Whe2 legal
Whe2 Privacy Policy
1. Scope and overview
Whe2 is a South African route-planning service focused on helping users compare routes, toll costs, fuel costs, and trip details. This Privacy Policy applies to the Whe2 website, the Whe2 mobile app, feedback channels, and related services we operate.
By using Whe2, you agree that we may collect and use information as described in this Privacy Policy. We will collect only the information needed to provide the service, keep it secure, improve it, and comply with our legal obligations.
2. Information we collect
Information you provide directly
- Account details such as your email address and sign-in credentials when you create or use an account
- Sign-in details returned by identity providers when you choose to sign in with Google or Apple, such as your email address and account identifier
- Trip-planning information you enter, including origin, destination, vehicle settings, route preferences, and saved trips
- Profile and preference information you choose to save, such as vehicle defaults, fuel type, and trip-planning preferences
- Feedback and support information, including your email address, message, feedback type, and related support history when you contact us
Location and route information
- Approximate or precise location from your device when you grant permission and actively use location-based route planning features
- Coordinates, place identifiers, or search terms used to generate route results, autocomplete suggestions, fuel-stop results, and trip summaries
- Route-sharing information when you create a share link, including trip summary fields and the expiry date of the link
Technical and usage information
- IP address, browser type, operating system, app version, device type, and similar technical information needed to operate and secure the service
- Feature usage and interaction data, such as routes planned, saved-trip activity, and website usage patterns
- Limited diagnostics, logs, and rate-limiting data used to protect the service from abuse and keep it working reliably
Information stored on your device or browser
- Saved vehicle defaults, recent searches, guest identifiers, and similar preferences stored locally on your device or in your browser to improve your experience
Information from third parties
- Map, toll, routing, traffic, autocomplete, and fuel-price data from service providers such as Mapbox, Google, and other data providers we use to deliver Whe2 features
- Authentication information from Firebase and the sign-in methods you connect to your account
We do not intentionally collect special personal information such as health, biometric, religion, or race data through Whe2.
3. How we use your information
We use your information to:
- Provide route planning, cost estimates, saved trips, share links, and related trip features
- Authenticate users and manage accounts, including email, Google, Apple, and guest access flows
- Store your preferences and make future planning faster and more personalised
- Send service-related communications such as password reset emails, support replies, and feedback confirmations
- Monitor performance, troubleshoot issues, prevent abuse, and protect the security of Whe2
- Analyse and improve the website, app, and route-planning experience
- Comply with legal obligations and respond to valid legal requests
Where practical, we minimise the retention of raw route-search and trip-planning data and prefer to delete, shorten, aggregate, or de-identify operational data once it is no longer needed in identifiable form.
4. Legal bases and permissions
Depending on the context, we process personal information because:
- it is necessary to provide the services you request from us;
- you have given permission, for example for device location access;
- it is necessary for our legitimate interests in running, securing, and improving Whe2, provided that such processing does not override your rights as a data subject under POPIA; or
- we are required to do so by law.
We limit processing to what is adequate, relevant, and not excessive for the purpose for which the information is processed, in line with POPIA.
5. Sharing your information
We only share personal information in these limited cases:
- With service providers that help us operate Whe2, such as hosting, authentication, mapping, routing, analytics, email, and support providers
- With route, map, autocomplete, and fuel-related providers when required to generate results you request
- When required by law, regulation, court order, or valid requests from regulators or public authorities
- As part of a merger, acquisition, financing, or sale of all or part of our business, subject to appropriate confidentiality and notice where required
Third-party service providers acting as operators on our behalf process personal information under written agreements that require them to implement appropriate security safeguards and only process information in line with our instructions and applicable law.
You may also choose to share a route or trip summary yourself by using Whe2's optional sharing tools. If you create a share link or send route details through your device's sharing features, the information you choose to share may be visible to the people you send it to.
We never sell your personal data.
