Where the line is, drawn explicitly.

The product is a web workbench with a Pro Desktop add-on

Whet is a self-serve SaaS. The default surface is a web app that runs on Whet's managed infrastructure and lets you wire public sources (Reddit, YouTube, Hacker News, RSS, any public web URL) that Whet ingests, scores against an LLM, and surfaces as a daily digest.

The Pro tier ($29/mo) additionally includes a Desktop add-on: a closed-source binary for macOS, Windows and Linux that runs the same workbench locally and lets you bring your own LLM key (BYOK) or delegate to a local agent CLI (BYOA). The Desktop add-on is positioned as a power-user upgrade, not the default.

The sources catalog

Whet ingests from sources that are backed by an official public API or an open protocol. The catalog is fixed and named explicitly on the marketing site:

• Reddit. Reddit API (OAuth, official). Your team or Whet's managed account holds the OAuth tokens depending on tier.
• YouTube. YouTube Data API (official). Quota-aware, schedule-respecting.
• Hacker News. Algolia HN API (public). Zero auth needed.
• RSS / Atom. Open protocol. Any feed your team gives us.
• Public web URLs. Any HTTPS URL your team pastes. We pull a clean markdown extract.
• BYO content. Direct upload of files your team provides.

Whet does not ingest from non-public platforms via burnable accounts, scraped cookies, or any pattern that depends on bypassing a platform's terms of service. If a source is not in the catalog above, it is not in scope for the product.

Who operates what

• Web tiers (Free, Basic, Pro web): Whet operates the workbench, the ingestion adapters and the managed LLM analysis on its infrastructure. Your team brings the source list and the prompts; Whet brings the runtime. Whet absorbs the LLM cost (Gemini Flash-Lite on Free and Basic, Flash on Pro web).
• Desktop add-on (Pro): Your team operates the local binary on machines under your control. The binary uses keys or agent CLIs you provide. Whet is not in the request path for the LLM calls; the binary talks to the LLM provider directly.
• Sync between web and desktop: end-to-end encrypted. We carry blobs we cannot decrypt; the encryption key is derived from your account passphrase.

Publishing requires explicit confirmation

Whet does not auto-publish on your behalf. The workbench, the CLI whet publish command and the MCP publish_artifact tool all require an explicit confirmation step (or an explicit --no-confirm flag in scripted contexts that your team has authorised).

This is a deliberate design choice, not a toggle. Every published item is attributable to a human decision by your team, which simplifies the legal posture around defamation, copyright and platform-terms compliance.

Data handling

• Web tiers: we process your sources and the LLM responses to run the analysis. We do not sell, share or aggregate your data across customers. You can export everything as portable markdown at any time.
• Desktop add-on with BYOK or BYOA: the LLM payload never reaches Whet; the binary talks directly to the provider you chose.
• No cross-customer aggregation. There is no shared "Whet dataset" trained on customer content.
• Credentials are encrypted at rest in the managed database (for source OAuth tokens) or in the local store (Desktop).

Indemnification

The subscription terms (and, for Team or custom, the signed statement of work) contain an indemnification clause that splits responsibility by surface: Whet is responsible for the quality and safety of the software it ships and the cloud services it operates; your team is responsible for the source list you wire, the prompts you run, the keys you bring on Desktop, and the artifacts you publish.

Due diligence packet

For vendor reviews, the following are typically sufficient and can be requested at legal@whet.so:

• Subscription terms (Free, Basic, Pro) and the Team or custom SOW template.
• Indemnification clause language.
• Security commitments page linked from this site.
• Privacy policy covering whet.so, the web tiers and the Desktop add-on.
• Third-party penetration test summary (under NDA, on request).

What this is not

This page is the public framework. It is not legal advice and it does not replace your subscription agreement or, for Team or custom, the signed statement of work. If you need a sign-off for a specific compliance regime (HIPAA, FedRAMP, ISO 27001 with audit), please tell us on the discovery call. We will be honest about whether Whet is the right fit.

Questions? legal@whet.so.