Last updated: April 2026
This Privacy Policy explains how WhosRight ("we", "us", "our") collects, uses, and protects information about you when you use whosright.cc. By using the service you agree to the practices described here. If you do not agree, please do not use the service.
We collect information you provide directly (username, email address, hashed password, content you post, comments, votes, subscription details) and information collected automatically (IP address, browser type, device type, pages visited, referring URL, approximate location derived from IP, interaction timestamps). We also generate anonymous visitor tokens to count unique post views without identifying you personally.
We use your information to operate the service (authenticate you, display your content, count votes and views, enforce daily limits), to communicate with you (transactional emails like password resets and subscription receipts, bug-report confirmations), to improve the platform (aggregated analytics, debugging), to prevent abuse (reCAPTCHA, fraud detection, rate limiting), and to comply with legal obligations.
We use cookies and similar technologies for authentication (JWT refresh tokens in HTTP-only cookies), language preference, and anti-bot protection. Third parties on our site — notably Google AdSense and Google reCAPTCHA — set their own cookies to serve personalized ads and detect automated traffic. You can control cookies in your browser settings; disabling them may break parts of the service such as login.
Free-tier users see ads served by Google AdSense. Google and its partners use cookies to serve ads based on a user's prior visits to this and other websites. Google's use of advertising cookies enables it and its partners to serve ads to our users based on their visit to whosright.cc and other sites on the Internet. You may opt out of personalized advertising by visiting Google's Ads Settings at adssettings.google.com, or opt out of some third-party vendors' use of cookies at aboutads.info/choices. Upgrading to any paid tier removes ads entirely.
We rely on the following processors to run the service: Stripe (payment processing and billing), MongoDB Atlas (database hosting), Vercel (frontend hosting), Railway (backend hosting), Resend (transactional email delivery), Google reCAPTCHA (bot protection), Google AdSense (advertising on free tier), and Google Gemini (AI Judge feature, which processes post content to generate verdicts). Each of these providers has its own privacy policy and processes data under its own terms. We share only the minimum data needed for each service to function.
We do not sell your personal data. We share data only with the processors listed above, when legally required (subpoena, court order, or to protect the rights and safety of our users), or with your explicit consent. Content you post publicly (story text, comments, votes) is visible to all site visitors but is not tied to your identity since posts are anonymous.
Account data is retained for as long as your account exists. Posts, comments, and votes remain public until you delete your account or request their removal. Server logs are kept for up to 90 days. Stripe webhook events are automatically purged after 30 days. Password reset tokens expire after 1 hour.
Depending on where you live you may have rights under GDPR, UK GDPR, CCPA, or other laws — including the right to access the data we hold about you, correct it, delete it, restrict or object to its processing, port it to another service, and withdraw consent at any time. To exercise any of these rights, email admin@whosright.cc from the address linked to your account. We respond within 30 days.
WhosRight is not intended for children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has registered, contact admin@whosright.cc and we will delete the account.
Passwords are stored using industry-standard bcrypt hashing. We use HTTPS everywhere, JWT-based authentication with short-lived access tokens, and optional WebAuthn biometric login. No system is completely secure, but we take reasonable steps to protect your data. If we ever detect a breach that affects you, we will notify you as required by law.
Our service is operated from the European Union but uses providers (Stripe, Google, MongoDB Atlas, Vercel, Railway) that may process data in the United States and other countries. Where required, we rely on Standard Contractual Clauses or equivalent legal mechanisms for international transfers.
We may update this Privacy Policy from time to time. Material changes will be announced on the site or via email. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the service after changes means you accept the updated policy.
For privacy questions, data-access requests, or to exercise any of the rights above, email admin@whosright.cc.