6. Cookies, analytics, and similar technologies
The Whe2 website may use cookies, local storage, analytics tags, and similar technologies to keep the site working, remember preferences, measure usage, and improve performance.
- We use browser storage to remember things such as recent searches and user preferences on the web experience.
- Our website currently uses analytics technologies including Google Analytics and Vercel Analytics for website measurement and improvement.
- You can manage some cookies and storage through your browser settings, although disabling them may affect site functionality.
Where required by law, we will request your consent before placing non-essential cookies or analytics technologies on your device.
7. Location data
Location access is optional, but some Whe2 features work better when it is enabled.
- We request location permission only when a feature needs it.
- Whe2 currently requests foreground location access, not background location access, in the shipped mobile experience.
- You can disable location permissions at any time in your device settings.
- We do not use your location for third-party advertising.
8. Data retention
We keep personal data only as long as necessary for the purposes described in this policy:
- Account data, linked sign-in methods, saved trips, and preferences: while your account remains active, and for limited periods afterward where needed for backups, security, or legal compliance
- Inactive accounts and associated saved-trip data: generally removed or anonymised after a reasonable period of inactivity unless we need to keep certain information longer for security, dispute resolution, or legal compliance
- Feedback and support records: retained for a reasonable period, which may extend up to 3 years where needed to handle support, improve the service, and maintain business records
- Route-search, share-link, and operational records: for limited periods needed for app functionality, diagnostics, abuse prevention, and service improvement
- Analytics and usage data: for as long as reasonably needed for measurement and service improvement, often in aggregated or de-identified form
- Legal, accounting, and tax records: as required by applicable law
When identifiable data is no longer needed, we may delete it or convert it into aggregated or de-identified information that no longer identifies you.
9. Security
We use reasonable technical and organisational measures designed to protect personal information, including access controls, encryption in transit where appropriate, and service-provider security controls. No system is completely secure, so we cannot guarantee absolute security.
10. International transfers
Whe2 and its service providers may process personal information in South Africa and in other countries where our providers operate infrastructure. Where personal information is transferred outside South Africa, we take reasonable steps to ensure appropriate safeguards are in place.
- the recipient is subject to a law, binding corporate rules, or agreement that provides an adequate level of protection;
- you have consented to the transfer; or
- the transfer is necessary for the performance of a contract or steps taken at your request before entering into a contract.
11. Your rights under POPIA
You have the right to:
- Access your personal data
- Correct or update inaccurate information
- Request deletion of your account and certain associated data, subject to legal and operational exceptions
- Object to or restrict certain processing
- Object to processing for direct marketing at any time
- Withdraw consent for location data at any time
- Lodge a complaint with the Information Regulator of South Africa
- Request additional information if automated decision-making is used in a way that materially affects you, where applicable
To exercise any of these rights, email support@whe2.com. For account deletion details, see our Account Deletion page. We will respond within a reasonable time and, where applicable, in line with legal requirements.
12. Children's privacy
Whe2 is not intended for children under 18. We do not knowingly process personal information of children without consent from a competent person where required by law. If we learn that we have collected personal information from a child without appropriate authorisation, we will take steps to delete that information.
13. Direct marketing
Whe2 does not send direct marketing communications without your consent where consent is required by law. Where we do send marketing communications, you may opt out at any time using the unsubscribe option provided or by contacting us.
14. Security compromise and breach notification
In the event of a security compromise affecting your personal information, Whe2 will notify affected users and the Information Regulator where required by law. We also maintain internal records of security incidents and the steps taken to address them.
15. PAIA manual
Access to information requests may also be made in terms of our PAIA Manual.
16. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this page and, where appropriate, provide additional notice through the app, website, or email.
17. Contact us
For privacy questions, data requests, or complaints:
- support@whe2.com for general and deletion requests
- legal@whe2.com for formal POPIA complaints or legal notices
You may also contact the Information Regulator of South Africa if you are not satisfied with our response: