Privacy Policy

This Privacy Policy explains how Whobela (“we,” “us,” “our”) collects, uses, shares, and protects information when you use whobela.com and any related services (collectively, the “Service”). It applies to Users who create accounts and to Visitors who view or interact with invitation pages created on Whobela.

Whobela is operated by [Company Legal Entity Name]. For the purposes of the EU/UK General Data Protection Regulation (“GDPR”), Whobela acts as the data controller for the personal data described below, unless stated otherwise.

1. Information We Collect

1.1 Account data

Email address, hashed password, account preferences, and any information you provide when creating or managing your account.

1.2 Profile data

Name, profile photos, interests, social links, preferences, and any other information you choose to add to your profile or invitation page.

1.3 Booking data

Information collected through your invitation pages and scheduling features, such as date and time selections, Visitor contact details (e.g., name, phone number, email), and messages or responses exchanged through the platform.

1.4 Technical data

IP address, browser type, device information, operating system, pages visited, timestamps, and similar analytics data collected automatically when you or a Visitor use the Service.

1.5 Payment data

Payments are processed by Stripe and/or PayPal. We do not store full payment card numbers or bank details. We may retain limited billing metadata (such as subscription status, billing history, and the last four digits of a payment card, where provided by our payment processor) for accounting and support purposes.

2. How We Use Information

We use the information described above to:

• Provide and operate the Service, including creating, hosting, and delivering invitation pages;
• Process bookings, responses, and contact details submitted through your pages;
• Send transactional notifications (e.g., booking confirmations, security alerts, billing receipts);
• Maintain, secure, and improve the Service, including diagnosing technical issues;
• Detect, investigate, and prevent fraud, abuse, and violations of our Terms & Conditions;
• Communicate with you about your account, updates to our policies, or — where you have consented — product news.

3. Legal Basis for Processing (GDPR)

Where GDPR applies, we rely on the following legal bases:

• Contract necessity — processing needed to create your account, build your pages, and deliver the Service you requested;
• Consent — for optional features such as marketing emails or non-essential cookies, which you can withdraw at any time;
• Legitimate interests — for security, fraud prevention, analytics, and improving the Service, balanced against your rights and interests;
• Legal obligation — where we must retain or disclose information to comply with the law.

4. Data Sharing

We share information with the following categories of third parties, only as needed to operate the Service:

• Hosting providers — to store and serve the platform and your data;
• Payment processors (Stripe, PayPal) — to process subscription payments;
• Storage providers — to store uploaded media such as profile photos;
• Analytics providers — to understand product usage and improve the Service;
• Email providers — to send account, booking, and transactional notifications.

We do not sell your personal data. We may disclose information if required by law, court order, or governmental request, or to protect the rights, safety, or property of Whobela, our users, or the public.

5. User-Generated Content and Public Pages

Invitation pages you create are designed to be shared with specific Visitors via a unique link. Information you choose to include on a page — such as photos, your name, or interests — will be visible to anyone who accesses that link, unless you use available privacy controls to restrict access. You should only include information on a public page that you are comfortable sharing with the people you send the link to.

6. Cookies

We use cookies and similar technologies as described in our Cookie Policy, including essential cookies (required for the Service to function), analytics cookies (to understand usage), and preference cookies (to remember your settings).

7. Data Retention

We retain personal data for as long as your account is active, plus a limited period afterward to comply with legal, accounting, or security obligations. Specifically:

• Account deletion — when you delete your account, we delete or anonymize your personal data within a reasonable period, except data we are required to retain by law (e.g., billing records) or data contained in backups, which are deleted on our standard backup rotation schedule;
• Backup systems — data may persist in encrypted backups for a limited time after deletion from production systems;
• Legal requirements — we may retain certain data longer where required by tax, accounting, or other applicable law.

8. Your Rights

If GDPR or a similar law applies to you, you have the right to:

• Access the personal data we hold about you;
• Correct inaccurate or incomplete data;
• Delete your data (“right to be forgotten”), subject to legal retention requirements;
• Export your data in a portable format;
• Restrict or object to certain processing, including processing based on legitimate interests or for direct marketing;
• Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact privacy@whobela.com. We will respond within the timeframe required by applicable law. If you are in the EU/UK, you also have the right to lodge a complaint with your local data protection authority.

9. International Transfers

Whobela uses infrastructure and service providers that may process data outside your country of residence, including outside the European Economic Area. Where we transfer personal data internationally, we use appropriate safeguards required by applicable law (such as Standard Contractual Clauses) to protect your data.

10. Security

We use industry-standard measures to protect your data, including encryption of data in transit, access controls restricting who can view personal data internally, hashed password storage, and regular review of our security practices. No system is completely secure, and we cannot guarantee absolute security.

11. Children's Privacy

Whobela is not directed at individuals under 18, and we do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, contact privacy@whobela.com so we can investigate and remove it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service before they take effect.

13. Contact

Questions about this Privacy Policy or how we handle your data can be sent to privacy@whobela.com.