Whohas is a personal lending tracker app developed by an independent developer. It helps you keep track of items you have lent to friends, family, and colleagues — including what was lent, to whom, and when it is due back.
By using the App you agree to the practices described in this policy.
All app data is stored locally on your device only in a SQLite database and the app's local documents directory. None of this data is transmitted to our servers — we operate none.
When you add a person to the app, you may optionally enter their name, email address, phone number, notes, and a photo. This information is entered manually by you and is used solely to display lending records within the app.
Language selection and date format preference are stored locally via the device's standard SharedPreferences mechanism.
| Permission | Why it is needed |
|---|---|
| Camera | To photograph items you are cataloguing or to take a portrait photo of a contact. The camera is only active when you explicitly open it within the app. |
| Photo Library | To let you choose an existing photo from your gallery for an item or contact. No images are uploaded anywhere. |
| Notifications | To deliver local return-date reminders you configure per lending record. All notifications are scheduled and fired entirely on your device — no push notification server or third-party messaging service is used. |
| Exact Alarm Scheduling (Android) | To ensure return-date reminders fire at precisely 9:00 AM on the scheduled day rather than being deferred by the system. Required on Android 12 and above for time-sensitive local notifications. |
| Receive Boot Completed (Android) | To reschedule pending local notifications after a device restart. No data is collected, processed, or transmitted during this process. |
| Internet | Required for in-app purchase verification via RevenueCat and for loading font files from Google Fonts at startup. |
| File Storage (Android) | To write and read the JSON backup file when you use the manual backup or restore feature. Files are saved to your device's documents directory only. |
You can revoke any permission at any time in your device settings. Revoking camera or photo library access disables photo features; revoking notification permission disables return-date reminders. The rest of the app continues to function normally in both cases.
When you lend an item and set a return deadline, you can optionally enable one or more reminders for that specific lending record. The available reminder types are:
All reminders fire at 9:00 AM local time on the scheduled day. Your notification preferences are stored as part of the lending record in the local database on your device.
Each notification contains only the item name and the borrower's first name — both of which are data you entered into the app yourself and which are stored locally on your device. No other data is included in notification content.
On Android, the app listens for the device boot event solely to reschedule pending local notifications after a restart. No data is collected, processed, or transmitted during this process.
Notifications for a lending record are automatically cancelled when you mark the item as returned within the app. You can also adjust or disable notification preferences for any lending record by editing it, or revoke notification permission entirely in your device settings at any time.
Whohas integrates two third-party services. No other SDKs, analytics tools, or advertising networks are included.
Used to process and verify the one-time "WhoHas Plus" in-app purchase. RevenueCat receives an anonymous app user ID and purchase or entitlement data sufficient to confirm your purchase status. RevenueCat does not receive your name, contact list, items, lending records, or notification data.
RevenueCat privacy policy: revenuecat.com/privacy
The app loads the DM Sans typeface from Google's font servers at startup. This request includes your device's IP address and standard HTTP headers. No app data is included.
Google privacy policy: policies.google.com/privacy
Note: Google Sign-In and Google APIs are declared in the app's dependency manifest but are not implemented or called in any version of the app. No Google account authentication occurs.
Whohas includes a manual backup feature that exports all your data (items, contacts, lending records, and notification preferences) as a single JSON file saved to your device's local documents directory.
We do not sell, rent, trade, or otherwise share your personal data with any third party, except as described in Section 5 (RevenueCat and Google Fonts) above, which is limited to what is technically necessary for those services to function.
We may disclose information if required to do so by law or in response to a valid legal request. Since we hold no user data on our servers, any such request would yield nothing on our end.
All data persists locally on your device for as long as you use the app or until you delete it:
Because we do not collect or hold personal data on our own servers, many standard data rights (access, rectification, portability, erasure) are exercisable directly within the app itself — you are in full control at all times:
If you are located in the European Union, you have rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local supervisory authority. If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA). In both cases, since we hold no data on our end, your primary point of control is the app itself.
For any questions about data held by RevenueCat or Google, please contact those providers directly through their respective privacy portals.
Whohas is not directed at children under the age of 13 (or under 16 in the European Union). We do not knowingly collect personal data from children. The app performs no age verification, but its purpose — tracking borrowed personal belongings — is intended for an adult audience.
If you believe a child has entered personal information of others through the app, you can delete that data directly within the app or by uninstalling it.
Because all data is stored locally on your device and no data is transmitted to our servers, the primary security layer is your device's own security model — screen lock, device encryption, and operating system sandboxing.
Photos you take or select within the app are stored in the app's sandboxed documents directory, which is not accessible to other apps. We recommend keeping your device's operating system up to date to benefit from the latest security patches.
We may update this Privacy Policy as the app evolves or if legal requirements change. Any changes will be reflected on this page with an updated effective date.
If we introduce data collection practices that are materially different from those described here, we will notify users through an in-app notice or through the app store update notes, and where required by law, obtain your consent before proceeding.
Questions, concerns, or requests regarding this Privacy Policy? Please get in touch: