Whyzper: The Couple App
English
Deutsch

Privacy Policy for the App “Whyzper”

Introduction

This Privacy Policy of Whyzper UG (haftungsbeschränkt) (“we”, “us”, or “Whyzper”) explains how and why we process personal data – including how we collect, store, use and (where applicable) share such data – when you use our services (“Services”), specifically:

  • when you download and use our mobile application “Whyzper”
  • when you interact with us in other ways, such as via support requests, marketing campaigns, or participation in events

This Privacy Policy is intended to help you understand your privacy rights and choices. If you do not agree with the practices described herein, please do not use our services. For any questions, you can contact us at: info@whyzper.com

Summary – Key Points at a Glance

This summary provides a quick overview of the most important aspects of this Privacy Policy:

  • What data do we collect?
    We collect personal data such as your email address, a self-chosen nickname, optional information about your gender, as well as sensitive data concerning sexual preferences, sexual orientation, and relationship topics.
  • Do we process sensitive data?
    Yes. With your explicit consent, we may process sensitive data, such as sexual preferences, in accordance with strict data protection regulations.
  • Do we share data with third parties?
    Yes – e.g., with Google (AdMob for ads, Firebase for push notifications), Apple/Google (for login), and OpenAI (for AI-based story generation). We comply with all applicable data protection laws and sign data processing agreements as required by Art. 28 GDPR.
    Sensitive data, such as sexual preferences, are only sent to OpenAI to generate personalized content and are not linked to directly identifiable personal information. Except for your self-chosen nickname/display name, no data that could identify you personally is transmitted.
    Additionally, your data is stored on a European server (DigitalOcean in Germany), with strong security and privacy protections.
  • How do we protect your data?
    Through modern security standards such as TLS/SSL encryption, access control, and data minimization. Still, no online data transmission can ever be 100% secure.
  • What rights do you have?
    You have the right to access, correct, or delete your data at any time and to revoke your consent. A GDPR-compliant contact form is available in the app.

1. Data Controller

The controller responsible for data processing within the meaning of data protection laws – particularly the General Data Protection Regulation (GDPR) – is:

Whyzper UG (haftungsbeschränkt)
Heisstraße 51
48145 Münster
Germany
📧 Email: info@whyzper.com
👤 Managing Director: Moritz Pilz

Whyzper UG is responsible for the collection, processing, and use of personal data in connection with the “Whyzper” app.

For any questions related to data protection or to exercise your rights (see Section 10), you can contact us at any time.

Representative in the EU:
As the company is based within the European Union, no additional EU representative is required.

2. Purpose and Scope

This Privacy Policy informs you about how Whyzper UG (haftungsbeschränkt), Heisstraße 51, 48145 Münster, Germany (“Whyzper”, “we”, “our”) collects, processes, and protects your personal data when you use our mobile application (“App”) or interact with us in other ways – such as through support requests, feedback, or specific app features.

This Privacy Policy applies globally and is based in particular on the requirements of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and – where applicable – other international data protection laws (e.g., CCPA, UK GDPR, PIPEDA).

It applies to all services offered within the Whyzper app, specifically:

  • Registering and using the app (iOS and Android)
  • Selecting personal preferences and settings
  • Communication with other users through the app
  • AI-generated content based on your personal input
  • Display of personalized advertisements (if enabled)
  • Login via Apple or Google
  • Push notifications via Firebase

By using our app, you consent to the data processing described in this Privacy Policy.

3. What Data We Process

We process personal data that you voluntarily provide when using the app, as well as data that is automatically collected during use. This includes, in particular:

3.1. Data Provided by You

These are data you actively enter in the app:

  • Email address (mandatory)
  • Nickname / display name (mandatory)
  • Password (stored in encrypted form)
  • Gender (optional)
  • Relationship details (e.g. existing partnership, duration, etc.)
  • Sexual preferences (selectable from a list; optional)
  • Responses to questionnaires (e.g. on relationship topics, communication, emotional closeness)

⚠️ Note: These details may constitute sensitive personal data within the meaning of Art. 9 GDPR (e.g. information about sex life or sexual orientation). Processing takes place only with your explicit consent pursuant to Art. 6 (1)(a) in conjunction with Art. 9 (2)(a) GDPR.

