Privacy Policy

Whispr AI, LLC ("Whispr AI", "we", "us", or "our") operates the Whispr AI platform, an AI-powered customer engagement service. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our website, dashboard, chat widget, and related services (collectively, the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree, please discontinue use of the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address and name

• Password (stored as a cryptographic hash — we never store plaintext passwords)

• Two-factor authentication (2FA) configuration, if enabled

• Google account information, if you sign up via Google OAuth

1.2 Organization and Team Data

When you create organizations and invite team members, we collect organization names, descriptions, and the email addresses of invited members. Placeholder accounts are created for invited users who have not yet registered, and these are converted to full accounts upon registration.

1.3 Customer Content

We store content you upload or create within the Service, including:

• Knowledge base documents (manual entries, AI-generated content, scraped URLs, uploaded files)

• Chatbot configurations, personas, and instructions

• Conversation history between your chatbot and visitors

• Internal team messages and file attachments

• Support ticket data, including assignment and participant history

1.4 Visitor Data

When end users (Visitors) interact with chatbots powered by the Service, we may collect:

• Name and email address (if configured by the chatbot owner)

• Approximate geographic location (derived from IP address)

• Browser type, language, and user agent

• Chat messages and conversation content

Visitor email addresses are treated as contact information and are not used as unique identifiers. Multiple visitors may share the same email address.

1.5 Payment Information

Payment details (credit card numbers, billing addresses) are collected and processed directly by our payment processor, Stripe. We do not store full card numbers on our servers. We receive and store limited information from Stripe, such as the card brand, last four digits, and billing status, for display and record-keeping purposes.

1.6 Usage and Technical Data

We automatically collect technical information including IP addresses, browser type, device information, pages visited, and usage patterns to operate, maintain, and improve the Service.

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Operate chatbots, process knowledge base content through AI embeddings, deliver real-time conversations, and manage organizations.

• Process payments: Manage subscriptions, billing, invoicing, and add-on purchases.

• Send transactional communications: Email verification, password resets, team invitations, payment receipts, ticket notifications, and offline agent alerts.

• AI processing: Generate chatbot responses, create document embeddings for semantic search, and power the AI Copilot for agent assistance.

• Prevent abuse: Validate email addresses during registration, detect disposable or fraudulent accounts, and enforce usage quotas.

• Improve the Service: Analyze aggregated usage patterns, troubleshoot issues, and develop new features.

3. AI Data Practices

Your knowledge base content is processed using AI technology to create embeddings (mathematical representations) that enable semantic search. This allows your chatbot to find the most relevant information when answering visitor questions.

• Your content is not shared with other customers. Each organization's data is isolated.

• Your content is not used to train external AI models. It is used solely to provide responses for your chatbots.

• AI Copilot context is session-based and is not stored permanently after the agent session ends.

4. Third-Party Services and Data Sharing

We share your information with the following third-party service providers who help us operate the Service. Each provider processes data in accordance with their own privacy policies:

We do not sell your personal information to third parties. We may disclose your information if required by law, legal process, or a governmental request, or to protect the rights, property, or safety of Whispr AI, our customers, or the public.

5. Data Security

We implement industry-standard security measures to protect your data:

• All data in transit is encrypted using HTTPS/TLS.

• Data at rest is encrypted using standard encryption protocols.

• Passwords are stored using one-way cryptographic hashing.

• Access to customer data is restricted through role-based access control (RBAC).

• Payment processing is handled by Stripe, a PCI-DSS compliant payment processor.

• Two-factor authentication (2FA) is available for additional account security.

While we take reasonable precautions to protect your information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods:

• Active accounts: All data is retained while your subscription is active.

• After cancellation: Organization data, chatbot configurations, knowledge bases, and conversation history are retained for thirty (30) days to allow recovery. After this period, data may be permanently deleted.

• Account records: User account information and subscription records may be retained for a longer period for legal, audit, and compliance purposes.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.

• Correction: Request correction of inaccurate personal information.

• Deletion: Request deletion of your personal information by contacting our support team. Deletion requests are subject to our retention obligations and may take up to thirty (30) days to process.

• Portability: Request a machine-readable copy of your data.

• Objection: Object to certain processing of your personal information.

• Withdrawal: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@trywhispr.com. We will respond within thirty (30) days.

8. Cookies and Local Storage

We use cookies and browser local storage to operate the Service. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

9. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us and we will promptly delete it.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws different from those of your jurisdiction. By using the Service, you consent to the transfer of your information to these countries.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice on the Service. We encourage you to review this page periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: