NameTo identify you on the platform
Email AddressAccount creation, login, verification, and support
Phone Number (optional)Optional identity verification
Password (hashed only)Account authentication — we never store plaintext passwords
Profile Bio & AvatarPersonalise your public profile
CountryLocalisation and compliance
Bank Account DetailsProcessing withdrawal requests only; deleted after processing
Payment InformationProcessed by our payment gateway provider for room subscriptions — we do not store full card details
Messages & MediaCore chat and community functionality

Information collected automatically:

DataWhy We Collect It
IP AddressFraud prevention, signup rate-limiting, security logging
Device FingerprintDetecting duplicate or abusive account creation at signup
Usage DataPlatform features including activity scores, levels, and room participation
Push Notification TokenDelivering browser push notifications (only if you opt in)
Content Quality SignalsAutomated content moderation and quality systems
⚙️

We use the data we collect to:

  • Create and manage your account and public profile
  • Authenticate logins securely
  • Track your activity, engagement, and platform scores
  • Detect and act on spam, AI-generated content, and abusive behaviour
  • Process room subscriptions via our payment gateway partner
  • Credit and manage earned rewards in your Whimgram wallet
  • Review and process withdrawal requests (bank details used solely for this purpose)
  • Send push notifications you have explicitly opted into
  • Display your public profile (username, level, avatar, bio) to other users
  • Improve platform performance, security, and features
  • Comply with legal obligations
🤖

Whimgram uses automated content moderation systems that evaluate messages in real time. These systems check for:

  • AI-generated content — patterns associated with AI writing tools
  • Duplicate or near-duplicate messages — detected using cryptographic hashing
  • Spam and abusive patterns — matched against an extensive moderation library
Your Right to Human Review

If you believe your content was incorrectly flagged by our automated systems, contact us at [email protected] to request a human review.

🤝

We do not sell your personal data. We share data only in these limited circumstances:

  • Other users: Your public profile (username, avatar, level, bio) is visible within the platform. Messages you post in rooms are visible to room members
  • Direct messages: DMs are shared only between sender and recipient
  • Legal requirements: We may disclose data if required by law, court order, or government authority
  • Platform protection: We may share data to investigate fraud, security threats, or violations of our Terms
🗓️
Data TypeRetention Period
Account dataActive accounts + 90 days post-deletion for dispute resolution
MessagesIndefinitely as part of room history, unless deleted by you or a moderator
Moderation stateHours to 24 hours — automatically expired and purged
Bank account detailsPending withdrawal period only; deleted after processing
Transaction recordsMinimum 5 years for financial compliance
🔐

We implement the following security measures to protect your data:

  • Passwords stored as bcrypt hashes — never in plaintext
  • Signed authentication tokens for secure session management
  • Rate limiting on all API endpoints to prevent brute-force attacks
  • Encrypted communications between the frontend and backend
  • Database access restricted to server-side processes only
  • IP and device monitoring during account creation to prevent abuse
Responsible Disclosure

If you discover a security vulnerability, please report it responsibly to [email protected] before disclosing it publicly.

🍪

Whimgram uses browser local storage and session tokens to maintain your logged-in state. We do not use third-party advertising cookies or tracking pixels. Push notification subscriptions are stored server-side only if you explicitly opt in. We do not share your browsing behaviour with any advertising networks.

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data via your profile settings or by contacting us
  • Delete your account and associated data
  • Object to certain processing of your data
  • Withdraw consent for push notifications at any time through your browser settings
  • Request human review of automated decisions that affected your account

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

👶

Whimgram is strictly for users aged 18 and above. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us and we will delete it promptly.

📝

We may update this Privacy Policy from time to time. We will notify users of significant changes through the Platform. Continued use after changes take effect constitutes acceptance of the revised policy.

✉️

For privacy-related questions, data access requests, or concerns about how your data is handled. We respond within 30 days.

🔒

Whimgram Privacy Team

30-day response time for privacy requests