← Back to home

Privacy Policy

Last updated: June 12, 2026

WhiskrKit is currently in closed beta. This policy is in effect but may be updated before general availability. You will be notified of significant changes by email, when you're a closed beta tester.

This policy explains what data WhiskrKit collects, why, and how it is handled. It is written in plain language without unnecessary legal jargon.

If you have questions about anything in this policy, please contact us at ue.tikrksihw@ycavirp .

Who we are

WhiskrKit is a mobile-first survey platform designed for developers and businesses. It is operated as a trade name of a sole proprietorship (eenmanszaak) registered with the Dutch Chamber of Commerce under KVK nr. 42076474. The natural person behind WhiskrKit is the data controller and can be identified via the KVK register.

We are the data controller for personal data collected through whiskrkit.eu and the WhiskrKit dashboard.

When you integrate the WhiskrKit SDK into your own application, the relationship shifts: you become the data controller for your end users' data, and WhiskrKit acts as a data processor on your behalf. A Data Processing Agreement (DPA) is available to all customers upon request at ue.tikrksihw@ycavirp .

Scope of this policy

This policy applies to:

  • Visitors to whiskrkit.eu
  • Developers who create a WhiskrKit account and use the dashboard
  • Data collected through the WhiskrKit SDK on behalf of our customers

It does not govern how our customers manage their own users' data beyond what WhiskrKit processes on their behalf. If you are an end user of an application that integrates WhiskrKit, the privacy policy of that application applies to you.

WhiskrKit is not intended for users under 16 years of age.

Data we collect

Website visitors

We use Plausible Analytics to understand how visitors interact with whiskrkit.eu. Plausible briefly processes IP addresses to derive aggregated location and device data, then discards them. No personal data is stored, no cookies are set, and no data is shared with advertising networks.

If you sign up for our waitlist, we store your email address. We use it to notify you when WhiskrKit becomes available and for occasional product updates. You can unsubscribe at any time.

Dashboard users

When you create a WhiskrKit account, we collect:

  • Your name and email address
  • Your organisation name
  • Your billing information, which is processed by our payment provider and not stored on our servers
  • Survey configurations you create in the dashboard
  • API keys, stored as hashed values and never in plain text

We use this data to provide the WhiskrKit service, send transactional emails such as account confirmations, password resets, and billing receipts, and to send occasional product updates. We do not use this data for advertising purposes.

SDK data

When your users interact with a WhiskrKit survey inside your application, the following data is collected and transmitted to our servers:

  • Per-app, per-install device identifier: used to manage survey eligibility and enforce repeat policies, such as preventing the same survey from being shown more than once. On iOS this is Apple's IDFV (Identifier for Vendor); on Android and other platforms an equivalent install-scoped identifier is used. This identifier is scoped to applications published by the same developer and is not used by WhiskrKit to identify users across unrelated applications, nor for advertising.
  • Device model: the device's hardware model, in both human-readable form (e.g. "iPhone 15 Pro") and identifier form (e.g. "iPhone15,2"). Used for survey eligibility targeting and dashboard analytics.
  • OS name and version: used by the targeting engine to deliver surveys to specific operating system versions.
  • App bundle ID: used to associate survey responses with the correct application.
  • App version and build number: used by the targeting engine to deliver surveys to specific application versions.
  • SDK version: used for compatibility and diagnostic purposes.
  • Language and region: used to serve surveys in the correct locale.
  • Timezone: used to support time-based survey targeting rules.
  • Survey responses: the answers provided by your users, including structured responses such as NPS scores and open-text answers.

In addition to their role in survey targeting and delivery, these data points are used to power response analytics and filtering in the WhiskrKit dashboard, allowing you to segment survey results by platform, app version, language, and region.

Regarding open-text responses: users may include personal data such as email addresses in free-text fields. As the data controller, you are responsible for handling such data in accordance with your own privacy policy.

