Whispi - Privacy Policy

Effective Date: 01.09.2025 (dd.mm.yy)

1. Who We Are (Data Controller)

1.1. Whispi (“we”, “us”, “our”) is the data controller for your personal data.

1.2. Address: Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551 Estonia

1.3. Contact: whispiapp@gmail.com

2. Scope

2.1. This Privacy Policy explains how we collect, use, disclose, and protect personal data

when you use the Whispi mobile application and related services (“Service”).

2.2. By using the Service, you agree to this Policy.

3. Information We Collect

3.1. Account Information: Display name and age (provided by user), User ID

(generated by Firebase Authentication), account creation date, optional professional

interests and career goals.

3.2. Usage Data: Conversations with AI mentors, learning progress and skill tracking,

app usage statistics and patterns, device information, session duration and activity logs.

3.3. Payment Information: Purchase history through RevenueCat, subscription status,

learning credits balance.

3.4. Media Content:

a) Photos shared during sessions are transmitted securely to our AI processing providers

(e.g., OpenAI or equivalent) for real-time processing, are not stored on our servers,

and are discarded immediately after processing.

b) Voice messages are processed through ElevenLabs Speech-to-Text (STT). To allow

users to replay voice interactions, we retain voice files for up to 30 days in our storage,

then permanently delete them.

3.5. Log Data: IP address, device name, OS version, app configuration, error logs, time/

date of use, and other diagnostics.

4. Cookies and SDKs

4.1. The app itself does not explicitly use cookies; however, third-party SDKs (e.g.,

Firebase, RevenueCat, Google Analytics) may use cookies or similar technologies for

authentication, subscriptions, analytics, and reliability.

4.2. If you use our website (if any), cookies may be placed. See our Cookie Notice where

applicable.

5. How We Use Your Information

5.1. Provide, operate, and maintain the Service.

5.2. Personalize and improve features, performance, and content.

5.3. Handle purchases, subscriptions, and customer support.

5.4. Maintain security, prevent fraud/abuse, and perform diagnostics.

5.5. Comply with legal obligations.

6. Legal Bases for Processing (GDPR Article 6)

6.1. Contract: processing necessary to provide the Service.

6.2. Legitimate Interests: e.g., security, fraud prevention, minimal analytics, and service

improvement.6.3. Consent: where required for optional communications or certain analytics.

6.4. Legal Obligations: e.g., tax and accounting compliance.

7. Service Providers and Categories of Recipients

7.1. Firebase (Google): authentication, database, cloud functions.

7.2. RevenueCat: in-app purchases and subscriptions.

7.3. Google Analytics: usage analytics (with privacy controls).

7.4. ElevenLabs: speech-to-text processing for voice messages.

7.5. OpenAI (or equivalent AI LLM providers): real-time text/image processing for AI

mentor responses.

7.6. These providers act under our instructions and are bound by confidentiality and data

protection obligations.

8. International Data Transfers

8.1. Some providers may process data outside the EEA (e.g., the United States).

8.2. Where applicable, we rely on EU Standard Contractual Clauses (SCCs) and

implement additional safeguards.

9. AI Mentor System and No Professional Advice

9.1. AI mentors provide educational guidance only and do not constitute professional,

medical, legal, or financial advice.

10. Security

10.1. We use commercially reasonable safeguards to protect personal data; however, no

method of transmission or storage is 100% secure.

11. Data Retention

11.1. Mentorship conversations and learning progress are retained only as necessary to

provide continuity and personalization and are deleted or anonymized when no longer

needed.

11.2. Account data is retained while your account is active.

11.3. Deleted accounts: all associated personal data are permanently removed within 30

days.

11.4. Media: photos are never stored; voice messages are deleted after 30 days.

12. Your Rights (GDPR)

12.1. Right of access, rectification, erasure, restriction, portability, and to object to

processing; and right to withdraw consent at any time (without affecting prior lawful

processing).

12.2. To exercise rights, use in-app settings or contact whispiapp@gmail.com.

12.3. You may lodge a complaint with the Estonian Data Protection Inspectorate.

13. Children’s Privacy

13.1. We do not knowingly collect personal data from children under 16. Do not use the

Service if you are under 16.

14. Links to Other Sites

14.1. The Service may contain links to third-party sites not operated by us; review their

privacy policies separately.

15. Changes to This Policy

15.1. We may update this Policy from time to time. We will post the updated Policy with

a new “Effective Date”.

16. Contact Us

16.1. Email: whispiapp@gmail.com16.2. Address: Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551

Estonia