Privacy Policy

Your privacy, in plain English.

Last updated: May 23, 2026 · Effective: May 23, 2026

This Privacy Policy describes how What If ("we", "us", or "the app") collects, uses, and shares information when you use our mobile application on iOS. By using What If, you agree to the practices described here.

1. Information we collect

Information you give us

• Account details. If you create an account, we store your email address and an encrypted authentication token through Firebase Authentication. If you choose "Continue without account", we generate a temporary anonymous identifier instead — no email is collected.
• Profile. The onboarding questionnaire collects optional details about you (name, age, occupation, location, biographical history) so the AI can produce more personalised stories. You can leave any of these blank.
• What-if content. The decisions, alternatives, and stories you create are stored against your account so they sync across devices and survive reinstalls.
• Profile photo (optional). If you add a profile photo, it is stored on your device and on our backend so it can optionally be used as a face reference when generating images of your alternate life.
• Voice preferences. Your selected narrator voice and playback speed are saved so they persist across devices.

Information collected automatically

• Device information. Standard technical data needed to run the app — device model, operating-system version, app version, language, time zone.
• Subscription state. If you subscribe to Premium, RevenueCat (our subscription processor) records the purchase and renewal state linked to your account.
• Diagnostic logs. Crash reports and error logs may be collected to help us fix bugs. These are anonymised and contain no personal content from your what-ifs.

2. How we use information

• To generate AI stories, images, and narration you request.
• To save your work so it syncs across devices and reinstalls.
• To process subscriptions and entitlements via Apple and RevenueCat.
• To improve the app, fix bugs, and detect abuse.
• To send you transactional messages (e.g. password resets) — we do not send marketing emails.

3. AI processing

To generate a story, image, or narration, the relevant inputs (your decision/alternative text, profile fields you've filled in, and — if you opt in — your profile photo) are forwarded from our backend to OpenAI for generation. OpenAI's API policy states that API inputs and outputs are not used to train their models. We do not send OpenAI your email address, account identifier, or any data not directly required for the generation you requested.

4. Third-party services we use

• Firebase (Google). Authentication, Firestore database, and Cloud Functions. See Firebase's privacy summary.
• OpenAI. Text, image, and voice generation. See OpenAI's privacy policy.
• RevenueCat. Subscription management. See RevenueCat's privacy policy.
• Apple. Payment processing for in-app purchases. See Apple's privacy policy.

5. Data retention

Your what-ifs, profile, and settings are kept for as long as your account exists. You can delete your account at any time from Profile → Account → Delete account, which permanently erases your profile, every what-if, your profile photo, and your Firebase Authentication record. Guest accounts are deleted automatically when you exit guest mode.

Subscription receipts kept by Apple and RevenueCat are retained per their respective retention policies, independent of your in-app account.

6. Children

What If is rated 12+ and is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will delete it.

7. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete the personal information we hold about you, and to withdraw consent. The fastest way to do any of these is from the app:

• Access / export: your profile and what-ifs are all visible inside the app.
• Correct: edit your profile in Profile → About you.
• Delete: Profile → Account → Delete account.

You can also email us using the contact below to make any of these requests manually.

8. Security

We use industry-standard measures to protect your data, including transport encryption (HTTPS/TLS) for all network traffic, encryption at rest for data stored in Firebase and Cloud Functions, and Firestore security rules that prevent any user from reading or writing another user's data. No system is perfectly secure — please use a strong password and don't share your account.

9. International transfers

The services we rely on (Firebase, OpenAI, RevenueCat, Apple) process data on servers located primarily in the United States. If you use What If from outside the US, your information will be transferred to and processed there.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. If we make a change that materially affects your rights, we will notify you in-app or by email.

11. Contact

Questions, requests, or concerns? Email us at ysefwakil.au@gmail.com.