# Privacy Policy
Who's Right Application
Last updated: February 10, 2026
---
## Introduction
At Who's Right, we take the protection of your personal data very seriously. This Privacy Policy explains what data we collect, how we use it, and what your rights are.
This policy applies to the Who's Right mobile application and all associated services.
Data Controller:
Melvin Zerigue (Sole Proprietor)
81 rue des Gentianes
74520 Valleiry, France
Email: contact@whosright.app
---
## 1. Data We Collect
### 1.1 Data You Provide
| Data | When | Required |
|------|------|----------|
| Email address | Account creation | Yes |
| Username | Account creation | Yes |
| Password | Account creation (hashed, not readable) | Yes |
| Profile picture | If you add one | No |
| Preferred language | Settings | No |
### 1.2 Data Generated by Your Use
| Data | Description |
|------|-------------|
| Arguments and debates | Content you publish in debates |
| Scores and analyses | Results generated by our AI |
| Statistics | Number of debates, wins, progression |
| History | Your past debates and their results |
| Preferences | Your interests (onboarding) |
| Reports filed | Reports you file against other users |
| Moderation history | Warnings and sanctions applied to your account |
### 1.3 Subscription and Transaction Data
| Data | Description |
|------|-------------|
| Subscription plan | The type of plan subscribed (Free, Premium, Creator) |
| Billing period | Monthly or yearly |
| Subscription status | Active, expired, in free trial, cancelled |
| Subscription dates | Start date, expiration date, renewal date |
| Free trial period | Trial status (active, converted, expired), start and end dates |
| Transaction identifier | Transaction reference provided by the Apple App Store or Google Play Store |
| Product identifier | Identifier of the subscribed subscription product |
Important: We do not collect or store your payment information (credit card number, etc.). All payments are processed directly and exclusively by Apple (App Store) or Google (Play Store).
### 1.4 Automatically Collected Data
| Data | Purpose |
|------|---------|
| Device identifier | Authentication and security |
| Device type and OS | Compatibility and debugging |
| Connection logs | Security and fraud detection |
| Notification token | Sending push notifications |
| IP address | Security and approximate location |
### 1.5 Sensitive Data
We do not collect sensitive data such as:
- Ethnic origin
- Political opinions (your debate arguments are not categorized as such)
- Religious beliefs
- Health data
- Sexual orientation
---
## 2. How We Use Your Data
### 2.1 Processing Purposes
| Purpose | Legal Basis (GDPR) |
|---------|-------------------|
| Providing the debate service | Contract performance |
| Creating and managing your account | Contract performance |
| Analyzing your arguments with AI | Contract performance |
| Calculating your scores and statistics | Contract performance |
| Managing subscriptions and free trial periods | Contract performance |
| Sending notifications (including trial reminders) | Consent |
| Improving the application | Legitimate interest |
| Ensuring security | Legitimate interest |
| Moderating content | Legitimate interest |
| Responding to your requests | Contract performance |
| Processing reports | Legitimate interest |
| Enforcing moderation sanctions | Legitimate interest |
| Preventing abusive behavior | Legitimate interest |
| Measuring service performance (analytics) | Legitimate interest |
### 2.2 Artificial Intelligence
Your arguments are analyzed by our artificial intelligence system to:
- Rephrase and clarify your statements
- Verify mentioned facts
- Calculate an argumentative quality score
- Identify strengths and weaknesses of your arguments
Important:
- The AI does not make automated decisions concerning you
- Scores are indicative and do not determine your access to the service
- You can request explanations of the analyses
### 2.3 Subscription and Free Trial Data
We process your subscription data to:
- Determine your level of access to features (Free, Premium, Creator)
- Manage your free trial period (duration, eligibility, status)
- Send you reminder notifications before the end of your free trial
- Track subscription conversions and expirations
- Respond to your subscription-related support requests
- Produce aggregated and anonymized statistics on subscription usage
Free trial eligibility is verified jointly by our system and by Apple/Google platforms. We store an indicator noting whether you have already used a free trial.
### 2.4 What We Do NOT Do
- Sell your data to third parties
- Use your data for targeted advertising
- Share your arguments with advertisers
- Create profiles for external marketing purposes
- Store your payment information
---
## 3. Sharing Your Data
### 3.1 Who We Share Your Data With
| Recipient | Data Shared | Purpose |
|-----------|-------------|---------|
| Google Gemini | Argument text (anonymized) | Analysis and scoring |
| Apple | Transaction data, subscription identifiers | Payment and subscription management |
| Google Play | Transaction data, subscription identifiers | Payment and subscription management (Android) |
| Expo | Notification token | Push notifications |
| PostHog | Anonymized usage data | Analytics and service improvement |
| Hosting provider (servers) | All data | Secure storage |
| Moderation team | Reported content, sanctions history | Processing reports and enforcing sanctions |
### 3.2 Transfers Outside the EU
Some of our service providers are located outside the European Union:
| Provider | Country | Safeguards |
|----------|---------|------------|
| Google | United States | Standard contractual clauses |
| Apple | United States | Standard contractual clauses |
| Expo | United States | Standard contractual clauses |
| PostHog | United States | Standard contractual clauses |
These transfers are governed by appropriate safeguards in accordance with the GDPR.
