We keep this short and real. No legalese. You deserve to know exactly what we collect, why, and what your rights are — so here it is, straight up.
Willappy (willappy.com) is a community platform built for young women with ambitions in content creation, gaming, entrepreneurship, fashion, sports, and life in general. It’s a personal project — not a corporation — run by a sole founder.
For anything privacy-related, you can reach us at: safety@willappy.com
Because we’re based in Europe and some of our members are in the EU, we take GDPR seriously. This policy reflects that.
We only collect what we actually need to run the platform. Here’s a plain-English breakdown:
| Data | Why we need it | Legal basis |
|---|---|---|
| Email address | Account registration, login, notifications, password resets | Contract (necessary to use the service) |
| Username | Your identity on the platform — how the community knows you | Contract |
| Date of birth | Age verification at registration — required to access the platform | Legal obligation / Contract |
| Profile fields (bio, interests, links) | So you have a profile — you only fill in what you want visible | Contract / Consent |
| Profile picture & uploaded media | So your profile and posts have visuals. You upload it, it displays it. | Contract / Consent |
| Private messages (Whispers) | To deliver messages between members. We don’t read them. | Contract |
| Activity data (posts, comments, likes) | To power the For You feed and community features | Contract |
| IP address & browser info | Security, spam prevention, basic site function | Legitimate interest |
| Usage analytics (via Google Analytics) | To understand how the platform is being used so we can improve it | Consent (cookie banner) |
We do not sell your data. We do not share it with advertisers. We do not buy or trade user data.
The safety of our community is non-negotiable. Uploaded images and media on Willappy are subject to automated scanning for child sexual abuse material (CSAM) through Cloudflare’s CSAM Scanning Tool, which uses hash-matching technology in partnership with the National Center for Missing and Exploited Children (NCMEC).
If a match is detected, the content is automatically blocked, reported to NCMEC, and we are notified so we can take further action including reporting to law enforcement where required.
This scanning is not optional — it is a baseline safety measure that applies to all content uploaded through our infrastructure, without exception.
We use cookies for two things: keeping you logged in, and Google Analytics. That’s it.
Essential cookies keep your session active — without them, the site doesn’t work. These don’t require your consent.
Analytics cookies (Google Analytics) help us understand traffic and usage patterns. These are optional and require your consent, which we ask for when you first visit.
You can disable analytics cookies in your browser settings or via your cookie preferences at any time.
We use a small number of third-party services to run the platform. Each receives only the minimum data they need:
| Service | Purpose |
|---|---|
| Namecheap / Plesk | Web hosting — servers currently located in the USA, with migration to Canadian servers planned imminently. Data transferred outside the EU is subject to standard contractual protections. |
| Cloudflare | DNS, CDN, security, and CSAM content scanning — your connection and uploaded content passes through them |
| NCMEC | Receives reports of detected CSAM via Cloudflare’s automated reporting tool. Only triggered in the event of a positive hash match. |
| Google Analytics | Anonymous usage statistics — only if you consent |
| Brevo (planned) | Transactional email (registration confirmations, notifications) |
We don’t share data with any other third parties. If that ever changes, we’ll update this policy and let you know.
Your account data is kept for as long as your account is active. If you delete your account, we delete your personal data within 30 days — except for anything we’re required to keep for legal or security reasons (like IP logs for fraud prevention).
Content you’ve posted publicly (posts, comments) may remain visible after account deletion unless you explicitly request removal.
Google Analytics data is retained for 14 months by default, in line with Google’s standard settings.
Under GDPR (and frankly, because it’s the right thing to do), you have the following rights regarding your data:
To exercise any of these rights, just reach out via the contact details below. We’ll respond within 30 days.
If we make meaningful changes to this policy, we’ll let the community know via a post in the Latest Tea section and update the date at the top of this page. Continued use of the platform after changes means you accept the updated policy.
If anything in here is unclear, or you want to exercise your rights, reach out. We’re people, not a legal department.
Email: safety@willappy.com
Or DM us on platform — whisper @willappy
If you feel your data rights have been violated and we haven’t resolved it, you have the right to lodge a complaint with your national data protection authority. In Romania, that’s the ANSPDCP (anspdcp.ro).