3.2. Data from Third-Party Login

If you log in via Apple or Google, we receive the following:

  • A pseudonymized user ID
  • Your email address (if you grant permission)
  • Your display name (if available)
  • No access to your password or other account data

3.3. Automatically Collected Data

When using the app, we automatically collect the following data:

  • Device information (device type, operating system, language settings)
  • IP address (may be shortened or pseudonymized)
  • Unique Device or Installation Identifier: To manage login sessions (e.g., via refresh tokens), ensure account security, and correctly associate devices with your account, we process a unique identifier for your device or app installation.
  • Usage data (e.g. timestamps, feature usage, error messages)
  • Push ID (for sending push notifications via Firebase)
  • Ad interaction data (via Google AdMob, if advertising is enabled)

3.4. Data Processed by AI Features (Story & DeepTalk Generation)

To provide personalized content, Whyzper uses the OpenAI API. Data is processed solely for the purpose of personalized content delivery within the app. The following functions are differentiated:

Erotic Stories (Story Feature)
When generating stories based on your preferences and information, a so-called “prompt” is sent to the OpenAI API. This prompt contains:

  • Your selected preferences
  • Your display name (nickname)
  • Optional: gender, relationship status, or other voluntarily provided information

DeepTalk Analysis
For the DeepTalk feature, an AI analyzes your voluntary responses to relationship-related questions (e.g. about closeness, communication, desires, conflicts, or intimacy). The prompt sent to OpenAI includes:

  • Your response(s) to the specific DeepTalk questions
  • Your display name (nickname)

➡️ No additional personally identifiable information is shared with OpenAI. Prompts are designed in such a way that no conclusions can be drawn about your real identity. Processing occurs solely for the delivery of the requested content and is based on your voluntary use of these features.

3.5. Data Related to Partner Communication and Connection

If you connect with your partner in the app, we store the following data:

  • The user IDs of both accounts
  • The status of your connection
  • Interactions within shared features (e.g. responses to questions, yes/no selections in the FlowSync feature)

4. Processing Purposes & Legal Bases

We process personal data exclusively in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and—where applicable—other international data protection laws. Processing is only carried out where there is a valid legal basis.

4.1. For the Performance of a Contract (Art. 6 (1)(b) GDPR)

We process personal data to provide you with access to the Whyzper app and its functionalities, including:

  • Setting up and managing your user account
  • In-app communication (e.g. notifications, preference matching, DeepTalk)
  • Use of AI-based features such as story or DeepTalk generation
  • Use of the messaging system when connected with a partner

➡️ This processing is necessary for fulfilling our contractual obligations to you or to take steps at your request prior to entering into a contract.

4.2. Based on Your Consent (Art. 6 (1)(a) GDPR)

For certain features (e.g. push notifications, transmission of sensitive data for story generation via OpenAI, voluntary information such as gender or relationship status), we ask for your explicit consent. You may withdraw your consent at any time with effect for the future. The lawfulness of any processing carried out before the withdrawal remains unaffected.

4.3. Based on Legitimate Interests (Art. 6 (1)(f) GDPR)

We process some data based on our legitimate interests, especially for:

  • Improving and further developing our app and services
  • Preventing abuse and fraud
  • Exercising or defending legal claims
  • Analyzing usage data (e.g. crash reports, technical logs) to ensure system stability and security

➡️ In doing so, we always ensure that your fundamental rights and freedoms are not overridden.

4.4. To Fulfill Legal Obligations (Art. 6 (1)(c) GDPR)

In certain cases, we are legally required to store or disclose specific data—for example, to comply with tax regulations, respond to legal inquiries from authorities, or meet commercial recordkeeping obligations.

