Who Can See Your Data

Whera runs on Amazon's cloud infrastructure — think of AWS as the secure building where your data lives. They provide the servers, storage, and networking, but they have no interest in your data and no business reason to look at it. AWS is certified to the highest security standards (SOC 2, ISO 27001, PCI-DSS) and is legally bound by contract to never access or use your data except as strictly necessary to keep our service running — or if required by law.

Your data is encrypted both in transit and at rest, and we use our own encryption keys — not shared ones — so access to stored data is tightly controlled.

Their role: Infrastructure provider. Like a data center that keeps the lights on.

What they cannot do: Use your data for advertising, sell it, or share it with other customers.

If you subscribe to a Whera plan through our website, Stripe handles the payment. Stripe is one of the most trusted payment processors in the world and is PCI-DSS certified. Your card details go directly from your device to Stripe — Whera's servers never see any part of your card number.

What they can access: Payment method details, billing email address, subscription status.

If you subscribe through the Whera iOS app, Apple handles the payment entirely. We receive confirmation that a subscription was purchased, but Apple manages all payment details.

What they can access: Your Apple ID (as part of the purchase) and subscription transaction details.

If you subscribe through the Whera Android app, Google handles the payment entirely. Same as Apple — we receive a confirmation, not your payment details.

What they can access: Your Google account identity (as part of the purchase) and subscription transaction details.

When Whera sends you a notification — like a zone alert or an SOS — it travels through Apple's Push Notification service to reach your iPhone. Apple routes the notification but does not store or analyze the content.

What they can access: Your device identifier and the notification message (which may include the alert type and names of people in your group).

The same applies on Android, using Google's Firebase Cloud Messaging service.

What they can access: Your device identifier and the notification message.

Whera uses Stadia Maps to display the map you see in the app. We chose Stadia specifically because they do not track individual users across requests. When your app loads map tiles, Stadia sees the region of the map being displayed — but not your identity or your GPS coordinates.

What they can access: The approximate area of the map being viewed (not your exact location or account).

Why not Google Maps? Google Maps builds user profiles from map usage. Stadia Maps does not.

When you log in on a new iPhone, Whera asks Apple to verify that the app running on your device is genuine and hasn't been tampered with. This is a security measure to protect your account. Apple confirms or denies the check but does not learn anything about your Whera activity.

What they can access: A confirmation that the Whera app is running on a legitimate Apple device. No location or account data.

The same process applies on Android, using Google's Play Integrity API.

What they can access: A confirmation that the Whera app is running on an unmodified Android device. No location or account data.

When you create a Whera account or change your password, we check whether your chosen password has appeared in any known data breaches. We use a privacy-preserving method called k-anonymity — only the first few characters of an anonymized hash of your password are ever sent, making it impossible for anyone to reverse-engineer your actual password from the check.

What they can access: A partial, anonymized hash. Not your password, email, or any account details.

If you purchase Whera merchandise from our store at shop.whera.app, Fourthwall processes that transaction and fulfills the order.

What they can access: Name, shipping address, email, and payment details for your purchase. This is separate from your Whera app account.

Our team email addresses (support@whera.app, privacy@whera.app, etc.) run on Google Workspace. If you email us, that message will pass through Google's servers.

What they can access: The content of emails you send to us.