Privacy Policy

1. Data Controller

1Whisper is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at: privacy@1whisper.app

2. Personal Data We Collect

We collect the following categories of personal data:

• Account Data: Email address, name (if provided), and authentication credentials when you create an account.
• Device Data: Device identifiers, device name, and operating system version for license management and session tracking.
• Transaction Data: Purchase history, subscription status, and payment information (processed by our payment provider).
• Technical Data: IP address, browser type, and access timestamps for security and service improvement.

Important: 1Whisper processes all voice transcription locally on your device. We do not collect, transmit, or store any audio recordings or transcribed text.

3. How We Use Your Data

We process your personal data for the following purposes:

• Service Delivery: To provide, maintain, and improve our dictation application and manage your account.
• License Management: To verify your subscription status and manage device activations according to your license terms.
• Communication: To send you service-related notifications, updates, and respond to your inquiries.
• Security: To detect, prevent, and address fraud, abuse, and security issues.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services and fulfill our contractual obligations to you.
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services and ensuring security, where these interests are not overridden by your rights.
• Legal Obligation: Processing necessary to comply with legal requirements.
• Consent: Where required by law, we will obtain your consent before processing certain types of data.

5. Data Sharing and Third Parties

We may share your personal data with the following categories of recipients:

• Payment Processors: RevenueCat and associated payment providers to process transactions and manage subscriptions.
• Cloud Infrastructure: Supabase for secure data storage and authentication services.
• Legal Authorities: When required by law, court order, or to protect our legal rights.

All third-party processors are bound by Data Processing Agreements (DPAs) that ensure GDPR-compliant handling of your data.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data in accordance with GDPR requirements.

7. Data Retention

We retain your personal data as follows:

• Account Data: Retained for the duration of your account and for up to 30 days after account deletion.
• Transaction Data: Retained for 7 years to comply with tax and accounting requirements.
• Technical Data: Retained for up to 90 days for security and troubleshooting purposes.
• Device Sessions: Automatically removed after 30 days of inactivity.

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Restriction: Request that we limit how we use your data.
• Right to Data Portability: Request your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at privacy@1whisper.app. We will respond to your request within one month.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, access controls, and regular security assessments. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Cookies and Tracking

Our website uses essential cookies necessary for the functioning of our services, such as authentication and session management. We do not use tracking cookies or third-party analytics that collect personal data without your consent. If we introduce optional cookies in the future, we will obtain your consent before placing them.

11. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@1whisper.app, and we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Complaints

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with a supervisory authority. In the EU, you can contact your local Data Protection Authority. We would appreciate the opportunity to address your concerns directly, so please contact us at privacy@1whisper.app first.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

Email: privacy@1whisper.app