5. Sensitive Data & Special Categories of Personal Data

When using our Whyzper app, certain data may be processed that falls under the special categories of personal data as defined in Art. 9 (1) GDPR. This includes, in particular:

  • Information about sexual preferences
  • Relationship-related details
  • Responses provided through the DeepTalk feature
  • Inputs related to AI-generated stories
  • Information about sexual orientation, if voluntarily provided or potentially deducible from selected preferences

5.1. Voluntariness and Explicit Consent

We only collect and process this type of sensitive data if you explicitly consent to it (Art. 9 (2)(a) GDPR).
You can generally use the app without providing this sensitive information; however, some features—particularly preference matching and AI-generated content—may only be available to a limited extent or not at all without it.

5.2. Purpose Limitation and Convenience Feature

The indication of sexual orientation is purely optional and used only for an internal filter function to help tailor your preference-based experience. It is designed purely for convenience and does not affect the usability of the app as a whole.
In some cases, a combination of selected preferences may indirectly reveal information about your sexual orientation—however, we do not evaluate or process this data automatically or systematically.

5.3. Pseudonymized Processing for AI Functions

For features such as story generation and DeepTalk analysis, selected user data (e.g., preferences, relationship status, voluntary personal details) may be transmitted to OpenAI, but only in pseudonymized form.
Only your self-chosen nickname is included in the prompt.
We do not transmit any directly identifying personal information that would allow your identity to be determined.

5.4. Protective Measures

All sensitive data is subject to enhanced security standards. We apply technical and organizational safeguards to prevent unauthorized access and misuse. These include, for example:

  • Encryption of sensitive information
  • Hosting on secure servers located in Germany (DigitalOcean, Frankfurt)
  • Access restriction based on strict internal controls

6. Third-Party Services & International Data Transfers

To provide and improve our services, we rely on trusted third-party providers. In accordance with Art. 28 GDPR, we ensure through data processing agreements (DPAs) that these providers process your data solely on our behalf and in compliance with applicable data protection laws.

The following third-party services are currently in use:

Provider Purpose Headquarters / Data Processing
Google AdMob Displaying ads in the free version USA / worldwide
Google Firebase Sending push notifications USA / worldwide
OpenAI Generation of AI content (Stories, DeepTalk) USA
Apple / Google Login via Apple ID / Google Account, processing of in-app purchases USA
DigitalOcean Hosting of server & database Data center in Germany, headquarters in USA
Mailjet Sending transactional emails (e.g., password reset) France / EU
PostHog Analysis of app usage for product improvement Data center in Germany (EU Cloud), headquarters in UK/USA

6.2. International Data Transfers

Some of the above service providers are located outside the European Union (EU) or European Economic Area (EEA)—particularly in the United States. Therefore, it is possible that personal data may be transferred to countries considered “third countries” under EU data protection law.

To ensure an appropriate level of protection, we implement the following safeguards as required under Art. 44 ff. GDPR:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Technical safeguards such as encryption or pseudonymization
  • Data minimization, ensuring that only strictly necessary data is transferred

6.3. Protection Despite U.S.-Based Companies

While some of our providers—such as OpenAI and DigitalOcean—are based in the United States, we take additional precautions:

  • Data hosted via DigitalOcean is stored exclusively on servers located in Germany.
  • Data sent to OpenAI (for content generation) does not contain real names or directly identifiable personal data.
  • Only pseudonymized data, such as your nickname and selected preferences, is used for AI processing.

7. Tracking & Advertising

In the free version of Whyzper, we use Google AdMob to display personalized or contextual ads. AdMob is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Integration is done via the Google Mobile Ads SDK.

As a result, the following data may be collected and processed by Google:

  • Device information (e.g., model, operating system)
  • App usage (e.g., impressions, clicks)
  • Location data (depending on device settings)
  • Advertising ID (e.g., IDFA / GAID)

This data processing is carried out by Google as an independent controller. For more information, please refer to Google’s Privacy Policy and the AdMob data privacy resources.

No Ads for Paying Users

If you have an active subscription (e.g., Whyzper Spark or Whyzper Flame), no advertisements will be shown. In these cases, no advertising-related data processing by AdMob takes place.

