Wanderwhim

Privacy Policy

Effective May 21, 2026

This policy describes what Wanderwhim collects, how it is used, and the third-party services it relies on. It is written to be read, not to cover anyone’s back.

What we collect

  • Account information. Email address and password hash (passwords are never stored in plaintext).
  • Content you create. Topics, sources, notes, writings, regions, and explorations. This is your data — we treat it as confidential and do not sell or share it.
  • Usage events. Page paths, referrer, IP address, user agent, session ID, and product events (topic created, exploration generated, etc.). Stored in our own database, not sent to a third-party analytics provider.
  • Billing details. When you start a paid plan, Stripe collects your payment method. We never see your card number — only the subscription state, customer ID, and billing email.

How we use it

  • To operate Wanderwhim and provide the features you ask for.
  • To generate AI responses against your sources. The text you submit to AI features is sent to our model gateway and embeddings provider. Their handling of submitted text is governed by their own policies.
  • To enforce usage limits and protect against abuse (rate limits, billing caps).
  • To send transactional email (sign-up confirmation, password reset, billing notices) via a transactional email provider.
  • To understand product usage in aggregate. We do not build advertising profiles and do not run third-party trackers.

Third-party processors

Wanderwhim runs on a small set of vendors. Each receives only the data needed to do its job. Our current subprocessors are listed below; we will update this list when it changes.

  • Supabase — authentication, database, file storage.
  • Render — application hosting and runtime logs.
  • OpenRouter — gateway to large language models from major AI providers. Receives prompts and source content you submit to AI features.
  • VoyageAI — generates embeddings from source text so the canvas can place related sources near each other.
  • Stripe — payment processing and subscription management.
  • Resend — transactional email delivery.
  • Sentry — error and exception logging from the app and server. Receives error context (stack traces, request paths, browser/OS info) when something goes wrong.

Retention & deletion

Your content is retained while your account is active. You can delete any item from inside the app. From Settings → Account you can delete your entire account; this removes your profile, topics, sources, writings, and usage history from our database. Stripe retains a record of past transactions for tax and audit compliance.

Cookies & local storage

We use first-party cookies for authentication (an auth-provider session) and localStorage for a session identifier used to dedupe analytics events. No third-party advertising cookies are set.

Your rights

You can export, correct, or delete your data at any time from inside the app. If you are in the EU, UK, or California, you may also have the right to request a copy of the personal data we hold about you, or to object to processing. Reach us at [email protected] and we will respond.

Children

Wanderwhim is not intended for users under 16. We do not knowingly collect data from children.

Changes

Material changes to this policy will be announced via email or an in-app notice before they take effect. The effective date at the top reflects the most recent revision.

Contact

Questions or requests: [email protected].