Spin Now

🔒 Privacy & Security

Wheelio was designed from day one with a simple principle: what happens in your browser, stays in your browser. No accounts. No tracking. No data collection. Ever.

🛡️ We Collect Zero Personal Data

When you use Wheelio, nothing you type is ever sent to a server. Your segment labels, percentages, colors — all of it lives exclusively in your browser's memory and local storage. It is never transmitted, stored remotely, or analyzed by us.

❌ We never collect:
  • • Your name, email, or any personal identifier
  • • The content of your wheel (labels, options)
  • • Your IP address or geolocation
  • • Your device fingerprint
  • • Behavioral analytics or heatmaps
  • • Session recordings
✅ We do:
  • • Serve static files from a CDN
  • • Use a Service Worker to cache the app locally
  • • Store your wheel configuration in localStorage on your device
  • • Let you export and own your data as a JSON file

🙅 No Account Required — Ever

Wheelio has no login, no sign-up form, no email wall, and no "create a free account to save your wheel" dark pattern. You open the page, you use it, you leave. That's it.

No account means there is no profile to breach, no password to steal, and no data to leak. The simplest security is not collecting the data in the first place.

🍪 No Tracking Cookies

Wheelio does not use advertising cookies, cross-site tracking cookies, or any third-party analytics scripts (no Google Analytics, no Facebook Pixel, no HotJar). The only storage Wheelio uses is localStorage — a browser-local mechanism that cannot be read by any other website and is never transmitted over the network.

This is also why you don't see a cookie consent banner — because there's genuinely nothing to consent to.

🔐 Cryptographically Secure Randomness

The result of every spin is generated using window.crypto.getRandomValues() — the Web Cryptography API built into every modern browser.

// What Wheelio uses:
const array = new Uint32Array(1);
window.crypto.getRandomValues(array);
const random = array[0] / (0xFFFFFFFF + 1);

This source of randomness is seeded by the operating system's entropy pool (hardware noise, timing jitter, etc.) — making it statistically indistinguishable from true randomness and impossible to predict or manipulate. It is the same API used by password managers and cryptographic libraries.

Compare this to Math.random(), which is a deterministic pseudo-random number generator (PRNG) — theoretically predictable with the right information. Wheelio deliberately avoids it.

🌐 HTTPS & Static Hosting

All traffic to Wheelio is encrypted via TLS/HTTPS. This protects your session from eavesdropping even on public Wi-Fi networks.

Wheelio is deployed as a fully pre-rendered static site. There is no backend server running custom code — no database, no API endpoint, no session management. This dramatically reduces the attack surface: there is nothing to exploit server-side.

🔍 Transparency & Auditability

You don't have to take our word for it. Because Wheelio runs entirely in your browser, you can inspect every line of code it executes using your browser's built-in DevTools.

Open the Network tab and verify that no data is being sent anywhere. Open the Application tab and inspect exactly what is stored in localStorage. Open the Sources tab and read the JavaScript directly.

We believe privacy claims should be verifiable — not just policy statements.

💾 Your Data, Your Device

When you build a wheel, Wheelio saves your configuration in your browser's localStorage. This data:

  • • Is stored only on your device
  • • Is never synced to any cloud or remote server
  • • Can be fully exported as a JSON file that you own and control
  • • Can be cleared at any time via your browser settings
  • • Is not accessible to any other website (browser same-origin policy)

Questions or concerns about privacy? Reach out — we're happy to explain exactly what runs in your browser.

🎡 Start Spinning — Privately