Privacy Policy

Last updated: February 2026

Whoo.is ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at https://whoo.is and our application at https://app.whoo.is (collectively, the "Service"). Please read this Privacy Policy carefully. By using the Service, you consent to the data practices described in this policy.

1. Information We Collect

1.1 Information You Provide to Us

We collect information that you voluntarily provide when you use the Service, including:

Account Information: When you create an account, we collect your name, email address, and password. Authentication is managed through Supabase Auth.
Profile Information: Information you add to your professional profile, including your first name, last name, headline, biography, profile photo, and username.
Resume and Career Data: Resumes you upload (in PDF format), including the text content extracted from those documents such as work experience, education, skills, and contact information.
Blog Posts: Content you write and publish through the Service, including post titles, body text, and publication dates.
Job Tracking Data: Information about job applications you track through the Service, including company names, job titles, application statuses, and personal notes.
Social and Professional Links: URLs to your social media profiles, portfolio websites, and other professional links that you add to your profile.
Photos for AI Headshots: If you use our AI headshot generation feature, the photographs you upload for processing.
Payment Information: When you subscribe to a paid plan, payment details are collected and processed by Stripe. We do not store your full credit card number, expiration date, or CVV on our servers. We may receive and store limited billing details such as the last four digits of your card, card brand, and billing address from Stripe.
Contact Form Submissions: Your name, email, phone number, and message content when you use our contact form.

1.2 Information Collected Automatically

When you access the Service, we may automatically collect certain information, including:

Usage Data: Pages visited, features used, time spent on pages, click patterns, and referring URLs.
Device Information: Browser type and version, operating system, device type, and screen resolution.
Network Information: IP address, approximate geographic location (city/country level), and internet service provider.
Cookies and Similar Technologies: We use cookies and similar tracking technologies to collect and track information about your activity on the Service. See Section 8 (Cookies) for more details.

2. How We Use Your Information

We use the information we collect for the following purposes:

Provide and Maintain the Service: To create and manage your account, display your public profile, host your personalized landing page, and deliver the features you use.
AI Content Generation: To process your resume data and profile information through OpenAI's API to generate AI-powered resumes, cover letters, profile summaries, blog posts, and professional headshots.
Payment Processing: To process subscription payments and manage your billing through Stripe.
Communication: To send you account-related notifications, respond to your inquiries, and provide customer support.
Service Improvement: To analyze usage patterns, diagnose technical issues, and improve the performance, functionality, and user experience of the Service.
Security: To detect, prevent, and address fraud, abuse, security issues, and technical problems.
Legal Compliance: To comply with applicable laws, regulations, and legal processes.

3. Third-Party Services

We use the following third-party services to operate the Service. Each of these services may collect, process, or store certain information as described below:

Service	Purpose	Data Shared	Privacy Policy
Supabase	Authentication, database, and file storage	Account data, profile data, resume files, all user-generated content	supabase.com/privacy
Stripe	Payment processing	Name, email, payment card details, billing address	stripe.com/privacy
OpenAI	AI content generation (resumes, cover letters, headshots, summaries)	Resume text, profile data, photographs (for headshots)	openai.com/privacy
Cloudflare	Website hosting, CDN, and security (whoo.is)	IP address, request data, usage data	cloudflare.com/privacypolicy
Vercel	Application hosting (app.whoo.is)	IP address, request data, usage data	vercel.com/legal/privacy-policy
Google Analytics	Website analytics and usage tracking	IP address (anonymized), usage data, device information, cookies	policies.google.com/privacy
SendGrid	Transactional email delivery	Email address, name, message content	twilio.com/legal/privacy

We encourage you to review the privacy policies of these third-party services to understand how they handle your data. We are not responsible for the privacy practices of third-party service providers.

