← Back to Portfolio

whichOne Privacy Policy

App: whichOne
Developer: Adarsh Kumar Verma
Privacy contact: avwithai.port@gmail.com
Last updated: May 19, 2026

1. Overview

This Privacy Policy explains how whichOne accesses, collects, uses, shares, retains, and deletes user data. whichOne is a nearby social discovery, request, story, chat, and calling app that uses Firebase services, Google Sign-In, location permission, media permissions, notifications, WebRTC calls, Google Play Billing, and RevenueCat subscriptions.

whichOne does not sell personal or sensitive user data. whichOne does not show third-party ads and does not use advertising tracking SDKs. The app is intended for adults and is not directed to children.

2. Data We Access or Collect

Account and authentication data

Data: Firebase user ID, Google Sign-In profile details such as name, email address, and profile photo URL, sign-in status, account creation date, and account update date.

Use: Create and secure your whichOne account, keep you signed in, restore access, and connect your account to app features.

Sharing or visibility: Processed by Firebase Authentication and Google Sign-In. Your public display name and profile photo may be visible to other signed-in users according to app features and privacy settings.

Retention: Kept while your account is active. Deleted from active whichOne systems after a verified account deletion request, except where limited retention is needed for security, abuse prevention, billing, or legal compliance.

Profile and discovery data

Data: Display name, designation, bio, age, gender, interests, profile completion status, uploaded profile photos, visibility settings, blocked users, profile view counts, and profile view records.

Use: Show your profile, help nearby users decide whether to connect, support privacy controls, block/report safety features, and provide premium profile-view features.

Sharing or visibility: Profile fields, photos, interests, designation, approximate distance, and active story previews may be visible to signed-in users when your visibility settings allow it.

Retention: Kept while your account is active. Profile photos and profile data are removed during account deletion. Some safety or audit metadata may be retained in limited form when needed to protect users or comply with obligations.

Location and nearby visibility data

Data: Precise device location is accessed only after permission is granted. whichOne stores an approximate map location, geohash, nearby visibility mode, and nearby session expiry when nearby mode or map story sharing is enabled.

Use: Find nearby users, show approximate distance, power the map experience, and hide your location when visibility is off or a nearby session expires.

Sharing or visibility: Your exact live location is not shown to other users. Approximate distance, nearby presence, or map-story location may be visible to signed-in users based on your settings.

Retention: Nearby location records are temporary and are removed when visibility is hidden, permission is off, the session expires, you sign out, or you delete your account.

Requests, chats, reactions, and attachments

Data: Hangout requests, sender and receiver IDs, request messages, chat room membership, text messages, encrypted message payloads, E2EE device and key metadata, images, videos, voice messages, documents, encrypted file references, reply previews, reactions, file names, file sizes, timestamps, unread/read/delivery data, and deleted-message metadata.

Use: Send requests, create chats after a request is accepted, deliver messages, show read/delivery state, support message deletion, and maintain conversation integrity.

Sharing or visibility: Chat content and attachments are visible to the chat participants. Request details are visible to the sender and receiver. Notifications may include sender name and message preview.

Retention: Kept while needed for the chat feature. User-deleted messages are soft-deleted or marked as deleted. During account deletion, sent message content, encrypted payloads, encrypted file references, E2EE devices, and media are removed where technically possible, while limited room metadata may remain for the other participant and safety purposes.

Stories and map stories

Data: Photos or videos you capture or upload, captions, filters, media thumbnails, owner name, owner photo, story visibility, approximate map location when published to the map, story views, and timestamps.

Use: Create temporary stories, display stories on the map when selected, count story views, and help nearby users discover public map stories.

Sharing or visibility: Map stories are visible to signed-in users while active. Private or non-map stories are limited by the app feature in which they are used.

Retention: Stories are designed to expire after about 24 hours and are also removed when deleted by you or during account deletion. Cached copies and backups may expire later under Firebase systems.

Audio/video call and presence data

Data: Online status, last seen time, typing indicators, call session IDs, caller/receiver IDs, call type, call status, call logs, WebRTC signaling data, and ICE candidates. Live microphone and camera streams are used for calls.

Use: Show presence, support typing indicators, connect audio/video calls, display incoming call notifications, and log missed/ended calls.

