Whosly

Privacy Policy

Last updated July 2026

This Privacy Policy explains how Who's In Labs, LLC, an Illinois limited liability company ("Who's In Labs," "we," "us," or "our"), collects, uses, shares, and protects information when you use the Whosly™ app and whosly.app (collectively, the "Service"). By using the Service, you agree to this Policy. If you do not agree, do not use the Service.

1. Information We Collect

We collect the following categories of information, directly from you, automatically through your use of the Service, and from third parties such as our service providers and partners:

2. How We Use Information

We use information for the following purposes:

3. Recommendations & Analytics — We Don't Track You

We use your information only for our own first-party purposes — to tailor recommendations and decide which city packs and features to build. We do not track you: we do not link your information with data from other companies' apps or websites for advertising, we do not share your information with data brokers, and we do not sell it or share it for "targeted advertising" or "cross-context behavioral advertising." Our analytics are first-party and privacy-respecting (including aggregated and de-identified data). If we ever introduce third-party advertising or tracking, we will update this Policy first and provide the choices the law requires (including, on iOS, an App Tracking Transparency prompt).

4. How We Share Information

We do not sell your personal information, and we do not share it with advertisers or data brokers or for targeted/cross-context behavioral advertising. We use first-party analytics only.

5. Phone Numbers

Your phone number is used to match invitations to your account. In our directory, numbers are matched using a one-way hash rather than stored in the clear, and we never return a raw number to other users.

6. AI Features

When you use AI-assisted lookup or place import, the text and context you enter are sent to our AI provider (Anthropic) to generate results. Please do not enter sensitive information you do not want processed by those services.

7. Cookies & Tracking Choices

On the website we use only essential cookies (for example, to remember team access to a pre-launch preview of the site) — no third-party advertising cookies. Our analytics are cookieless and first-party. You can control cookies through your browser and manage tracking permissions in your device settings. Because we do not sell or share personal information or use it for cross-context behavioral advertising, a Global Privacy Control (GPC) signal has no sale or share to act on.

8. Data Retention & Deletion

We keep information while your account is active or as needed to provide the Service, comply with law, resolve disputes, and enforce our agreements. You can delete plans you host, and you can delete your account in Settings → Account → Delete account, which removes your profile, directory listing, and associated data from our active systems. Some information may remain on other participants' devices or in records they created (such as their RSVPs or comments), and we may retain de-identified or aggregated data. To keep one-time promotional credits one-time, we also retain a minimal, anonymized fraud-prevention record of any free AI credits you have already used — a one-way hash derived from your Sign in with Apple identifier (never the identifier itself) plus the usage counts, nothing else — so deleting and recreating an account does not reset them. To request deletion or a copy of your data, email admin@whos-in-labs.com.

9. Security

We use reasonable technical and organizational measures to protect information, including encryption in transit and storing your account identifier in your device's Keychain. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Children

The Service is intended for adults and is not directed to children. We do not knowingly collect personal information from anyone under 18 (and specifically anyone under 13). If you believe a minor has provided us information, contact us and we will delete it.

11. Your Choices & Rights

You can control contacts, location, photos, calendar, and notification permissions in your device settings, manage notification preferences in the app, turn off arrival sharing per plan, turn off "Personalized recommendations" in the app's Settings → Privacy (which stops general-location collection and deletes what we've stored), and remove your profile photo. Depending on where you live, you may also have the rights described below.

12. Your U.S. State Privacy Rights

Residents of California, Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive privacy laws may have some or all of the following rights, subject to that law's limits and exceptions:

To exercise any of these rights, email admin@whos-in-labs.com (because we do not sell or share personal information or use it for targeted advertising, a GPC signal has nothing to opt out of). We will verify your request as required by law, and you may use an authorized agent. If we deny your request, you may appeal by replying to our response; where applicable you may also contact your state attorney general. California's "Shine the Light" law: you may request information about disclosures to third parties for their direct marketing.

13. Illinois & Biometric Information

We are based in Illinois, United States, and your information is processed in the United States. We do not collect, capture, use, store, or sell biometric identifiers or biometric information as defined by the Illinois Biometric Information Privacy Act (BIPA). Profile photos are used only to display your avatar and are not used for facial recognition or biometric identification.

14. Changes

We may update this Policy from time to time. We will revise the "Last updated" date above and, for material changes, provide notice where appropriate.

15. Contact

Questions about your privacy, or to exercise your rights? Contact Who's In Labs, LLC at admin@whos-in-labs.com.