Privacy Policy

Last updated: March 14, 2026

Idea-Ping ("we", "our", or "us") is operated by an individual sole proprietor. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our WhatsApp-based business idea collection service.

1. Information We Collect

Personal Information

  • Account Information: Email address (used for account creation and communication)
  • Contact Information: WhatsApp phone number (required to receive and process your messages)
  • Payment Information: Billing details processed securely through Stripe (we do not store credit card numbers)

Content You Provide

  • Business Ideas: Text and voice messages you send via WhatsApp, which are processed by our AI to extract and structure your ideas
  • Quiz Responses: Answers provided during our onboarding funnel (used to improve our service)

Automatically Collected Information

  • Usage Data: How you interact with our service, pages visited, features used
  • Device Information: Browser type, operating system, device type
  • Cookies: Session tokens and preferences (see our Cookie Policy)

2. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal information based on the following legal grounds:

  • Contract Performance: Processing your data to provide the service you signed up for (account, idea processing, payments)
  • Legitimate Interests: Analyzing usage patterns to improve our service, detect fraud, and ensure security
  • Consent: For marketing communications and certain cookie usage (you can withdraw consent at any time)
  • Legal Obligation: Retaining payment records as required by tax and accounting regulations

3. How We Use Your Information

  • Service Delivery: To provide, maintain, and improve our core service of capturing and structuring your business ideas
  • AI Processing: To process your text and voice messages using OpenAI's GPT and Whisper APIs for idea extraction and structuring
  • Communication: To send you service-related updates, payment confirmations, and respond to your inquiries
  • Payment Processing: To process subscriptions and manage your account via Stripe
  • Security: To detect, prevent, and address technical issues and fraudulent activity
  • Improvement: To analyze usage patterns and improve our service

4. How We Share Your Information

We share your information only with trusted third-party service providers who assist us in operating our service:

  • Supabase (supabase.com): Database and authentication services. Data is stored in Supabase's secure cloud infrastructure. See Supabase Privacy Policy.
  • Stripe (stripe.com): Payment processing. See Stripe Privacy Policy.
  • OpenAI (openai.com): AI processing. Your message content is sent to OpenAI for idea extraction and transcription. OpenAI processes this data according to their API data policies, which include not using API data to train their models by default. See OpenAI Privacy Policy.
  • Meta/WhatsApp (whatsapp.com): Message delivery infrastructure. WhatsApp messages are end-to-end encrypted, meaning Meta cannot read the content of your messages. However, metadata (such as phone numbers and timestamps) may be processed by Meta. See WhatsApp Privacy Policy.

These providers are contractually bound to protect your information and are only permitted to use it to provide services on our behalf.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide you services:

  • Account Data: Retained until you delete your account or request deletion
  • Business Ideas: Retained until you delete them or delete your account
  • Payment Records: Retained for 7 years as required by tax and accounting regulations
  • Quiz Responses: Anonymized after 90 days for analytics purposes
  • Usage Logs: Deleted after 12 months

6. Your Rights

For All Users

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your account and associated data
  • Data Portability: Request your data in a machine-readable format
  • Withdraw Consent: Withdraw consent for data processing where applicable

For EU/EEA/UK Residents (GDPR & UK GDPR)

  • Right to lodge a complaint with your local supervisory authority (e.g., ICO in the UK, or your national Data Protection Authority)
  • Right to restrict processing of your data
  • Right to object to processing based on legitimate interests

For California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act and California Privacy Rights Act, you have the following rights:

  • Right to know what personal information is collected, used, and disclosed in the last 12 months
  • Right to delete your personal information
  • Right to correct inaccurate personal information
  • Right to opt-out of the sale or sharing of personal information
  • Right to limit the use of sensitive personal information
  • Right to non-discrimination for exercising your CCPA/CPRA rights

We do not sell or share personal information for cross-context behavioral advertising.If this changes, we will provide a "Do Not Sell or Share My Personal Information" link on this page.

Categories of Personal Information Collected (CCPA Disclosure)

In the past 12 months, we collected the following categories of personal information:

  • Identifiers (email address, phone number)
  • Commercial information (payment and transaction data via Stripe)
  • Internet activity (usage data, device information)
  • Inferences (preferences based on your use of the service)

7. Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Row-level security policies on all database tables
  • Secure authentication with JWT tokens
  • Regular security reviews and vulnerability assessments

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in the case of GDPR, within 72 hours of becoming aware of the breach, in accordance with applicable law.

9. Cookies and Tracking

We use cookies and similar technologies to operate our service. For detailed information, please see our Cookie Policy.

We do not currently respond to "Do Not Track" (DNT) signals, as there is no universally accepted standard for how websites should interpret such signals.

10. Children's Privacy

Our service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.

For users aged 13-17, parental consent may be required depending on your jurisdiction before using our service.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States where many of our service providers are located. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission for transfers of personal data to third countries
  • Data Processing Agreements (DPAs) with all third-party processors that comply with GDPR requirements
  • Reliance on providers that have certified to the EU-U.S. Data Privacy Framework where applicable

By using our service, you acknowledge and consent to the transfer of your information to these countries.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date at the top
  • Sending you an email notification for significant changes (using the email address associated with your account)

We encourage you to review this Privacy Policy periodically. Your continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

We will acknowledge receipt of your request within 14 days and respond substantively within 30 days. For complex requests, we may extend this period by an additional 60 days and will inform you of the extension.