Privacy Policy

Last updated: February 2026

1. Introduction

Display My MRR (“we”, “our”, “us”) is operated by Display My MRR Ltd, a company registered in England and Wales. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service.

2. Data We Collect

We collect and store only the minimum data required to operate the Service:

  • Whop username — to identify your account
  • Email address — provided via Whop OAuth for account communication
  • OAuth tokens — encrypted and used solely to access your Whop data on your behalf
  • Subscription details — membership status, plan, and payment history to manage your access
  • Display preferences — your chosen business name, description, website, and currency

We do not collect, store, or process any data beyond what is listed above.

3. How We Use Your Data

Your data is used exclusively to:

  • Authenticate you via Whop OAuth
  • Fetch your revenue and subscription data from the Whop API
  • Display your revenue metrics on your private dashboard and public proof page
  • Manage your subscription status

4. Data We Do Not Collect or Sell

  • We do not sell, rent, or share your personal data with any third party
  • We do not use advertising or tracking cookies
  • We do not use your data for marketing purposes
  • We do not store your customers' personal information
  • We do not share your data with AI training providers

5. Data Storage and Security

Your data is stored on a secured, self-hosted server. OAuth refresh tokens are encrypted using AES-256-GCM before storage. All connections use HTTPS. We use secure, HTTP-only session cookies for authentication.

6. Third-Party Services

We integrate with the following services solely to operate the product:

  • Whop API — to access your revenue and subscription data with your authorisation
  • MongoDB — for secure data storage

No data is shared with any other third party.

7. Cookies

We use a single essential session cookie (whop_user_token) for authentication. This is a secure, HTTP-only cookie required to keep you logged in. We do not use analytics, advertising, or third-party tracking cookies.

8. Your Rights (UK GDPR)

Under UK GDPR, you have the right to:

  • Access — export all your data at any time from the Settings page
  • Rectification — your account data syncs from Whop; display preferences can be updated in Settings
  • Erasure — request full account deletion from Settings; all data is permanently removed within 30 days
  • Portability — export your data in JSON format from Settings
  • Objection — you can disable your public page at any time

9. Data Retention

We retain your data for as long as your account is active. Upon receiving a deletion request, all personal data is permanently removed within 30 days. No anonymised or aggregate data is retained after deletion.

10. Children

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be reflected by the “Last updated” date at the top of this page. Continued use of the Service constitutes acceptance of the updated policy.

12. Contact

For any privacy-related questions or data requests, contact us at support@displaymymrr.com