### 3.3 Other Cases of Sharing
We may also share your data:
- If required by law (judicial request, competent authority)
- To protect our legal rights
- In case of merger or acquisition (you will be informed)
---
## 4. Data Retention
### 4.1 Retention Periods
| Data Type | Retention Period |
|-----------|-----------------|
| Account data | Until account deletion |
| Arguments and debates | Until account deletion |
| Connection logs | 12 months |
| Subscription and billing data | 10 years (legal obligation) |
| Free trial data | Duration of subscription + 3 years (legal obligation and fraud prevention) |
| Data after account deletion | 30 days (backup) then permanent deletion |
| Reports filed | 24 months after processing |
| Sanctions history (warnings, suspensions) | 36 months after the sanction |
| Permanent ban data | Indefinite duration (recurrence prevention) |
| Analytics data (aggregated, anonymized) | 24 months |
### 4.2 Deletion
When you delete your account:
1. Your personal data is deleted within 30 days
2. Your arguments in shared debates may be anonymized (replaced with "Deleted User")
3. Billing and subscription data is retained in accordance with legal obligations
4. Your free trial usage indicator is retained for fraud prevention purposes
### 4.3 Retention in Case of Ban
In the event of a permanent ban, certain data is retained to prevent the creation of new accounts:
- Email address
- Device identifiers
- IP address at the time of the ban
This data is retained solely for security purposes and is not used for any other purpose.
---
## 5. Data Security
### 5.1 Technical Measures
We implement the following measures to protect your data:
- Encryption: All communications are encrypted (HTTPS/TLS)
- Passwords: Hashed with secure algorithms (bcrypt)
- Authentication: JWT tokens with expiration
- Database: Restricted and encrypted access
- Backups: Regular and secure
- Webhooks: Store notifications (Apple/Google) are cryptographically verified before processing
### 5.2 Organizational Measures
- Access to data limited to strict necessity
- No storage of passwords in plain text
- Regular system updates
### 5.3 In Case of Breach
In the event of a data breach likely to pose a risk to your rights and freedoms, we will:
- Notify the CNIL within 72 hours
- Inform you as soon as possible
- Take the necessary corrective measures
---
## 6. Your Rights
### 6.1 Rights Guaranteed by the GDPR
As a user, you have the following rights:
| Right | Description | How to Exercise |
|-------|-------------|-----------------|
| Access | Obtain a copy of your data | Email or app settings |
| Rectification | Correct inaccurate data | App settings |
| Erasure | Delete your account and data | Settings > Delete Account |
| Portability | Receive your data in a readable format | Email |
| Objection | Object to certain processing | Email |
| Restriction | Temporarily restrict processing | Email |
| Withdrawal of consent | Withdraw your consent (notifications) | App settings |
### 6.2 How to Exercise Your Rights
By email: contact@whosright.app
In the application:
- Edit your information: Settings > Account
- Delete your account: Settings > Delete My Account
- Manage notifications: Settings > Notifications
- Manage your subscription: Settings > Manage Subscription (redirects to store settings)
Response time: We will respond to your request within a maximum of 30 days.
### 6.3 Complaint
If you believe your rights are not being respected, you can file a complaint with the CNIL:
CNIL
3 Place de Fontenoy
TSA 80715
75334 Paris Cedex 07
For users outside France, you may also contact your local data protection authority.
---
## 7. Cookies and Similar Technologies
### 7.1 In the Mobile Application
The mobile application does not use cookies. We use:
- AsyncStorage: Local storage of your preferences and tokens
- SecureStore: Secure storage of sensitive data
### 7.2 On the Website (if applicable)
Our website may use cookies to:
- Remember your preferences
- Analyze traffic (analytics)
You can manage cookies in your browser settings.
---
## 8. Minors
### 8.1 Minimum Age
The application is intended for users aged 13 and over.
### 8.2 Users Aged 13 to 16
If you are between 13 and 16 years old:
- You must have permission from your parents or legal guardians
- Your parents may contact us to exercise your rights
- Subscribing to a plan or starting a free trial period requires prior consent from your parents or legal guardians
### 8.3 Children Under 13
We do not knowingly collect data concerning children under 13 years of age. If we discover that a user is under 13, their account will be deleted.
---
## 9. Push Notifications
### 9.1 Types of Notifications
We may send you notifications to:
- Inform you that it is your turn in a debate
- Notify you of debate results
- Alert you to a response to your argument
- Send you reminders (pending debate)
- Remind you of the upcoming end of your free trial period (a reminder is sent before expiration)
- Inform you of the expiration of your free trial
### 9.2 Managing Notifications
You can at any time:
- Disable notifications in the app settings
- Disable notifications in your phone settings
Note: Disabling trial reminder notifications does not change the terms of your subscription. The free trial automatically converts to a paid subscription at the end of the trial period, whether or not you have received reminder notifications. The full terms are communicated to you at the time of starting the trial.
---
## 10. Changes to This Policy
### 10.1 Updates
We may modify this Privacy Policy at any time. In the event of a substantial change:
- We will inform you via the application or by email
- The "last updated" date will be changed
- Changes will take effect 30 days after notification
### 10.2 History
You may contact us to obtain previous versions of this policy.
---
## 11. Contact
For any questions regarding this Privacy Policy or your personal data:
Email: contact@whosright.app
Postal address:
Melvin Zerigue
81 rue des Gentianes
74520 Valleiry, France
Data Protection Officer (DPO):
Not applicable (sole proprietorship with fewer than 250 employees not processing sensitive data at scale)
---
## 12. Simplified Summary
For those who don't have time to read everything:
| Question | Answer |
|----------|--------|
| What data? | Email, username, your debates and arguments, subscription data |
| Why? | To run the app, analyze your arguments, and manage subscriptions |
| Sold? | No, never |
| Shared? | Only with our technical providers (AI, payments, analytics) |
| Payment data? | Managed exclusively by Apple/Google, never by us |
| Deletable? | Yes, at any time in the settings |
| Secure? | Yes, encryption and best practices |
---
This Privacy Policy was drafted on December 17, 2025 and updated on February 10, 2026.