Privacy Policy

Last updated: May 18, 2026

This Privacy Policy describes how Grupo de WhatsApp (grupodewhatsapp.com), the mobile app Grupos de Whats - Links Ativos (com.gruposdewhats.mobile on the Google Play Store), and the Chrome extension Grupos de WhatsApp - Encontre e Entre em Grupos (bfljpnadnadfjpbahpagdjflpofhhenc on the Chrome Web Store) — collectively, the "Service" — collect, use, and protect your information.

The Service is operated independently and is not affiliated with, endorsed by, or sponsored by WhatsApp LLC, Meta Platforms, Inc., or any of their subsidiaries. WhatsApp is a registered trademark of WhatsApp LLC.

1. Who we are

We are a directory of public WhatsApp groups. Users submit publicly-available invite links, and our team validates each group before listing it. We do not host messages, conversations, or any content generated inside WhatsApp groups.

2. Data we collect

2.1 On the website (grupodewhatsapp.com)

  • Usage data: pages visited, search terms, categories browsed, traffic source (referrer), browser language, and timestamps.
  • IP address: used only for rate limiting, abuse prevention, and aggregate geolocation analytics (country/region). Not stored linked to your identity.
  • Cookies: we use essential cookies (session, language and theme preferences) and analytics cookies (Google Analytics, Vercel Analytics). See section 6.
  • Bot verification: Cloudflare Turnstile may be used on sensitive actions (revealing invite links, submitting groups).

2.2 In the mobile app (Grupos de Whats - Links Ativos)

  • Non-advertising device identifier: IDFV on iOS and Android ID on Android. Used only for rate limiting, abuse prevention, and anonymous device association. We do not use IDFA or any advertising identifiers.
  • Anonymous locally-generated ID: UUID v4 created on first app open and stored securely on the device (Keychain/Keystore via expo-secure-store).
  • Usage and event data: screens visited, searches performed, groups viewed, selected language and theme.
  • IP address (server-side): used only for rate limiting.
  • Local preferences: theme (light/dark/system), language, hidden groups, search history — stored only on your device (local SQLite).

2.3 In the Chrome extension (Grupos de WhatsApp - Encontre e Entre em Grupos)

The extension is optional. You only need to install it if you want to use the automatic affiliate-link generation features on partner marketplaces (Mercado Livre, Amazon, Shopee). For browsing the group directory, the website works without the extension.

  • Your grupodewhatsapp.com account e-mail: the extension connects to your account via a handshake performed in a tab on our site (you must be logged in). We store only the e-mail and the internal account ID in the browser's local storage (chrome.storage) — never your password.
  • Authentication cookies of connected marketplaces: when you click "Connect" for a specific marketplace, the extension reads the session cookies of that domain (e.g. mercadolivre.com.br) via the chrome.cookies API. These cookies are sent over HTTPS to our server and stored encrypted at rest with AES-256-GCM (256-bit key under our exclusive control). They are bound exclusively to your account — no other user has access.
  • What we use them for: solely and exclusively to generate, on your behalf, authenticated affiliate links on the marketplaces you connected — the same flow as cashback extensions. We do not publish, share, or resell these cookies. We do not use them for any other purpose.
  • Local sync queue: the extension keeps a queue in chrome.storage with the marketplaces pending sync (domain names and timestamps only — never the cookie contents in cleartext).
  • Domains the extension can access: only grupodewhatsapp.com, mercadolivre.com/.com.br, amazon.com/.com.br, and shopee.com/.com.br. The extension cannot access any other site you visit.
  • How to disconnect/delete: click "Disconnect" in the extension popup to end the local session. To delete the cookies stored on our server, click "Disconnect marketplace" for each listed marketplace, or go to /en/my-account and use the "Delete credentials" option. Uninstalling the extension removes the local session but does not automatically delete cookies already sent — use the flow above.

2.4 What we do NOT collect

We do not collect: name, phone number, precise location (GPS), photos, videos, files, contacts, calendar, in-group messages, financial data, health data, biometric data, payment information, or any other personally identifiable information not listed above.

The website and mobile app work without requiring registration. Account creation (with e-mail) is only necessary for optional features such as the Chrome extension and the /my-account panel.

3. What we use the data for

  • Operate and maintain the Service (core functionality).
  • Prevent abuse, fraud, and automated activity (rate limiting).
  • Analyze usage in aggregate to improve the product.
  • Moderate content and respond to reports of inappropriate groups.
  • Comply with legal obligations.

We do not use your data for targeted advertising and we do not sell it to third parties.

4. Data sharing

We share data only with essential providers required to operate the Service:

  • Supabase (database and backend) — stores anonymous and aggregated data.
  • Vercel (website hosting) — processes HTTP requests.
  • Cloudflare (CDN and anti-bot protection).
  • Google Analytics and Vercel Analytics (aggregate usage analytics).

We may disclose data when legally required (court order, request from a competent authority).

5. Retention and deletion

  • Aggregate usage data: up to 26 months.
  • Rate-limiting logs: 30 days.
  • Local app data: you can erase it at any time by clearing the app's data on Android (Settings > Apps > Grupos de Whats > Storage > Clear data).

Since we do not collect personally identifiable data for the website/app browsing flow, there is no "account" to delete in that context. To request deletion of any data associated with your IP / device identifier, contact us.

6. Cookies and similar technologies

The website uses the following cookie categories:

  • Essential: session, theme and language preferences.
  • Analytics: Google Analytics, Vercel Analytics.
  • Security: Cloudflare Turnstile (anti-bot verification).

The mobile app does not use cookies. It uses native local storage (SQLite, Keychain/Keystore).

7. Your rights (LGPD / GDPR)

You have the right to confirm processing, access, correction, anonymization, portability, and deletion of your data. Because our collection is minimal and anonymous by default, in practice most of these rights are satisfied by the product's architecture itself. To exercise any right, contact us.

8. Children

The Service is intended for users 13 years of age and older. We do not knowingly collect data from children under 13. If you believe we have collected data from a child, contact us and we will remove it immediately.

9. Security

We adopt reasonable technical and organizational measures to protect your data (HTTPS on all communications, network segregation, access control). No system is 100% secure; we will report relevant incidents as required by law.

10. International transfer

Our providers (Supabase, Vercel, Cloudflare, Google) may process data outside Brazil. We ensure these providers adopt standard contractual clauses or equivalent mechanisms recognized by applicable legislation.

11. Changes to this policy

We may update this policy from time to time. Material changes will be signaled on the site's home page or via notice in the app. The "Last updated" date at the top of this page indicates the current version.

12. Contact

For questions, rights requests, or privacy-related reports:
E-mail: contato@grupodewhatsapp.com
Contact page: /en/contact