WhoseWeek

Privacy Policy

Last updated: April 19, 2026

1. Overview

WhoseWeek (“we,” “our,” or “us”) operates the WhoseWeek platform (“Service”) at whoseweek.com and related domains. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. By using WhoseWeek, you agree to the practices described here.

2. Information We Collect

Information you provide directly.

  • Account information: name, email address, password (stored only as a salted hash), avatar selection, timezone, and notification preferences.
  • Property details you enter: property name, description, address, latitude/longitude, house rules, directions, WiFi and gate codes (stored encrypted at rest), and related settings.
  • Calendar events and booking data you create or that members create on properties you belong to.
  • Messages, threads, posts, polls, guestbook entries, maintenance issues, comments, local-guide entries, and quick-reference entries you contribute.
  • Shared-expense records you log, including amounts, categories, who paid, and split shares.
  • Photos you upload to property or circle galleries.
  • Membership data: your role on each property or circle (owner, admin, visitor, delegate), ownership percentage where applicable, and invitations you send or accept.
  • Support messages you send us (including through the Contact form or access-request form).

Information collected automatically. When you use the Service we receive log data such as IP address, browser and device type, operating system, referring pages, and request timestamps. We also set first-party cookies (see Section 7) to keep you signed in and remember your preferences.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, secure, and improve the Service.
  • Authenticate you and protect your account.
  • Display calendars, members, messages, photos, expenses, and other content to the appropriate audience (property members, circle members, or anyone with a shared public calendar link you've chosen to enable).
  • Send transactional and activity notifications by email and in-app (subject to your notification preferences).
  • Respond to support questions and access requests.
  • Monitor usage patterns, debug errors, and investigate abuse or unauthorized activity.
  • Comply with legal obligations and enforce our Terms of Service.

We do not use your content to train machine-learning models, and we do not sell your personal information.

4. How Your Information Is Shared

WhoseWeek is a collaboration tool, so some of what you add is intentionally visible to other people:

  • Other property members.Anything you post to a property — calendar events, messages, photos, maintenance issues, expenses, polls, guestbook entries — is visible to other members of that property, subject to the visibility setting on each item (e.g. private stays, private threads).
  • Circle members.Information shared through a circle is visible to circle members. Each property's Circle Visibility setting controls whether circle members see full stay details, availability only (busy/free), or nothing at all.
  • Delegates. A delegate you designate can act on your behalf for drafts, trades, and stays, and receives copies of your notifications until you revoke their delegate status.
  • Shared calendar links. If a property admin generates a shared-calendar link, anyone who has the link can view public-visibility events on that property. Links can be revoked at any time.
  • Site administrators. WhoseWeek staff with site-admin roles may access your data when necessary for support, moderation, security investigations, or legal compliance. Site-admin actions are logged.

Service providers.We rely on a small number of third parties to run the Service. We share only what's necessary for them to perform their function, under contractual confidentiality obligations:

  • Vercel — application hosting and image delivery (including photo storage via Vercel Blob).
  • Neon — managed PostgreSQL database hosting.
  • Resend — transactional email delivery (invites, notifications, password resets).
  • Open-Meteo — weather data (property latitude and longitude are sent to retrieve forecasts).
  • OpenStreetMap — map tiles for the property and circle map views.

Legal and safety. We may disclose information if required by law, subpoena, or court order, or if we believe disclosure is necessary to protect the rights, property, or safety of WhoseWeek, our users, or the public.

Business transfers.If WhoseWeek is acquired, merged, or reorganized, your information may transfer as part of that transaction. We'll notify you before any transfer that would change how your information is handled.

We do not sell, rent, or trade your personal information, and we do not share it for third-party advertising.

5. Photos and User Content

Photos you upload are stored in our image-storage provider and served only through our application, which enforces membership checks. Photo URLs are not meant to be shared publicly; anyone with a direct blob URL could access an image while it exists, so treat any photo you upload as something you're comfortable showing to fellow members. When you delete a photo — or when a property or circle it belongs to is deleted — the underlying file is removed from storage during the cleanup pass.

6. Data Retention and Deletion

We keep your information for as long as your account is active or as needed to provide the Service.

  • Account deletion.You can request deletion of your account at any time by contacting us. Content you authored that other members rely on — for example, historical stays, expense splits, or posts in an ongoing thread — is reassigned to a placeholder “Deleted User” so your co-owners' records remain intact. Personal data tied only to you (session records, notifications, preferences, avatar) is removed.
  • Property deletion. Deleting a property removes all associated calendar events, threads, posts, photos, expenses, maintenance issues, polls, guestbook entries, local guide entries, quick references, and draft history, including the underlying photo blobs.
  • Backups and logs. Routine backups and operational logs may retain copies of removed data for a limited period before they age out.
  • Legal holds. We may retain information longer when required by law or to resolve disputes.

7. Cookies and Tracking

We use first-party cookies to keep you signed in (NextAuth session cookie) and to remember preferences such as theme and scene settings. We do not use third-party advertising cookies or cross-site tracking pixels. You can configure your browser to refuse cookies, but some parts of the Service — particularly sign-in — will not function without them.

8. Security

We use reasonable technical and organizational measures to protect your information, including encrypted transport (HTTPS), hashed password storage, encrypted storage of sensitive property fields such as gate codes, and per-request authorization checks on all protected endpoints. No system is perfect, and we cannot guarantee absolute security. If we learn of a breach that affects your data, we'll notify affected users without undue delay.

9. Children’s Privacy

The Service is not directed to children under 13 and we do not knowingly collect personal information from them. If you believe a child under 13 has created an account, please contact us and we'll remove it promptly.

10. Your Rights and Choices

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information (most of which you can edit yourself in your profile).
  • Request deletion of your account and associated data.
  • Object to or restrict certain processing of your information.
  • Opt out of non-essential emails via Profile → Notification Preferences.

To exercise any of these rights, contact us using the link below. We'll respond within a reasonable timeframe.

11. International Users

WhoseWeek is operated from and hosted in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S., which may have different data-protection laws than your jurisdiction.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we'll revise the “Last updated” date above and, for material changes, notify you in-app or by email. Continued use of the Service after a change takes effect constitutes acceptance of the revised policy.

13. Contact Us

Questions, data requests, or concerns? Please contact us.