Sharing or visibility: Presence and call state are visible to relevant chat participants. Live call media is sent through WebRTC between participants and may use STUN/TURN relay providers when required by the network.

Retention: Transient call setup records are cleaned up after calls end or expire where technically possible. whichOne does not record live audio or video calls.

Device permissions, local files, and camera/media access

Data: Camera, microphone, photo/video/audio library access, selected documents, downloaded files, and temporary local files created for compression, thumbnails, recording, or chat downloads.

Use: Capture stories, make audio/video calls, send media or documents, record voice messages, compress uploads, and save chat downloads you choose to open.

Sharing or visibility: Only files you choose to upload or send are transmitted to Firebase Storage and then shared with the intended app audience or chat participant.

Retention: Temporary local files are handled on your device. Uploaded profile, story, and chat media are retained as described for the relevant feature.

End-to-end encryption and device security data

Data: Device-specific encryption keys or public key material, encrypted private request notes, encrypted story replies, encrypted chat media metadata, secure local key storage state, and related setup status.

Use: Encrypt supported one-to-one chat messages, shared files, private request notes, and story replies on your device before upload, then decrypt them only on participant devices.

Sharing or visibility: Encrypted payloads may be stored in Firebase for delivery, but the content is designed to be readable only by intended participant devices. Notification previews are kept limited for privacy.

Retention: Kept while your account and active chats need encrypted messaging. If you reinstall or move to a new device, older encrypted content may not be recoverable. E2EE device records are deleted or anonymized during account deletion where technically possible.

Notifications and app activity data

Data: Firebase Cloud Messaging tokens, notification delivery data, active chat room marker, active chat room expiry, unread counts, notification interaction data, and foreground/background notification state.

Use: Send requests, chat, story, and incoming call notifications; avoid duplicate notifications; and keep notification counts accurate.

Sharing or visibility: Processed by Firebase Cloud Messaging and device notification services. Notification previews may appear on your device according to your operating-system settings.

Retention: Notification tokens are kept while your account is active and are removed or invalidated when no longer usable or when your account is deleted.

Payments, subscriptions, coins, and purchase status

Data: RevenueCat app user ID, entitlement status, product ID, store, expiry date, subscription tier, coin balance, and coin transaction history. Payment card details are handled by Google Play, not by whichOne.

Use: Provide paid features, restore purchases, manage subscriptions, prevent fraud, track coin balances, and provide purchase support.

Sharing or visibility: Processed by Google Play Billing and RevenueCat. whichOne stores purchase status needed to unlock app features.

Retention: Kept while needed for subscriptions, support, fraud prevention, tax, accounting, dispute handling, and legal compliance. Google Play and RevenueCat may retain transaction records under their own policies.

Reports, blocks, support, and deletion requests

Data: Blocked user IDs, report reason, report description, reporter ID, reported account ID, support emails, deletion request details, and request verification information.

Use: Protect users, investigate abuse, enforce safety controls, respond to support requests, and process account or data deletion requests.

Sharing or visibility: Reports are restricted to the developer or service providers needed for safety review. Support and deletion emails are handled through the developer contact channel.

Retention: Support and deletion messages are normally kept for up to 90 days after resolution. Safety records may be retained longer when needed to prevent abuse, investigate reports, or comply with legal obligations.

3. How We Use Data

  • To create, secure, and maintain user accounts.
  • To show public profiles, nearby discovery, approximate distance, map stories, and privacy controls.
  • To send hangout requests, create chats, deliver messages, support media sharing, and enable audio/video calls.
  • To provide notifications, presence, typing status, unread counts, subscriptions, premium features, and coins.
  • To respond to support, account deletion, data deletion, report, and safety requests.
  • To prevent spam, fraud, abuse, unauthorized access, and policy violations.
  • To comply with legal obligations and enforce app terms or safety rules.

4. Location, Camera, Microphone, and Media Permissions

Location is used only when you grant permission and use location-based features such as nearby discovery or map stories. whichOne stores approximate location information for map features rather than showing your exact live location to other users.

Camera, microphone, photos, videos, audio, and document access are used only for features you choose to use, such as stories, profile photos, chat attachments, voice messages, and audio/video calls. Live calls are not recorded by whichOne.

