Skip to main content
Back to home

Privacy Policy

Last updated: April 12, 2026

1. Children's Privacy

What If'd is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] so we can take appropriate action.

2. What We Collect

When you sign in with Google, we receive and store the following from your Google profile:

  • Name and email address
  • Profile photo URL

We also store content you create on What If'd, including stories, comments, upvotes, bookmarks, and ratings.

3. How We Use Your Data

  • Your Google profile info is used to identify you and display your profile.
  • Moment content you submit is sent to an AI provider to generate alternate-reality scenarios. The AI provider processes your text but does not retain it beyond the request.
  • We do not sell your data or use it for advertising.

4. Third-Party Services

  • Google OAuth — used for authentication. Google receives standard OAuth data during sign-in. See Google's Privacy Policy.
  • AI providers — moment text is sent to an AI model (such as Google Gemini or similar) for generation. Prompts are not stored by these providers beyond the API request.
  • Umami Analytics — we may use self-hosted, cookieless analytics to measure aggregate page views and referrers. No personally identifiable information is collected, and data never leaves our own servers.

5. Data Storage

Your data is stored in a PostgreSQL database on our servers. We use industry-standard security practices to protect it. We do not share your data with third parties beyond the services listed above.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, all associated data (stories, comments, upvotes, bookmarks, and ratings) is permanently removed.

7. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach, to the extent reasonably practicable.

Our notification will include:

  • A description of what happened
  • The categories of personal data affected
  • The steps we are taking to address the breach and prevent recurrence
  • Recommendations for what you can do to protect yourself

8. Your Rights

  • Access — you can view all your data through your profile page.
  • Deletion — you can request full account and data deletion by contacting us. All your content will be permanently removed.
  • Portability — you can request a copy of your data at any time.

9. Cookies

We use a session cookie to keep you signed in. We do not use tracking cookies or analytics cookies. If we enable analytics in the future, it will be cookieless — no analytics cookies will be set.

10. Changes to This Policy

We may update this policy from time to time. Changes will be reflected by the “Last updated” date above.

11. Contact

If you have questions about this privacy policy, want to exercise your data rights, or need to report a children's privacy concern, email us at [email protected].