Version: 25 Nov 2025
Website operator and controller pursuant to Art. 4(7) GDPR:
the hony company
c/o Block Services
Stuttgarter Str. 106
70736 Fellbach, Germany
E-mail: post@whatory.com
Whatory follows a strict minimal data approach. There are no registrations, no user accounts, no cookies, no analytics tools and no third-party trackers.
WhatsApp chat exports are never uploaded to our servers and are processed exclusively in the user's browser.
When you open the website your browser transmits technical data that is stored in server log files:
Processing is required to operate the site and diagnose errors (Art. 6(1)(f) GDPR).
Whatory is designed so that chat exports (e.g. .txt) are analysed only inside the browser.
All evaluations (Wrapped, charts, stats, exports) happen client-side.
To monitor technical flows we store anonymous metadata through event.php:
The data is not personal, contains no IP addresses and cannot be linked to individuals.
Legal basis: Art. 6(1)(f) GDPR (operation & stability of the site).
We also collect anonymized usage statistics such as monthly page views, the number of anonymous sessions/unique users, landing-page referrers, the number of chat uploads, and aggregated purchase and revenue figures. These data contain no IP addresses, no device information, no cookies, and no persistent identifiers. Individual users cannot be identified.
Legal basis: Art. 6(1)(f) GDPR (operation, stability, and improvement of the website).
To display the anonymous metric "Unique Users," we use a purely technical browser-based local storage mechanism (localStorage). This identifier is never transmitted to our server, never combined with any other data, and is used solely for anonymous session counting. It is not personal data.
Payments are processed through PayPal. We only store the minimal data returned by PayPal:
The data is stored in a SQLite database to:
Legal basis: Art. 6(1)(b) GDPR (contract fulfilment).
PayPal processes payment data under its own responsibility. Their privacy policy applies.
When the PayPal button is loaded, PayPal sets technically necessary cookies
(e.g., ts_c, id_token, enforce_policy).
These cookies are used solely for fraud prevention, security, and proper functioning
of the payment process and are considered strictly necessary cookies.
No consent is required for their use.
We do not use or process these cookies ourselves and do not combine them with any other data. PayPal’s privacy policy applies.
After a successful payment record-payment.php stores the following fields:
We do not profile these records or combine them with other datasets.
The endpoints check-voucher.php and redeem-voucher.php only handle:
Vouchers contain no personal data.
Each purchase creates a simplified invoice using only the purchase data:
Invoices are generated on demand and not stored permanently unless statutory retention duties apply (§ 14 UStG).
The admin area is protected by simple basic auth (no extra user accounts).
Only the operator has access. We do not log the identity of visitors.
Whatory does not set cookies except for unavoidable session cookies issued by the server.
We explicitly do not use:
Because we do not use any tracking, analytics, or marketing cookies and only rely on technically necessary cookies (PayPal), no cookie banner or consent under Art. 6(1)(a) GDPR is required.
Purchase-related data is stored according to statutory retention rules (generally 10 years).
Anonymous technical statistics may be stored indefinitely because they do not contain personal data.
You have the rights granted by the GDPR:
You can exercise these rights by sending us an e-mail.
You may lodge complaints with any data protection authority, especially the authority of your residence or workplace.
We may update this notice if technical changes or new features require it.