Tracking Tools

We use the PostHog analytics service for internal product improvement in accordance with the strict data protection requirements described in section 9. Beyond this, we do not use any other third-party tracking services such as Google Analytics or Facebook SDK.

8. Data Deletion & Retention Periods

We store personal data only for as long as it is necessary to fulfill the respective purposes or as required by statutory retention periods.

General Usage Data

General usage data (e.g., email address, nickname, preferences, questionnaire responses) is stored as long as your user account is active.

Upon Account Deletion

If you delete your account, all personal data will be permanently deleted — including your preferences, questionnaire responses, and chat history. Deletion takes place without delay, and at the latest within 14 days of your request for deletion.

Backups

Backups are created regularly and stored in encrypted form. Personal data is also taken into account when processing a deletion request.
Please note: final deletion from encrypted backups may take up to 30 days due to technical constraints.

Retention Due to Legal Obligations

In some cases, we are legally required to retain certain data for longer periods (e.g., for tax-related documentation or app store payment processing).
In these cases, the data is locked and stored exclusively for the required legal purpose.

9. Analysis of App Usage & Product Improvement

To continuously improve the user experience of our app, identify errors, and understand which features are most valued, we use the analytics service PostHog.

Provider: PostHog, Inc., 220 9th St, San Francisco, CA 94103, USA. For users in the EEA/UK, the service is provided via PostHog Ltd., 7-10 Chandos Street, London, W1G 9DQ, United Kingdom. We have chosen the EU Cloud version of PostHog, which ensures that the processing servers are located within the European Union.

Data Processed:
When you use our app, pseudonymized usage data is transmitted to PostHog. This includes:

  • Event Data: Interactions within the app (e.g., features used, buttons clicked, screens visited).

  • Device Information: Device type, operating system version, app version.

  • Pseudonymous IDs: A random installation ID and—after you log in—your internal user ID. We do not transmit clear names or email addresses as event properties unless it is necessary to identify the user account within the tool.

Purpose of Processing:
The analysis of this data helps us to ensure the stability and user-friendliness of Whyzper and to make data-driven decisions for the further development of our app. We use this data exclusively for internal product analysis and not for advertising purposes.

Legal Basis:
The processing of this data is based on our legitimate interests (Art. 6(1)(f) GDPR) in the analysis, optimization, and secure operation of our services.

Data Protection at PostHog:
We have concluded a Data Processing Agreement (DPA) with PostHog in accordance with Art. 28 GDPR. For more information on PostHog’s privacy practices, please visit: https://posthog.com/privacy

10. Data Security

We implement comprehensive technical and organizational measures to protect your data from loss, misuse, and unauthorized access. The security of your personal data is of utmost priority to us.

Technical Measures

  • SSL/TLS Encryption: All communication between the app and the backend is conducted exclusively via encrypted HTTPS connections.
  • Server Location: Our servers are hosted in a German data center provided by DigitalOcean. While the company is based in the USA, we have implemented additional data protection measures (see Chapter 6).
  • Token-Based Authentication: Communication between the app and server is additionally protected by JWT tokens.
  • Two-Factor Authentication (2FA): We offer an optional 2FA login feature to further enhance account security. We strongly recommend that all users activate this feature.
  • Access Logging and Monitoring: Access to systems and data is logged and regularly monitored.
  • Rate Limiting and Brute Force Protection: We use automated mechanisms to detect and block abuse or suspicious login attempts.

Organizational Measures

  • Privacy by Design & Default: We ensure data minimization and privacy safeguards are implemented from the design stage onward.
  • Access Restrictions: Only authorized personnel have access to personal data – for example, in the context of support services.
  • Training and Awareness: All personnel involved in development and system management receive regular training on data protection and security.

Despite all our security measures, 100% protection cannot be guaranteed for data transmission over the Internet.
However, we do everything possible to minimize risks and keep your data secure.

11. Your Privacy Rights

As a user of the Whyzper app, you are entitled – especially under the provisions of the General Data Protection Regulation (GDPR) – to the following rights:

Right of Access (Art. 15 GDPR)
You have the right to request information about whether we process personal data about you – and if so, which data, for what purpose, and for how long.