4. Data Sharing and Disclosure

We do not sell your personal information to third parties. We may share your information in the following limited circumstances:

Public Profile: Information you include in your public profile (name, headline, bio, profile photo, links, and blog posts) is publicly accessible at your personalized URL (e.g., whoo.is/username). This is the core function of the Service.
Service Providers: We share information with the third-party service providers listed in Section 3 as necessary to operate the Service.
Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request.
Protection of Rights: We may disclose your information when we believe it is necessary to protect our rights, your safety, or the safety of others; to investigate fraud; or to respond to a government request.
Business Transfers: If Whoo.is is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service of any change in ownership.
With Your Consent: We may share your information for any other purpose with your explicit consent.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service to you. Specifically:

Account Data: Retained for the duration of your account. Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.
Profile and Resume Data: Retained while your account is active. Your public profile is removed promptly upon account deactivation or deletion.
Payment Records: Billing records may be retained for up to 7 years as required for tax and accounting compliance.
Analytics Data: Aggregated, anonymized analytics data may be retained indefinitely for the purpose of improving the Service.
AI-Generated Content: AI-generated content (resumes, cover letters, headshots) is retained while your account is active and deleted upon account deletion.
Contact Form Submissions: Retained for up to 2 years unless a longer retention period is required by law.

6. Data Security

We take the security of your personal information seriously and use commercially reasonable administrative, technical, and physical safeguards to protect it. These measures include:

Encrypted data transmission using HTTPS/TLS across all Service endpoints.
Row Level Security (RLS) policies in our Supabase database to ensure users can only access their own data.
Secure authentication through Supabase Auth with encrypted password storage.
Payment information handled exclusively by PCI-DSS compliant Stripe.
Regular monitoring of our infrastructure for security vulnerabilities.

However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

7.1 Access and Portability

You can access much of your personal information directly through your account dashboard at app.whoo.is. You may request a copy of all personal data we hold about you by contacting us at [email protected].

7.2 Correction

You can update and correct your profile information, resume data, and other personal information directly through your account settings at any time.

7.3 Deletion

You may request deletion of your account and associated personal data by contacting us at [email protected]. We will process your request within 30 days. Please note that certain data may be retained as described in Section 5.

7.4 Opt-Out of Communications

You may opt out of receiving promotional emails by following the unsubscribe instructions included in each email. Please note that you may continue to receive transactional or account-related communications even after opting out of promotional messages.

7.5 Cookie Preferences

You can manage your cookie preferences through your browser settings. See Section 8 for more details.

7.6 California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. As stated above, we do not sell your personal information.

7.7 EEA/UK Residents

If you are located in the European Economic Area or the United Kingdom, you may have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and the right to object to processing. To exercise these rights, please contact us at [email protected].

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service. The types of cookies we use include:

Essential Cookies: Required for the basic functionality of the Service, such as maintaining your login session and security tokens. These cannot be disabled.
Analytics Cookies: Used by Google Analytics (measurement ID: G-5V4JSVPPWE) to collect information about how you use the Service, including pages visited, time spent on the Service, and traffic sources. Google Analytics uses cookies to generate statistical data about website usage. This information is aggregated and anonymous.
Functional Cookies: Used to remember your preferences and settings to enhance your experience.

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling cookies may affect the functionality of the Service. For more information about Google Analytics and how to opt out, visit Google Analytics Opt-out Browser Add-on.

9. Children's Privacy

The Service is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and you learn that your child under 13 has provided us with personal information, please contact us at [email protected]. If we learn that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information as quickly as possible.

10. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country. By using the Service, you consent to the transfer of your information to the United States and other countries where our service providers operate. We take steps to ensure that your data receives an adequate level of protection in the jurisdictions in which we process it.

11. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no uniform standard for how DNT signals should be interpreted, the Service does not currently respond to DNT signals. We will continue to monitor developments around DNT browser technology and update our practices as appropriate.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by posting the updated Privacy Policy on the Service with a revised "Last updated" date and, where appropriate, by sending you an email notification. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Whoo.is
Email: [email protected]
Website: https://whoo.is

We will endeavor to respond to your inquiry within 30 days.