W
Whisper

Privacy First

Last updated: 07 August 2025

1. Introduction

Whisper is a desktop application that lets you take screenshots and receive AI-powered insights. We respect your privacy and process data strictly under the General Data Protection Regulation (GDPR).

2. Personal data we collect

  • Account information: email address and profile data managed by Clerk Authentication.
  • Screenshots: captured only when you explicitly grant screen-recording permission; processed in memory and never written to disk.
  • Payment data: handled by Stripe for subscription management.

Local Meeting Storage

Whisper Desktop writes meetings, transcripts, and AI insights only to the encrypted Whisper application data folder on your device (e.g. ~/Library/Application Support/Whisper/ or %APPDATA%\\Whisper\\). Nothing is synced to our servers. You can open the folder anytime via "Open Whisper Storage" in the desktop Settings panel.

3. Legal basis of processing

We process your data under Art. 6(1)(b) GDPR (performance of the account contract), Art. 6(1)(a) GDPR (your consent for each screenshot analysis) and Art. 6(1)(c) GDPR (compliance with accounting obligations for payments).

4. Screenshot handling

Screenshots are captured via Electron's desktopCapturer after you grant system permission. They are sent to our backend for AI analysis over TLS 1.3, processed in-memory, then immediately overwritten. No image is stored on disk or in any database.

Local Processing

During a session the app reads data directly from your local SQLite store. Processing stays on-device unless you initiate a cloud sync or AI request that requires the internet. Clearing or resetting storage can be done from the Settings > Data section.

5. Sub-processors & security

Desktop Sub-processors

Your Device Storage — Encrypted SQLite database that persists meetings, transcript snippets, presets, and shortcut preferences locally. No third-party service has access to this data.

  • ClerkClerk — User authentication and account management (US-based, SOC 2 certified).
  • StripeStripe — secure payment processing (certified under the EU-US Data Privacy Framework).
  • Hosting Provider PostgreSQL Database and application hosting.

6. Data retention

Account data is retained until you delete your account through Clerk, after which it is erased within 30 days. Payment records are kept for the statutory 7–10 years required by tax law. Screenshots are never retained.

7. Your rights

You have the right to access, rectify, erase, restrict, or port your personal data, and to withdraw consent at any time. To exercise these rights, contact us at contact@app-whisper.com

8. Contact & Data Processing Agreement

Data Controller: Whisper App Registered address: Athens, Greece Email: contact@app-whisper.com