Privacy Policy

Effective date: 2025-06-01

This Privacy Policy explains how whoami ("we", "us", or "our"), operated at whoamiagent.com, collects, uses and protects your information. By using our service, you agree to the practices described below.

1. Information We Collect

1.1 Account Information

When you sign in through a third-party OAuth provider (GitHub, Google, Microsoft, Apple, or X), we receive and store:

  • Your display name
  • Email address (if provided by the OAuth provider)
  • Avatar / profile picture URL
  • A unique provider-specific user ID

We do not receive or store your passwords.

1.2 Identity Profile Content

You may create and edit a personal identity profile in Markdown format. This content is stored on our servers and made available to AI agents you have authorised via agent keys.

1.3 Usage Data

We use Google Analytics 4 to collect anonymised usage data such as page views, session duration, device type and referring sources. This data does not personally identify you.

2. How We Use Your Information

  • Provide the service — authenticate you, store your profile and sync it to your authorised AI agents.
  • Improve the service — analyse aggregated usage patterns to fix bugs and prioritise features.
  • Communicate — send essential service-related notices (e.g. security alerts). We do not send marketing emails.

3. Data Sharing

We do not sell your personal information. We share data only in these cases:

  • With your AI agents — your identity profile is shared with AI agents you explicitly connect via agent keys.
  • Service providers — we use third-party infrastructure (cloud hosting, analytics) that may process data on our behalf under strict confidentiality obligations.
  • Legal requirements — we may disclose information if required by law, regulation or legal process.

4. Data Storage & Security

Your data is stored on servers with industry-standard security measures including encrypted connections (HTTPS/TLS), secure authentication tokens (httpOnly cookies) and access controls. While we take reasonable precautions, no system is 100% secure.

5. Data Retention

We retain your account and profile data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

6. Cookies

We use the following cookies:

  • access_token — an httpOnly, secure session cookie for authentication. Essential for the service to function.
  • Google Analytics cookies — anonymised analytics cookies (_ga, _ga_*) to understand usage patterns.

7. Your Rights

You have the right to:

  • Access your personal data via the dashboard.
  • Edit or delete your identity profile at any time.
  • Delete your account by contacting us.
  • Withdraw consent for analytics by using browser-level cookie controls or ad-blockers.

8. Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us so we can remove it.

9. International Data Transfers

Your data may be processed in countries other than your own. By using the service, you consent to the transfer of your information to countries that may have different data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective date" above. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy, please open an issue on our GitHub repository.