5. Third-Party Services and Sharing

whichOne shares data only with service providers needed to operate the app, process purchases, support maps, deliver notifications, connect calls, provide support, prevent abuse, or comply with law. These providers may process data under their own terms and privacy policies.

Firebase Authentication

Google-backed account authentication and account security.

Cloud Firestore, Firebase Realtime Database, Firebase Storage, Cloud Functions, Firebase Cloud Messaging, and Firebase App Check

App database, presence, media storage, backend functions, push notifications, and abuse-resistant backend access.

Google Sign-In

Optional sign-in provider for creating and accessing your whichOne account.

Google Play Billing

In-app purchase and subscription payment processing. whichOne does not receive your full payment card details.

RevenueCat

Subscription entitlement management, purchase restoration, and subscription webhook status updates.

Mapbox and OpenStreetMap contributors

Map tile display. Map tile providers may receive technical request data such as IP address, device/browser request information, and requested map tile coordinates when map tiles load.

WebRTC STUN/TURN providers

Audio/video call connectivity. Calls use WebRTC and may use STUN/TURN relay infrastructure when a direct connection is not possible.

6. Security

whichOne uses Firebase and Google-backed services that transmit data over secure connections. Firestore, Realtime Database, and Storage security rules limit access based on authentication, ownership, and feature permissions. New one-to-one chat messages, shared chat files, private request notes, and story replies are encrypted on the device before upload where the app feature supports encryption. No internet service can guarantee perfect security, but whichOne uses reasonable safeguards for the data handled by the app.

7. Data Retention and Deletion

whichOne keeps account, profile, discovery, chat, story, purchase status, and safety data while your account is active and while the data is needed to provide app functionality. Temporary nearby sessions, active stories, call setup data, notification markers, and cached app state are designed to expire or be cleared when no longer needed.

You can request account and associated data deletion from inside the app or from the public deletion page. When an account deletion request is verified, whichOne deletes or anonymizes account data from active systems within a reasonable period, normally 7 to 14 days. This includes profile data, map stories, story and profile view records, requests, approximate location data, notification tokens, E2EE devices, sent chat content, encrypted message payloads, and encrypted chat file references where technically possible.

Some limited information may be retained longer where needed for security, fraud prevention, abuse reports, dispute handling, tax, accounting, legal compliance, or to preserve another user's conversation context after your sent content has been removed. Google Play, RevenueCat, Firebase, Mapbox, email providers, and device platforms may also retain data under their own policies.

To request deletion from outside the app, visit the whichOne Account and Data Deletion page or email avwithai.port@gmail.com with the subject line whichOne Data Deletion Request.

8. Your Choices

  • You can hide nearby visibility, turn off nearby mode, or deny location permission.
  • You can delete stories, delete your own chat messages, remove profile photos, block users, and report abuse.
  • You can request deletion of your whole account or specific data from the public data deletion page.
  • You can deny camera, microphone, notification, or media permissions, but related app features may not work.
  • You can manage or cancel subscriptions through Google Play account settings.
  • You can delete your account in the app from Settings > Data Deletion or request deletion by email.

9. Children and Child Safety

whichOne is intended for adults and requires users to provide an adult age during profile setup. The app is not directed to children under 13. If you believe a child has provided personal data to whichOne, contact the developer so the data can be reviewed and deleted where appropriate.

whichOne has zero tolerance for child sexual abuse and exploitation (CSAE), child sexual abuse material (CSAM), grooming, sextortion, trafficking of children, sexualization of minors, predatory behavior toward minors, or any content or conduct that endangers children.

Users can report child safety concerns in the app through available report, block, abuse-report, support, or safety feedback flows. Child safety concerns can also be sent to avwithai.port@gmail.com. When whichOne obtains actual knowledge of CSAM or credible CSAE activity, the developer may remove content, restrict or terminate accounts, preserve relevant safety evidence, and report confirmed CSAM or child exploitation concerns to NCMEC, law enforcement, regional child safety authorities, or other appropriate organizations where required or appropriate.

whichOne's published child safety standards are available on the whichOne Child Safety Standards page.

10. Changes and Contact

This Privacy Policy may be updated from time to time. Updates will be posted on this page with a revised last updated date.

For privacy questions, support, or deletion requests, contact:
Adarsh Kumar Verma
Email: avwithai.port@gmail.com

a² + b² = c²Pythagoras