Right to Rectification (Art. 16 GDPR)
If the data we have stored about you is inaccurate or incomplete, you have the right to request its correction or completion.

Right to Erasure (“Right to be Forgotten”, Art. 17 GDPR)
You may request the deletion of your personal data – for example, if you delete your account or the processing is unlawful.
Note: When your account is deleted, your data is automatically erased.

Right to Restrict Processing (Art. 18 GDPR)
In certain circumstances, you have the right to restrict the processing of your personal data – e.g., if you contest its accuracy or have filed an objection.

Right to Data Portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, or – if technically feasible – request the transfer of your data directly to another controller.

Right to Object (Art. 21 GDPR)
You may object to the processing of your personal data if we are processing it based on legitimate interests (e.g., personalized advertising).

Right to Withdraw Consent (Art. 7 para. 3 GDPR)
You can withdraw your consent to data processing at any time – for example, for push notifications or the AI-powered story feature.
The withdrawal applies only to future processing and does not affect the legality of data processing carried out prior to the withdrawal.

Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)
If you believe that your data is being processed in violation of applicable data protection laws, you have the right to file a complaint with a supervisory authority.
For example, the responsible authority in our case is the State Commissioner for Data Protection in North Rhine-Westphalia (NRW).

🛠 How to Exercise Your Rights
You can exercise your rights at any time – either directly within the app (e.g., by deleting your account), via our privacy contact form, or by email to info@whyzper.com.

12. Protection of Minors

Protecting children and young people is especially important to us. Whyzper is strictly intended for adult users only.

🚫 No Use by Minors
Our app is intended exclusively for individuals aged 18 and over. Whyzper is labeled as “18+” in both the Apple App Store and Google Play Store and is not accessible to younger individuals through these platforms.
Additionally, an age verification (self-declaration) takes place during the app’s initial launch to confirm that users are of legal age.
Individuals under 18 are not permitted to use Whyzper.

🔍 Actions in Case of Violations
If we become aware that personal data from individuals under the age of 18 has been transmitted to us, we will:

  • Immediately deactivate the associated account, and
  • Delete all data related to the underage individual.

If you have questions or concerns regarding potential violations of this policy, you can contact us anytime at info@whyzper.com.

13. International Users

Whyzper is a globally available app and may be used by users from various countries. We are aware that different data protection laws may apply depending on your location.

Applicable Data Protection Law

For all users within the European Union (EU), the European Economic Area (EEA), Switzerland, and the United Kingdom, the provisions of the General Data Protection Regulation (GDPR) or the respective national laws apply.
Users outside of these regions are also informed by this Privacy Policy about how their data is processed.

International Data Transfers

Your data may be processed in countries outside of your country of residence – for example, by using hosting or service providers such as DigitalOcean (server located in Germany, company based in the USA), Google (Firebase, AdMob), Apple, or OpenAI.
We ensure that:

  • Only necessary data is transmitted,
  • Appropriate security measures (e.g., encryption, access restrictions) are implemented, and
  • Where required, Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR are concluded.

Contact for Questions

If you reside outside of Germany and have questions or concerns regarding data processing in your country, you can contact us anytime at info@whyzper.com. We will be happy to provide further information about our safeguards and legal bases.

14. Contact & Data Controller

The controller responsible under data protection laws – in particular the EU General Data Protection Regulation (GDPR) – is:

Whyzper UG (haftungsbeschränkt)
Heisstraße 51
48145 Münster
Germany

Managing Director: Moritz Pilz
📧 Email: info@whyzper.com

If you have any questions about data protection, wish to exercise your rights, or have concerns about how we handle your personal data, you can contact us at any time using the details above.

15. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy as needed to reflect legal requirements, technical changes, or developments in our app. The version of the policy in effect at the time of your use will apply.

The current version of the Privacy Policy is always available within the app. In the event of significant changes that affect your rights or require renewed consent, we will inform you in advance within the app or by email.

Effective date of this Privacy Policy: July 2025