● Open for new work — Q3 2026Whimsy private beta is liveCodero in developmentIndependent · privacy-first · Torontonumeracode.com / journal updated 06.2026
    ● Open for new work — Q3 2026Whimsy private beta is liveCodero in developmentIndependent · privacy-first · Torontonumeracode.com / journal updated 06.2026
    ● Open for new work — Q3 2026Whimsy private beta is liveCodero in developmentIndependent · privacy-first · Torontonumeracode.com / journal updated 06.2026

    Doc · α · effective 2026.04.27

    Privacy Policy.

    Minimum scope. Transient processing. Zero raw-byte storage. The whole policy in plain English — and it stays plain.

    1.1

    Our commitment to privacy

    Whimsy (operated by NumeraCode Inc., based in Toronto, Ontario) is a distributed storage control plane. We provide tools to search, automate, and organize files that live in the cloud accounts you already use. We do not store the files themselves; we index the metadata required to make search and audit work.

    This Privacy Policy explains what information we collect, how we use it, who we share it with, how long we keep it, and the rights you have over it. By using Whimsy you agree to the practices described here.

    Minimum scope guarantee

    We only request the minimum API scopes required to provide the services you select. You retain the absolute right to revoke access at any time via your Whimsy dashboard or your provider's security settings.

    Canadian compliance

    As a Canadian operator, Whimsy adheres to the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Law 25.
    1.2

    What we collect

    We collect three categories of information:

    • Account information: your name and email address when you sign up or log in (including via Google or another identity provider).
    • Authentication data: OAuth tokens we hold on your behalf so Whimsy can call the cloud-storage providers you connect (such as Google Drive, Dropbox, OneDrive, Amazon S3, Cloudflare R2, Google Cloud Storage, Backblaze B2, Wasabi, and SFTP servers).
    • Metadata about your files: filenames, folder paths, sizes, modification timestamps, and similar attributes — but never the file contents. We compute small numeric "embeddings" of names and paths to power semantic search; these are stored alongside the metadata in our index.

    We use essential technical cookies via Firebase Auth to maintain your session. We do not use third-party tracking pixels and we do not run ad-tech scripts.

    1.3

    How we use your information

    • To authenticate you and let you sign in to Whimsy.
    • To let you connect, manage, and disconnect cloud-storage accounts.
    • To execute the file operations you initiate — search, move, rename, share, upload, delete — against the providers you've connected.
    • To maintain, debug, and improve the service.
    • To provide customer support and communicate important updates.

    We do not sell, rent, or share your information with third parties for advertising or marketing.

    1.4

    Data collection from Google APIs

    When you connect a Google account, Whimsy may request the following OAuth scopes:

    • userinfo.profile and userinfo.email — to identify your account inside Whimsy.
    • Restricted scopes (drive.readonly): to index metadata across your Drive so you can search across it together with your other clouds.
    • Sensitive scopes (drive.file): to perform file operations (upload, rename, move) that you initiate inside Whimsy.

    We request these scopes only when you opt in. You can revoke them at any time from myaccount.google.com/permissions or from your Whimsy dashboard.

    1.5

    Google limited use disclosure

    Whimsy's use and transfer of information received from Google APIs to any other app will adhere to the Google API Service User Data Policy, including the Limited Use requirements.

    1.6

    Sub-processors

    We use the following third-party services to operate Whimsy. Each has been vetted for security and privacy compliance:

    EntityPurposeLocation
    Google (Firebase)Auth & Session managementUSA / Canada
    DigitalOceanAPI & Index InfrastructureUSA / Canada
    ResendEmail deliveryUSA
    1.7

    Retention & deletion

    We retain your metadata and OAuth tokens only as long as your connection is active.

    • Metadata: If you disconnect a provider, all associated metadata is purged from our production index immediately and from encrypted backups within 30 days.
    • Tokens: Disconnecting a provider revokes our access immediately; tokens are deleted from our database.
    • Account deletion: If you delete your Whimsy account, all personal information, authentication data, and indexed metadata is scheduled for permanent deletion after a 30-day recovery window.
    1.8

    Your rights

    Under PIPEDA and Law 25, you have the right to access the data we hold about you, to correct inaccuracies, and to request its deletion. You can exercise these rights directly via your dashboard or by contacting our Privacy Officer.

    1.9

    Changes to this policy

    We may update this policy to reflect changes in our services or legal requirements. If we make material changes, we will notify you via the email address associated with your account.

    1.10

    Contact & breach notification

    Whimsy's Privacy Officer is responsible for our compliance with Canadian privacy laws. If you have questions or concerns, please reach out:

    NumeraCode Inc.
    Attn: Privacy Officer
    Toronto, Ontario, Canada
    [email protected]

    In the event of a security breach involving your personal data, we will notify you and the relevant authorities within 72 hours of discovery, as required by Law 25 and PIPEDA.