Privacy Policy
Last updated: March 2026
WTF (Why Things Feel) is operated by Scorpyns Technologies Private Limited, a company incorporated under the Companies Act, 2013, with its registered office in Chandigarh, India.
We built this product around one belief: the things you type here are yours, not ours. This policy explains exactly what we collect, what we do with it, and the choices you have. We have written it in plain language on purpose.
What we collect
What you type
When you submit a situation for decoding, the text you write is the most sensitive data we handle. We treat it accordingly.
Your situation text is encrypted using AES-256-GCM before it is written to our database. The encryption key is stored separately from the data. This means that even if someone accessed our database, your words would be unreadable. Our team cannot read your situations. Nobody at Scorpyns Technologies can read your situations.
We store your situation text in encrypted form so that the progression decode feature works — when you return to update a situation, we need the original to provide context. If you do not use progression decodes, your situations serve no purpose beyond the session in which they were decoded.
Your phone number
We ask for your phone number after your first decode, framed as a way to save your credits and decode history. Providing it is optional. If you skip it, your free decode still works — but your session and any credits you purchase will be stored only in your device's local storage and will not be recoverable if you clear your browser or switch devices.
If you provide your phone number, it is stored in our database. We use it to:
- Link your credit balance to your account
- Recover your history if you clear your browser or switch devices
- Send you usage nudges via WhatsApp if you have been inactive for more than 30 days (you can opt out of these at any time by replying STOP)
We do not use your phone number for marketing. We do not sell it. We do not share it with any third party except as described in this policy.
Your age group
We ask for your age group on first use (15–17 or 18 and older). This is stored in your browser's local storage and optionally linked to your account if you provide a phone number. It is used only to adjust the language and tone of your decodes. It is never shared or used for any other purpose.
Usage data
We collect anonymised usage data to understand how the product is being used — which contexts are most common, how many decodes happen per session, where users drop off. This data is aggregated and contains no personally identifying information. We use PostHog for this analytics. No individual situation text, phone number, or decode content is included in analytics data.
Device and technical data
When you use the product, our servers automatically receive your IP address, browser type, device type, and the pages you visit. This is standard for any web application. We retain this data for 30 days and use it only for security monitoring and debugging.
What we do not collect
- We do not collect your name
- We do not collect your email address
- We do not require social login of any kind
- We do not place advertising trackers on our site
- We do not build behavioural profiles for advertising purposes
- We do not collect biometric data of any kind
How we use your data
We use your data for exactly three purposes:
1. To provide the service. Your situation text is sent to an AI model to generate your decode. This transmission is encrypted in transit. The data sent to the AI provider is governed by their data processing terms and is not used for model training.
2. To save your progress. Your phone number, credit balance, and session history are stored so the product works across sessions and devices.
3. To improve the product. Anonymised, aggregated usage patterns are used to understand what is working and what is not. No individual data is used for this purpose.
We do not use your data to train AI models. We do not use your situations to improve the pattern library. Your words are not data points for us — they are private situations you trusted us with.
Who we share data with
AI processing: Your situation text is sent to a third-party AI model to generate your decode. The AI provider processes this data under their API terms and does not use API data for model training by default.
Razorpay (payments): When you make a purchase, your payment is processed by Razorpay. We do not store your payment card details. Razorpay is compliant with PCI-DSS. Your payment data is governed by Razorpay's privacy policy.
PostHog (analytics): Anonymised usage events are sent to PostHog. No personally identifying information is included.
We do not share your data with any other third party. We do not sell your data to anyone.
Data storage and security
Your data is stored on servers operated by Scorpyns Technologies on infrastructure located in India. All data in transit is encrypted using TLS. All sensitive data at rest is encrypted using AES-256-GCM. Access to production systems is restricted to authorised personnel only.
We retain your data for as long as your account is active. If you request deletion, all data linked to your phone number is permanently deleted within 24 hours.
Your rights
Under the Digital Personal Data Protection Act, 2023 (India) and applicable data protection law, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Delete your personal data
- Withdraw consent at any time (note: withdrawing consent means we can no longer provide the service)
- Nominate a person to exercise these rights on your behalf in the event of your death or incapacity
To exercise any of these rights, email us at [email protected]. We will respond within 72 hours.
Cookies
We use only essential cookies necessary for the product to function (session management, credit tracking). We do not use advertising cookies or third-party tracking cookies. See our Cookie Policy for details.
Children
Our service is available to users aged 15 and older. We do not knowingly collect personal data from users under 15. If you believe a user under 15 has provided personal data to us, please contact us at [email protected] and we will delete it promptly.
Changes to this policy
We will notify users of material changes to this policy via a notice on the app. The date at the top of this page will always reflect the most recent update.