Whisp

Privacy Policy

Learn how we collect, use, and protect your data

Last Updated: November 8, 2025

Introduction

Whisp ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Chrome extension and web application.

Information We Collect

1Information You Provide

  • Account Information: Email address, name, and password when you create an account
  • Recording Content: Screen recordings, audio, and visual annotations you create
  • User-Generated Content: Comments, replies, project names, descriptions, and tags
  • Payment Information: Payment details processed securely through Stripe (we do not store credit card information)

2Automatically Collected Information

  • Recording Metadata: Webpage URL, title, timestamp, duration, and file size of recordings
  • Usage Data: Feature usage, interaction patterns, and navigation within the application
  • Device Information: Browser type, version, operating system, and device identifiers
  • Authentication Tokens: Secure tokens to maintain your logged-in session

3Information from Third Parties

  • OAuth Authentication: If you sign in with Google or other providers, we receive basic profile information (name, email, profile picture) as permitted by the provider

How We Use Your Information

Core Functionality

  • Store and process your screen recordings and audio
  • Generate AI-powered transcriptions and summaries (Team plans only)
  • Enable sharing and collaboration features
  • Organize recordings into projects and workspaces
  • Provide annotation and commenting capabilities

Service Improvement

  • Analyze usage patterns to improve features
  • Debug technical issues and optimize performance
  • Develop new features based on user needs
  • Send service announcements and feature updates

Account Management

  • Authenticate and authorize users
  • Process subscription payments and manage billing
  • Provide customer support
  • Send important account notifications

Legal Compliance

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect against fraudulent or illegal activity

Data Storage and Security

Storage Infrastructure

  • All recordings and data are stored on Supabase, a secure PostgreSQL database with enterprise-grade security
  • Video files are stored in encrypted cloud storage buckets
  • Data is encrypted in transit (TLS/HTTPS) and at rest (AES-256)

Security Measures

  • Industry-standard encryption protocols
  • Secure authentication using JWT tokens
  • Regular security audits and updates
  • Access controls and role-based permissions
  • Automatic logout after period of inactivity

Data Retention

  • Recordings are stored until you delete them or close your account
  • Deleted recordings are permanently removed within 30 days
  • Account data is retained for legal and billing purposes for up to 7 years after account closure

Data Sharing and Disclosure

We Share Data Only in These Limited Circumstances:

✓ With Your Consent

  • Team members you explicitly add to your organization
  • Recipients you share recording links with
  • People you grant access to specific projects

Service Providers

  • Supabase: Database and storage infrastructure
  • OpenAI: AI transcription and summary generation (Team plans only)
  • Stripe: Payment processing
  • Resend: Transactional email delivery

Legal Requirements

  • When required by law, subpoena, or court order
  • To protect our rights, property, or safety
  • To prevent fraud or illegal activity

✗ We Never:

  • Sell your personal data to third parties
  • Use your recordings for advertising purposes
  • Share your data with data brokers
  • Train AI models on your private recordings without explicit consent

Your Rights and Choices

Access and Control

  • View Your Data: Access all your recordings and account information at any time
  • Download Data: Export your recordings and metadata
  • Delete Data: Permanently delete individual recordings or your entire account
  • Update Information: Modify your profile and account settings

Privacy Controls

  • Visibility Settings: Set recordings as public, team-only, or private
  • Sharing Controls: Revoke access to shared recordings
  • Team Permissions: Control who can view team recordings
  • Email Preferences: Opt out of non-essential communications

Account Deletion

You may delete your account at any time from your account settings. Upon deletion:

  • All recordings will be permanently deleted within 30 days
  • Team memberships will be removed
  • Subscription will be canceled
  • Personal information will be deleted (except as required for legal/billing purposes)

Chrome Extension Permissions

Our Chrome extension requires the following permissions:

PermissionPurpose
tabCaptureRecord screen and audio from browser tabs
activeTabIdentify the tab being recorded
scriptingInject annotation overlay and controls
storageSave user preferences and settings locally
notificationsAlert you when recordings start/stop/complete
clipboardWriteCopy shareable links to clipboard
offscreenProcess video encoding in background
tabsManage recording state across tabs
alarmsSchedule periodic cleanup of temporary data

Third-Party Services

OpenAI (AI Features)

For Team plan users, we use OpenAI's API for:

  • Audio transcription (Whisper API)
  • AI-generated summaries (GPT-4)

Audio files are sent to OpenAI's API but are not used to train their models. Learn more

Stripe (Payments)

Payment processing is handled by Stripe. We do not store credit card information.

See Stripe's Privacy Policy

Supabase (Infrastructure)

All data storage and authentication is powered by Supabase.

See Supabase's Privacy Policy

Your Legal Rights

California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it's used
  • Request deletion of your personal information
  • Opt-out of sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@whisp.com

European Privacy Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing of your data
  • Data portability
  • Object to processing
  • Withdraw consent

To exercise these rights, contact us at privacy@whisp.com

Children's Privacy

Whisp is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn we have collected information from a child under 13, we will delete it immediately.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you within 72 hours via email and through the application.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Significant changes will be communicated via email or in-app notification.

Continued use of Whisp after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices:

Email: privacy@whisp.com

Data Protection Officer: dpo@whisp.com

Consent

By using Whisp, you consent to this Privacy Policy and our Terms of Service.

Version 1.0 - November 8, 2025