Transparency
HuniWhisp is being built in a category with roughly 100% mortality. Anonymous social platforms die from the same handful of failure modes — toxicity, exploitation, ad-network creep, founder-burnout. We have wired every risky lever so those failure modes are architecturally impossible, not just policy-prohibited. This page lists the wiring, in public.
Last reviewed: 2026-06-13. Status of every killswitch is read live from the admin panel — no marketing copy, no aspirations, just current state.
Our commitments
These seven commitments are the architectural shape of the BIG UPDATE risk-counterarchitecture. Each is paired with a killswitch below that you can see the live state of.
Random 1:1 video pairing is NEVER offered
The pairing primitive that powered Omegle and Yubo into category-death is not in our code. Live video is a one-to-many broadcast you opt into watching — there is no "next" button that drops you in front of a stranger. The routing layer refuses the operation; it is not a policy we enforce, it is a function we did not write.
Ads are first-party only — no ad networks, ever
No third-party ad SDKs are loaded by the site. We do not call out to an exchange. Every advertiser has a contract on file with us. If a network is the failure-mode (interest profiling, brand-unsafe placement, child-targeted creative leak), it cannot fail here because it is not connected.
Ad slots are matched to post tags, not viewer interest
The match key for an ad is the tag of the post it lives on. We do not build a behavioural profile of the viewer. There is no interest graph to leak, sell, or hand over to a subpoena.
Only wellness-category advertisers (curated whitelist)
Advertiser category is enforced at the SQL-constraint level — off-whitelist categories fail insert at the database, not at a moderation step. Gambling, alcohol, predatory finance, weight-loss-shame, and dating-platform ads are not in the schema.
Authors opt in to monetize their post — and keep the revenue
A post earns ad revenue only if its author flipped the per-post monetization toggle. Authors get the cheque. The platform takes a transparent processing margin disclosed in the ledger below.
Mid-stream ads are forbidden on every surface
No pre-roll-into-a-confession, no mid-live-stream interruption, no audio-ad inserted between voice messages. Placements live next to content, never inside it. The interruption code path does not exist.
Every placement is logged here, publicly, for the life of the platform
Every ad insertion writes a row to the ledger below — advertiser, post tag, date, dollars routed to the author. There are no private placements. If it is not on this page, it did not happen.
Live ad ledger
Every ad placement, ever, appears in this table. Pre-launch this is intentionally empty — we have not run a single ad yet, and the ledger is the record that we still have not.
Safety architecture
The commitments above are enforced by a specific set of code paths and database constraints. We track those as 15 named killswitches — admin-tunable rows whose live state is shown below. The full design doc lives in the repo:
Full design: docs/RISK-COUNTERARCHITECTURE.md in the public HuniWhisp repo on GitHub.
The doc enumerates, for each failure mode in this category, the architectural shape we chose to make that failure mode physically impossible — and the killswitch below that lets you confirm it is still in that shape today.
Live killswitch state
Read directly from the admin retention_settings table. Refreshes every 60 seconds. "Unknown" means the killswitch has not yet been wired into the database — when you see "unknown", treat the corresponding surface as off.
See something here that does not match what the product is doing? Tell us at hello@huniwhisp.com. We treat transparency-page mismatches as bugs.