← Back to home
Privacy Policy
Hey, What's Up?
Last updated: December 2025
The Short Version
Your WhatsApp messages are stored on your computer, not on our servers. We can't see your chats. When you use AI features, message text is sent to our AI provider (OpenRouter) for analysis — they process it and discard it immediately, with no retention or training on your data.
What This App Does
Hey, What's Up? is a desktop app that connects to your WhatsApp account to help you triage messages. It stores your messages locally on your Mac and uses AI to identify action items, events, and important topics.
Where Your Data Lives
Stored Only on Your Device
The following data is stored locally and never sent to us or any server:
- WhatsApp session credentials — the keys that keep you logged in
- Your contacts database — names and phone numbers for display
- Analysis results and caches — including WhatsApp Wrapped data
- The encryption key — stored in your macOS Keychain
Stored Locally, Sent to AI for Processing
- Your WhatsApp messages — stored encrypted on your Mac, and sent to our AI provider when you click "Refresh"
To be clear: your messages leave your computer when you request an analysis. They go to OpenRouter (our AI provider), are processed, and are immediately discarded. They are never sent to us, and we have no way to access them.
AI Analysis: What Gets Sent
When you click "Refresh" or generate WhatsApp Wrapped, message text is sent to OpenRouter for AI processing.
What we send:
- Message text content (required for analysis)
- First names only (never full names)
- Generic identifiers like "Private Chat #a3f28c" for unsaved contacts
What we never send:
- Phone numbers
- Full contact names
- Media files (images, videos, voice messages)
- Your WhatsApp session credentials
What happens to it:
- OpenRouter processes the text and returns a summary
- We only use AI providers with zero data retention — your messages are not stored or used for training
- We (the developers) never see your message content
WhatsApp Wrapped Feature
During December and January, you can generate a "Year in Review" of your messaging patterns. This involves additional AI analysis to create personality insights and statistics.
The results are cached locally on your device so you don't have to regenerate them.
For shareable cards:
- We never include actual message quotes
- Names are limited to first names only
- No phone numbers or identifying information appears on shared images
- Stats are aggregated (e.g., "47,283 messages") not specific
Analytics
We use PostHog (EU servers) to understand how people use the app and website.
What we track:
- Your phone number as an identifier (so we can understand usage patterns among early users)
- Which features you use (e.g., "opened action-items section")
- When you refresh the analysis
- App errors (to fix bugs)
What we don't track:
- Your message content
- Your contact names
- Who you message or what you talk about
We chose PostHog's EU instance for GDPR compliance.
On the website (heywhatsup.ai):
We also use PostHog for website analytics, tracking page views and interactions. Standard cookies may be set for this purpose.
macOS Contacts Access
The app can optionally access your Mac's Contacts to display names for your WhatsApp contacts. This requires your permission via a macOS system dialog.
- Contact data is only used locally for display
- We don't transmit your address book anywhere
- If you deny permission, the app works fine—you'll just see phone numbers instead of names
Third-Party Services
| Service |
Purpose |
Data Received |
Retention |
| OpenRouter / Anthropic |
AI analysis |
Message text, first names |
None (immediate discard) |
| PostHog (EU) |
Analytics |
Phone number, feature usage |
Limited |
What We Don't Do
- We don't have servers that store your messages
- We don't sell your data
- We don't show you ads
- We don't train AI on your messages
- We can't read your messages — we have no access to them
Data Retention
On your device:
- Messages are stored until you log out or delete the app
- Logging out deletes your message database and analysis cache
- Your contacts database and encryption key are preserved (for a smoother experience if you log back in)
- To fully remove all data, delete the app and its data folder
With OpenRouter:
- Message text is processed and immediately discarded
- No storage, no training, no retention
Analytics:
- You can request deletion by contacting us
Backups:
- We don't back up your data to any cloud service
- However, if you use macOS's built-in backup features (Time Machine, iCloud Drive backup of your home folder, etc.), app data may be included in those backups — this is controlled by your system settings, not by us
Your Rights (GDPR)
If you're in the EU/UK, you have the right to:
- Access — Ask what data we have about you (for analytics, this is your phone number and usage events)
- Deletion — Request we delete your analytics data
- Portability — Your message data is already on your device in your control
For data requests, email us at [email protected].
Security
- Encryption at rest: AES-256-GCM for all stored message data
- Key storage: macOS Keychain (hardware-backed on Apple Silicon)
- Transport: All API calls use HTTPS/TLS
- AI provider selection: We only use providers with zero-retention policies
Platform Risk Disclosure
This app connects to WhatsApp using unofficial methods (the same approach used by apps like Beeper). While we've designed it for minimal risk:
- WhatsApp may detect and restrict accounts using unofficial clients
- This risk is low for read-only usage but is not zero
- We recommend understanding this before connecting your primary WhatsApp account
Age Requirement
This app is intended for users aged 18 and over. By using the app, you confirm you are at least 18 years old.
We do not knowingly collect data from anyone under 18. If you believe someone under 18 is using the app, please contact us.
Changes to This Policy
We'll update this page if our practices change. For significant changes, we'll notify users in the app.
Contact
Questions about privacy? Email: [email protected]
Summary Table
| Data Type |
Stored on Your Device |
Sent to AI Provider |
Sent to Analytics |
| Message text |
Yes (Encrypted) |
Yes (For analysis, no retention) |
Never |
| Phone numbers |
Yes (Encrypted) |
Never |
Yes (As user ID) |
| Contact names |
Yes (Encrypted) |
First name only |
Never |
| Media files |
Not stored |
Never |
Never |
| Analysis results |
Yes (Cached) |
N/A |
Never |
| Feature usage |
N/A |
Never |
Yes (Events tracked) |
This policy applies to Hey, What's Up? desktop app for macOS and the heywhatsup.ai website.