Whim Privacy Policy
DRAFT — PENDING LEGAL REVIEW. This document was prepared in good faith based on an audit of the Whim application's source code and data flows. It has not yet been reviewed by a licensed attorney. Before publishing this document publicly or submitting it to the Google Play Console or Apple App Store, have it reviewed by counsel familiar with Thai PDPA, EU GDPR, and Apple/Google store policies.
1. Who we are and what this policy covers
Whim is a messaging client application published by Unikong Co., Ltd., a company registered in Thailand ("Unikong", "we", "us", "our").
Whim is a client, not a hosted service. To use Whim you must sign in to a Matrix homeserver operated by your employer, organisation, or service provider ("your Organisation"). Unikong does not operate the homeserver; we publish the app that connects to it.
This policy describes only the personal data that Unikong directly collects through the Whim app and the services Unikong itself operates.
- Your messages, media, calls, account records, and workspace data are handled by your Organisation's homeserver and translation service, and are governed by your Organisation's privacy policy or employee handbook — not this one. Contact your workspace administrator if you have questions about those.
- This policy covers the narrow set of data Unikong does directly process: crash diagnostics and push notification tokens.
For privacy questions or requests relating to data Unikong itself processes, email [email protected].
This policy covers:
- The Whim mobile app (Android package
com.unikong.whim, iOS bundle idcom.unikong.whim) - The Whim white-label build (Android package
com.client.chat, iOS equivalent), when distributed by Unikong or its authorised resellers
2. How Whim works
Whim is a client for the Matrix open messaging protocol. On first sign-in you enter the address of a Matrix homeserver that your Organisation has set up for Whim (e.g. chat.yourcompany.com). The app then authenticates you against that homeserver — typically via a Keycloak Single Sign-On provider the Organisation has chosen (Google Workspace, Microsoft Entra, LINE, and so on).
From that point on, every message, attachment, and room-membership change you make is sent to your Organisation's homeserver. Unikong's servers are not in that path.
Encryption in transit, not end-to-end. All communication between your device and the homeserver is secured with TLS. However, Whim does not currently use end-to-end encryption on message content. Your Organisation's homeserver and translation service therefore have technical access to message content while Processing it, so they can provide automatic translation (see §5). Ask your workspace administrator for details of your Organisation's retention and access policies.
3. What Unikong collects directly
Unikong directly collects two categories of data through the Whim app:
3.1 Crash diagnostics (release builds only)
When the Whim app crashes or hits an uncaught error, Firebase Crashlytics (provided by Google LLC, stored in the United States) records:
- Stack trace and error message
- Device model, OS version, app version, locale
- Your Matrix user ID as a pseudonymous correlation key so we can tell whether a particular user is hitting the same crash repeatedly
We use these reports to find and fix bugs. Crashlytics is enabled only in release builds and is the only diagnostic, analytics, or telemetry SDK integrated into Whim. We do not use Firebase Analytics, Google Analytics, Mixpanel, Segment, Amplitude, Sentry, or any attribution or advertising SDK.
3.2 Push notification tokens
To deliver notifications:
- On Android, your device registers with Firebase Cloud Messaging (FCM) against the Unikong Firebase project. FCM generates a token Unikong holds in its project; your Organisation's homeserver uses that token to route push notifications to your device.
- On iOS, your device registers with Apple Push Notification service (APNs) against Unikong's Apple Developer team. APNs generates a similar token.
These tokens identify your device for the purpose of push delivery. They do not contain message content; the actual notification payload comes from your Organisation's homeserver when it sends a notification.
4. What Unikong does NOT collect
To be explicit — Unikong does not directly collect or store:
- Your message content (text, photos, video, audio, files)
- Room membership, contacts, or social graph
- Call audio or video
- Account details beyond the pseudonymous Matrix user ID used in crash correlation
- Location (the app does not declare location permissions)
- Contacts from your phone's address book
- Browsing history
These are handled by your Organisation's homeserver and translation service, subject to your Organisation's policy.
5. Automatic translation
Whim's core feature is automatic translation of messages. Translation is performed by a translation service installed alongside your Organisation's homeserver — not by Unikong's own infrastructure. The service receives every incoming text message from the homeserver and either:
- Calls a cloud AI provider (xAI's Grok API by default) to produce a translation, or
- Calls an on-premise AI model that your Organisation has deployed, if your Organisation prefers to keep data within its own environment.
Either way, the translation path lives inside your Organisation's deployment, not Unikong's. Your Organisation controls the provider choice and documents it in their own privacy notice or employee handbook. The Whim client does not communicate directly with xAI or any translation provider — it only displays the translations returned via the homeserver.
