Privacy Policy

Welcome to WhatETF. Your privacy is our top priority. This Privacy Policy explains our approach to data collection and privacy when you use our mobile application.

TL;DR: There is no account, and nothing to sign up for. Your risk profile, questionnaire answers, watchlist, and settings live on your iPhone — not on our servers. When you use live market data, the app sends only a fund symbol and an anonymous, randomly-generated install identifier to our server (a Cloudflare Worker), which fetches end-of-day data from Alpha Vantage. No ads, no behavioral tracking, no selling your data.

1. Our Privacy-First Approach

WhatETF is designed with privacy at its core. We have made the deliberate choice to build a privacy-focused application that:

• Does not collect or store personal information on our servers
• Does not track your behavior or usage across apps or websites
• Does not show ads or share your information with advertisers
• Does not require you to create an account
• Stores your risk profile, answers, watchlist, and settings locally on your device

2. No Account Required

There is nothing to create and nothing to log into. WhatETF works without sign-up, sign-in, email, or password. Because there is no account:

• Your data is not tied to an account or a profile on our servers
• There is no login that could be compromised
• There is no account to delete — removing your data is as simple as deleting the app

3. What Stays on Your Device

WhatETF is on-device first. The following information is stored exclusively on your iPhone using Apple's secure local storage, and never sent to or stored on our servers:

• Your risk profile — the educational profile produced from the questionnaire
• Your questionnaire answers — the responses you give while exploring
• Your watchlist — the funds you save to look at later
• Your app settings — your preferences within the app

This means only you have access to this data, it is protected by your device's security features (passcode, Face ID, Touch ID), and if you delete the app it is permanently removed from your device. We cannot view, retrieve, or recover it.

4. What's Sent for Market Data (and Why)

When you use live market data for a fund, the app makes a request to our server. That request includes only two things:

• The fund symbol you're looking at (e.g. "VOO"), so we can return that fund's data; and
• An anonymous, randomly-generated install identifier — a random ID created once on your device, used only so we can count how many installs use the market-data feature.

That install identifier contains no personal information, is not linked to your identity, is not the advertising identifier (IDFA), and is never used to track you across other apps or websites. It is wiped if you delete the app. We use it solely for anonymous, aggregate counts. No personal information is sent with these requests, because we do not collect or store any.

5. What We Do NOT Collect or Store

WhatETF does NOT collect, store, or retain on our servers:

• Personal Data: no names, email addresses, phone numbers, or account credentials
• Your Risk Profile or Answers: these stay on your device, not on our servers
• Your Watchlist: saved funds stay on your device
• Location Data: we don't track where you are
• Advertising Identifiers: no IDFA, no ad-tracking tokens, no cross-app tracking
• Contacts, Photos, or Microphone: we don't request or access them
• Behavioral Analytics: we don't monitor how you tap through the app

6. Third-Party Services

WhatETF relies on a small, deliberately limited set of third parties.

6.1 Our Server (Cloudflare Worker)

Market-data requests go to our own server, which runs as a Cloudflare Worker. It receives only the fund symbol and the anonymous install identifier described above, forwards the symbol to our data provider, caches the end-of-day result at the edge, and returns it to your device. It does not receive any personal information.

6.2 Alpha Vantage (Market-Data Provider)

Our server fetches market data from Alpha Vantage, a third-party market-data provider. It supplies end-of-day fund data (such as prices and history). Alpha Vantage receives the fund symbol needed to return that data; it does not receive your install identifier or any personal information. Alpha Vantage's handling of requests is governed by its own privacy policy.

6.3 Apple (Distribution)

WhatETF is distributed through Apple's App Store. Any purchases are handled by Apple through the App Store; we never see your payment details. Your use of the App Store is governed by Apple's Privacy Policy.

6.4 Services We Do NOT Use

WhatETF does not integrate with advertising networks or ad tracking, social-media SDKs, Google Analytics or similar behavioral-analytics platforms, or third-party cloud storage of your personal data.

7. App Store Privacy "Nutrition Label" Summary

To match the labels you see on the App Store, here is exactly what is and isn't collected:

• Identifiers — the anonymous install identifier: used for analytics (aggregate counts only), Not Linked to your identity, and Not Used for Tracking.
• Usage Data — the fund symbol you look up: used for app functionality (returning that fund's market data), Not Linked to your identity, and Not Used for Tracking.
• Everything else — Data Not Collected.

8. Children's Privacy

WhatETF is rated 4+ and is not directed at children. Because it collects no personal information from anyone, it does not knowingly collect data from children under 13 or any other age group.

9. International Users

Your risk profile, answers, watchlist, and settings never leave your device, and the only data sent for market data is a fund symbol and an anonymous identifier. Because we don't collect or transfer personal data, there are no international data-transfer concerns for your personal information, regardless of where you are located.

10. Your Rights and Choices

Because we don't collect your personal data, many traditional privacy requests don't apply — but you remain fully in control:

• Full Control: your profile, answers, and watchlist are on your device, under your control
• No Account: there's no account to delete and no data request to file
• Deletion: delete the app to permanently remove your on-device data
• Opt Out of Requests: to stop all network requests, don't use the live market-data features (or stay offline)

11. Data Security

Because your personal data never leaves your device:

• Your data is protected by your device's built-in security (encryption, passcode, biometrics)
• There are no servers holding your personal data to breach
• We cannot accidentally leak your data, because we never have it

12. Changes to This Privacy Policy

If we ever change our privacy practices, we will update this Privacy Policy with a new "Last Updated" date and always maintain our privacy-first principles. Your continued use of WhatETF after such changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy or WhatETF's privacy practices, please contact us at support@whatetf.app.

Bottom line: WhatETF is built on the principle that your profile, your answers, and your watchlist are yours and yours alone. They stay on your device, under your control. Your privacy is protected by design.