Privacy Laws and Your Rights
Whistlr is committed to protecting your privacy and complying with global data protection regulations. While we're a US-based company primarily serving US users, we follow privacy best practices aligned with major international privacy laws including the European Union's General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other regional privacy legislation. Understanding your privacy rights empowers you to control your personal data and make informed decisions about your digital presence.
Your Privacy Rights: Universal Data Protection Principles
Regardless of your location, Whistlr respects fundamental privacy rights including the right to access your personal data, right to correct inaccurate information, right to delete your data (with legal exceptions), right to data portability in machine-readable formats, right to object to certain data processing, right to restrict processing in specific circumstances, and right to withdraw consent for optional data processing. These rights can be exercised through account settings or by contacting our privacy team.
Accessing your data is straightforward through Settings > Privacy > Download Your Data. This tool provides a complete export of your information including profile data, posts and comments, messages, photos and videos, engagement history, and account activity logs. Exports are provided in JSON format for machine readability and include documentation explaining the data structure. Processing typically takes 24-48 hours for standard accounts, longer for accounts with extensive content libraries.
GDPR Rights for European Users
Users in the European Union have specific rights under GDPR including the right to be forgotten (data deletion), right to data portability between services, right to object to automated decision-making, right to lodge complaints with supervisory authorities, and right to detailed information about data processing. We provide GDPR-compliant consent mechanisms, clear privacy notices, and easy-to-use tools for exercising these rights. Our EU representative can be contacted for GDPR-specific inquiries.
- CCPA Rights (California): Right to know what personal information is collected, right to delete personal information, right to opt-out of sale of personal information (note: we don't sell personal data), right to non-discrimination for exercising privacy rights
- COPPA Compliance (Children): Services not directed to children under 13, immediate deletion of accounts found to be underage, parental consent required for users 13-17 in certain jurisdictions, enhanced privacy protections for minors
- Data Minimization: Collection limited to necessary information, purpose limitation for data use, storage limitation with automatic deletion policies, and regular data audits to remove unnecessary information
- Consent Management: Clear consent requests for optional data processing, easy withdrawal of consent, granular controls for different data uses, and consent records maintained for compliance
- Transparency Obligations: Clear privacy policy in plain language, regular transparency reports on data requests, notification of privacy policy changes, and data breach notifications when required
- Security Measures: Encryption of data in transit and at rest, access controls and authentication, regular security audits, and incident response procedures
- Third-Party Data Sharing: Limited sharing only with service providers, data processing agreements with all processors, user control over third-party integrations, and transparency about data recipients
- International Transfers: Appropriate safeguards for cross-border data transfers, compliance with regional transfer mechanisms, and user notification of data storage locations
Privacy is not just a legal obligation - it's a fundamental value that guides our product development and business practices. We believe that users should have meaningful control over their personal data, transparent information about how it's used, and easy-to-use tools for exercising their rights. Our privacy program goes beyond minimum legal requirements to implement best practices that respect user autonomy and build trust through transparency and accountability.
Data Retention and Deletion: We retain personal data only as long as necessary for the purposes for which it was collected or as required by law. Account data is retained while your account is active. After account deletion, most data is removed within 30 days, with some information retained longer for legal compliance, fraud prevention, or legitimate business purposes. Backup systems may retain data for up to 90 days. You can request expedited deletion for specific data categories by contacting our privacy team.
Exercising Your Privacy Rights: Step-by-Step Process
To exercise privacy rights, navigate to Settings > Privacy > Your Privacy Rights. Select the right you wish to exercise (access, deletion, correction, portability, objection). Provide any necessary information to locate your data or specify your request. Verify your identity through our secure verification process. Submit your request for processing. We respond to most requests within 30 days, with extensions communicated if additional time is needed. Complex requests may require additional information or verification.
Privacy Complaints and Disputes: If you have concerns about how we handle your personal data, contact our privacy team at privacy@etapx.com. We investigate all complaints promptly and work to resolve issues satisfactorily. If you're unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority (for EU users) or state attorney general (for US users). We cooperate fully with regulatory authorities and respect their decisions regarding privacy matters.
Understanding Data Collection and Use
We collect information you provide directly (profile, posts, messages), information from your use of services (activity logs, device information), and information from third parties (OAuth providers, payment processors). This data is used for providing and improving services, personalizing your experience, ensuring security and safety, communicating with you, and complying with legal obligations. We don't sell personal data to third parties, don't use message content for advertising, and provide transparency about all data practices in our privacy policy.
Cookies and Tracking Technologies: We use cookies and similar technologies for authentication, security, preferences, analytics, and advertising (for non-Plus users). You can control cookie preferences through browser settings and our cookie consent tool. Essential cookies required for platform functionality cannot be disabled, but optional cookies for analytics and advertising can be rejected. We respect Do Not Track signals and provide clear information about our tracking practices in our cookie policy.