Whistle
PricingSign In

Privacy Policy

Last updated: February 6, 2026

1. Introduction

Whistle ("we," "our," or "us") operates the website at whistlerules.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using Whistle, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect the following types of information:

Account Information

When you register, we collect your name, email address, and password (stored securely using bcrypt hashing).

Usage Data

We track your quiz performance, scores, streaks, and study progress to provide personalized analytics and improve your learning experience.

Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other financial information on our servers. We only store your Stripe customer ID to manage your subscription.

Device and Log Data

We may collect standard log information such as your IP address, browser type, and pages visited to maintain security and improve our Service.

3. How We Use Your Information

We use the information we collect to provide and maintain the Service, including generating personalized quiz questions and tracking your study progress. We also use it to process your subscription and payments through Stripe, send you important notifications such as email verification, password resets, and trial expiration reminders, improve our question quality and rules content based on user feedback, and protect against fraud, abuse, and unauthorized access to the Service.

4. Third-Party Services

We use the following third-party services to operate Whistle:

Stripe

For payment processing. Stripe's privacy policy is available at stripe.com/privacy.

Anthropic (Claude AI)

For AI-generated quiz questions. We send quiz topics and rule references to Claude to generate study questions. No personally identifiable information is sent to Anthropic.

Vercel

For hosting and deployment. Vercel's privacy policy is available at vercel.com/legal/privacy-policy.

Supabase

For database hosting. Your data is stored securely with row-level security enabled on all tables.

Resend

For transactional emails (verification, password resets, notifications). We only send emails you have requested or that are necessary for your account.

5. Data Security

We take the security of your data seriously. Passwords are hashed using bcrypt with strong salt rounds. All data is transmitted over HTTPS. Database access is protected by row-level security policies. Sensitive operations use timing-safe comparisons to prevent timing attacks. API endpoints are protected by authentication and rate limiting. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your account information and quiz history for as long as your account is active. If you delete your account, we will remove your personal information from our systems within 30 days. Some anonymized usage data may be retained for analytics purposes. Verification tokens and password reset tokens are automatically deleted after use or upon expiration.

7. Your Rights

You have the right to access, update, or delete your personal information at any time through your account settings. You may request a copy of the data we hold about you. You may cancel your subscription and close your account at any time. To exercise these rights or for any privacy-related questions, please contact us at the email address below.

8. Children's Privacy

Whistle is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at support@whistlerules.com.