Trust and Security

Where your data lives, and who sees it.

Privacy is not a marketing claim at Whizplan. It is an architecture decision. Here is exactly how it works.

Privacy by Tier

What happens to your data depends entirely on which tier you use.

Free

$0

Data stays on your device in local storage. No account required. No cloud sync, no servers, no network calls for your trip data. You are the only person with access.

  • No data leaves your phone
  • No account, no email, no identity required
  • Transfer between devices by exporting a PDF and importing it on your new phone
  • Completely offline capable

Pro

$5.99/mo

Data syncs to our Supabase backend, hosted in us-east. Only your account sees your data. We do not run analytics SDKs, third-party trackers, or ad networks on Pro.

  • Supabase backend in us-east. No other cloud providers process your trip data
  • Only your account can read your data. Whizplan employees cannot browse your trips
  • No analytics, no Facebook Pixel, no Google Analytics, no Mixpanel, no PostHog
  • Google Maps and Places requests are proxied (see API proxying section below)

Business

$5.99/seat/mo

Same as Pro, with one addition: your organisation's HR or Manager role can view (not edit) the active trips of other org members, for duty-of-care coordination.

  • All Pro privacy guarantees apply
  • HR/Manager can view active trips of org members only (view, not edit)
  • Cannot see past trips that have ended
  • Cannot see anyone outside your organisation
  • Cannot export or share trip data belonging to others

Encrypted

Coming Soon

An additional end-to-end encryption layer on top of Pro. Data is encrypted on-device before reaching our servers. Even Whizplan cannot decrypt your trip content. Spec is being finalised. Pricing to be confirmed.

API Proxying: How We Protect You from Google

When you search for a location or map a route in WHIZPLAN, your request does not go to Google directly. It goes through Whizplan first, and we forward it without attaching your identity.

You
Whizplan Proxy
Google APIs

Google sees that Whizplan made the request, not which Whizplan user made it. This protects you from being profiled by third-party map APIs. Your location searches, routing queries, and place lookups are not tied to your identity in Google's systems.

API proxying is included in Pro, Business, and Encrypted tiers. Free tier does not make map API calls.

Encryption, Retention, and Deletion

In Transit

All data transmitted between the app and our backend uses TLS. Your data is encrypted in transit.

At Rest

Data stored in Supabase is encrypted at rest using AES-256. Your trip data is not stored in plaintext on our servers.

Retention

Data is kept for the lifetime of your account. When you delete your account, your data is removed from our primary database immediately and purged from backups within 30 days.

Export

You can export your full data as a PDF at any time from within the app. Full JSON export is available on request by emailing us.

Third Parties

Every external service that processes user data, in plain language.

Supabase

Backend and data storage

Pro and Business only

Stripe

Payment processing

Pro and Business only. Whizplan never sees your full card details.

RevenueCat

Subscription management (in-app purchases)

Pro and Business only

Google Maps / Places API

Location search and mapping

Proxied through Whizplan servers on Pro, Business, and Encrypted. Google sees Whizplan, not you.

What we do NOT use

No analytics SDKs. No Facebook Pixel. No Google Analytics. No Mixpanel. No PostHog. No Amplitude. No Segment. No ad networks of any kind.

Data Requests

You have rights over your data under GDPR, POPIA, and equivalent regulations. We honour them.

Your rights

  • Right to access: request a copy of all data we hold about you
  • Right to rectification: request correction of inaccurate data
  • Right to erasure: request deletion of your account and data
  • Right to portability: export your data in a standard format

How to request

Email us at the address below. Include your account email. We will respond within 30 days.

admin@whizplan.com

Built by Operators

Privacy-first is not a trend at Whizplan. The team that designed this app spent decades planning operations where a data leak could get someone killed.

That is why our privacy architecture is not a checkbox. It is the design constraint that every feature is built around.

"Plans reduce thinking time when an incident occurs" applies to data architecture too. We made these decisions before launch, not after a breach.

Privacy Policy (Legal)Terms of ServiceCompare PlansDelete Account