We temporarily process the IP address of incoming SDK requests for security, abuse prevention, rate limiting, and operational logging. IP addresses are not used for profiling, advertising, or analytics. Operational logs containing IP addresses are retained for no longer than necessary for these purposes, and in any case no longer than 90 days.

All SDK data is processed on your behalf. You are the controller; WhiskrKit is the processor. A Data Processing Agreement is available to all customers upon request.

Legal basis for processing

We process personal data under the following legal bases as defined by the GDPR:

  • Performance of a contract: processing your account data in order to deliver the WhiskrKit service.
  • Legitimate interest: collecting device identifiers and contextual signals through the SDK to correctly deliver surveys, enforce repeat policies, and apply targeting rules; and processing IP addresses for security and rate limiting purposes. We have assessed that these interests do not override the fundamental rights of end users, given that the data is used solely for survey delivery and service protection, and not for advertising or profiling.
  • Consent: for waitlist signups and marketing communications, we rely on your consent. Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

How we use your data

We use the data we collect to:

  • Provide and maintain the WhiskrKit service
  • Deliver surveys to the correct users at the correct time, based on targeting rules you configure
  • Send transactional emails related to your account and billing
  • Send product updates and announcements, with the option to opt out at any time
  • Diagnose and resolve technical issues
  • Protect the service against abuse through rate limiting and security monitoring

We do not sell your data. We do not use your data for advertising. We do not engage in automated decision-making or profiling. We do not share your data with third parties beyond the sub-processors listed below.

Cookies

We use a single cookie on the WhiskrKit dashboard: a first-party session cookie (vapor-session) used solely for authentication. This cookie is strictly necessary for the dashboard to function. No tracking or advertising cookies are used anywhere on whiskrkit.eu or in the dashboard.

Sub-processors

We use a limited number of third-party services to operate WhiskrKit. All are based in the EU, or operate under appropriate GDPR transfer mechanisms (Standard Contractual Clauses).

Service Purpose Location
Hetzner Server hosting and data storage Germany
Lettermint Transactional email delivery Netherlands
Soverin Email hosting (inbound) Netherlands
Payment provider (TBD) Billing and payment processing To be confirmed, this row will be updated before paid plans are introduced

This list will be updated if additional sub-processors are introduced.

Data storage and security

All WhiskrKit data is stored on servers hosted by Hetzner in Germany. Where personal data is transferred outside the EEA, we rely on approved transfer mechanisms such as the European Commission's Standard Contractual Clauses.

We implement appropriate technical measures to protect your data, including encrypted connections (TLS), hashed storage of API keys, and access controls on our infrastructure.

Data retention

We retain your account data for as long as your account remains active. Upon account deletion, we will remove your personal data within 30 days, except where retention is required for legal or financial compliance such as billing records.

Survey response data is retained until you delete it. You may delete individual responses or entire surveys from the dashboard at any time.

Your rights under the GDPR

If you are located in the EU or EEA, you have the following rights with respect to your personal data:

  • Right of access: you may request a copy of the personal data we hold about you.
  • Right to rectification: you may request that inaccurate data be corrected.
  • Right to erasure: you may request that your personal data be deleted.
  • Right to restriction: you may request that we limit the processing of your data.
  • Right to data portability: you may request your data in a structured, machine-readable format.
  • Right to object: you may object to processing carried out on the basis of legitimate interest.
  • Right to lodge a complaint: you may file a complaint with a supervisory authority if you believe your data is being handled incorrectly.

To exercise any of these rights, please contact us at ue.tikrksihw@ycavirp . We will respond within 30 days.

If you believe your data is being handled incorrectly, you have the right to lodge a complaint with the Dutch data protection authority, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl), or with your local supervisory authority.

Changes to this policy

We will update the date at the top of this page whenever significant changes are made, and notify customers by email where appropriate. Minor clarifications may be published without prior notice.

Contact

WhiskrKit
ue.tikrksihw@ycavirp