At Whatshappening.ai, your privacy is not just a legal requirement — it's a core part of what we believe in. We understand that your journal entries are deeply personal, and we treat them with the respect and confidentiality they deserve. This policy explains how we handle your data, what we collect, and how we protect it in clear language.
Whatshappening.ai is a service provided by Abhinav Rai, and we operate in full compliance with the UK GDPR and, where applicable, the EU GDPR. If you have any questions about this policy, please don't hesitate to email us at abhi@whatshappening.ai
When you sign up using Google or Apple, we receive your name, profile photo, and email address from the provider to create your account. Authentication is handled securely via OAuth — we do not collect or store your password.
When you use the journalling feature, we collect:
We do not collect any data beyond what is necessary to provide the service.
We use your data solely to deliver the Whatshappening service to you. Specifically:
We do not use your data for advertising, do not sell your data to any third party, and do not use your data to train AI models.
Before any of your data is sent to third-party AI services, the app asks for your explicit consent during onboarding. You will be shown a clear explanation of which data is shared, with whom, and for what purpose. You must actively agree before the service activates. If you decline, you will not be able to use the app's journalling features.
Your entries are private. Employees do not access your recordings or transcripts unless explicitly required by law (e.g., a valid court order). Third-party providers (Supabase) also follow strict protocols and cannot access your data without legal mandates.
We process your personal data to provide the Whatshappening service you signed up for. By creating an account and using the app, you consent to the processing of your data for the sole purpose of delivering this service.
| Data Type | Lawful Basis |
|---|---|
| Email Address | Contract |
| Audio Recordings | Contract |
If your entries contain sensitive data (such as information about your health or mental state), you are choosing to provide that data voluntarily. It is processed solely to deliver the service to you. This qualifies as explicit consent under Article 9(2)(a) of the GDPR, based on your affirmative action of using the app.
WhatsHappening is not intended for individuals under 13 years old (or under 16 in the EU where applicable). We do not knowingly collect personal data from children.
All AI calls are proxied through our own backend server. Third-party providers never receive your name, email address, or account details — they only receive the specific data described below. These providers operate solely on our instructions and do not use your data for their own purposes.
| Provider | Country | Data Shared | Purpose | Protection |
|---|---|---|---|---|
| Deepgram | USA | Audio recording | Speech-to-text transcription | Data Processing Agreement (DPA); GDPR Standard Contractual Clauses (SCCs) |
| Together AI | USA | Anonymised transcript (no name, email, or account identifiers) | Generating reflective questions, summaries, and insights | Zero-data-retention agreement — contractually bound never to store the data or use it to train AI models; GDPR SCCs |
| Supabase | USA / EU | Account data; encrypted journal entries and transcripts | Authentication and encrypted database storage (AES-256-CBC) | DPA; GDPR SCCs |
| DigitalOcean | USA | Data processed by our backend server | Server hosting and infrastructure | DPA; GDPR SCCs |
We confirm that these providers offer the same or equivalent data protection that we provide.
Your data may be processed outside the UK and EU. We rely on the providers listed in the "Third-Party AI & Sub-Processors" section above — Deepgram, Together AI, Supabase, and DigitalOcean — all of which include GDPR-compliant Data Processing Agreements (DPAs) in their service terms.
All international transfers are made under Standard Contractual Clauses (SCCs) to meet GDPR requirements. Together AI is contractually bound never to store your data or use it to train AI models.
We implement robust security measures, including encryption, access control, and regular audits, to protect your data from unauthorized access or misuse.
We retain your data until you delete your account or request deletion. You can request removal of your data at any time by contacting us at abhi@whatshappening.ai.
We may use your email address to send you updates and marketing materials about Whatshappening, but only if you have given us your explicit consent or if you are an existing customer and have not opted out.
You can unsubscribe from marketing communications at any time by clicking the unsubscribe link in the email or by contacting us at abhi@whatshappening.ai.
Whatshappening does not use cookies, local storage, or browser fingerprinting.
We may disclose personal data ONLY IF legally compelled to do so. All requests are reviewed and, where appropriate, challenged. Where possible, we will notify you before any disclosure.
You have the following rights regarding your personal data:
To exercise these rights, contact us at abhi@whatshappening.ai.
If you are a California resident, you have the following rights:
To exercise your rights, contact us at abhi@whatshappening.ai.
Email: abhi@whatshappening.ai
Postal Address: 175, Model Town, Pyara Chowk, Yamunanagar, Haryana, India - 135001
We may update this Privacy Policy from time to time. Material changes will be communicated via the app or by email. We recommend reviewing the policy periodically.