On-device consent. On first sign-in the Whim app asks you to consent to automatic translation. The Whim app stores this consent in your Matrix account data (which lives on your Organisation's homeserver); Unikong does not receive a copy. You can withdraw consent from Settings › Privacy › Translation consent at any time; withdrawing means you can no longer use the app (the product is designed around automatic translation — disclosed up-front on the consent screen).
6. Who receives Unikong's data
The data Unikong directly collects (Crashlytics reports + push tokens, see §3) is shared with:
| Recipient | Role | Location | Data shared |
|---|---|---|---|
| Google LLC — Firebase Crashlytics | Crash diagnostics (processor of Unikong) | United States | Stack trace, device info, pseudonymous Matrix user ID |
| Google LLC — Firebase Cloud Messaging | Android push delivery (processor of Unikong) | United States | FCM registration token; encrypted notification payload routed from your Organisation's homeserver to your device |
| Apple Inc. — Apple Push Notification service | iOS push delivery (processor of Unikong) | United States | APNs device token; encrypted notification payload routed from your Organisation's homeserver to your device |
Third parties that receive data inside your Organisation's deployment (the Matrix homeserver operator, Keycloak SSO broker, identity providers you choose to sign in with, the translation provider, Jitsi Meet when you join group calls) are governed by your Organisation's own privacy notice and contracts with those parties. Unikong is not in the data-handling path for those flows.
We do not sell personal data, and we do not share it for targeted advertising.
7. International transfers
Data Unikong directly handles is transferred to the United States (Firebase, APNs). Where applicable to your jurisdiction, these transfers rely on the processors' standard data-processing terms (Google Cloud DPA, Apple platform terms), and on Standard Contractual Clauses for GDPR-regulated transfers.
Where your Organisation's deployment transfers data (e.g. to an AWS region or an AI translation provider), those transfers are governed by your Organisation's arrangements and disclosed in its own privacy notice.
8. How long Unikong retains data
- Firebase Crashlytics reports — up to 90 days per Google's default retention; thereafter aggregated or deleted.
- Push notification tokens — retained while your device is signed in and has notifications enabled; revoked when you sign out, uninstall the app, or revoke the token from system settings.
- Local data on your device — encrypted in SQLCipher AES-256 with keys in iOS Keychain / Android Keystore. Deleted when you sign out or uninstall.
Your messages, account, and other homeserver data have retention set by your Organisation.
9. Your rights
For the data Unikong directly processes (Crashlytics + push tokens), you have, where applicable under Thailand's PDPA, GDPR, and similar laws, the right to:
- Access the data we hold about you
- Correct inaccurate data
- Delete the data (though Crashlytics records are pseudonymous and may not be identifiable to you after stack-trace analysis)
- Withdraw consent where we rely on consent
- Lodge a complaint with Thailand's Office of the Personal Data Protection Committee (PDPC) or your local supervisory authority
To exercise any of these rights, email [email protected]. We respond within 30 days per PDPA §30 / GDPR Article 12.
For the data your Organisation's homeserver processes (messages, account, files, etc.), exercise your rights directly with your Organisation. The in-app Settings › Account › Delete Account flow deletes your account from your Organisation's homeserver using Matrix's native deactivate endpoint; see the Delete your account page for details.
10. Security
Unikong's direct processing is low-volume (crash reports + push tokens) and secured by:
- TLS for all API calls
- Vendor-standard encryption at rest in Google and Apple infrastructure
- Minimum-necessary data — Crashlytics and FCM are the only telemetry we integrate
On-device, the Whim app secures data with:
- AES-256 SQLCipher encryption of the on-device database, keys stored in iOS Keychain / Android Keystore, 90-day rotation
- TLS for all traffic to your Organisation's homeserver
- Pseudonymous identification — we use your Matrix user ID for crash correlation rather than your real name or email
Your Organisation's homeserver applies its own security measures, described in its own policy.
11. Children
Whim is intended for workplace use and is not directed to children under 13 (or 16 in applicable jurisdictions). We do not knowingly collect personal data from children. If you believe we have collected data from a child without verifiable parental consent, contact us at [email protected] and we will delete it.
12. Changes to this policy
We may update this policy from time to time. If we make a material change (e.g. a new telemetry integration), we will notify you in-app and update the "Last updated" date at the top. Continued use of Whim after a material change constitutes acceptance.
A full change history is available in the Git history of this document.
13. Contact
Unikong Co., Ltd.
Registered in Thailand
- All inquiries: [email protected]
- Website: https://unikong.ai
For inquiries about data processed by your Organisation's homeserver (messages, account, media, etc.), contact your workspace administrator.