Back to home

Privacy Policy

Last updated: November 12, 2025

1. Overview

Whisper Security provides AI-assisted security scanning and remediation services for software teams. This Privacy Policy explains how we collect, use, and protect personal information when you use our websites, applications, or related services (collectively, the "Services"). By accessing or using the Services, you consent to this Privacy Policy.

2. Information We Collect

We collect information in the following categories:

  • Account information: name, email address, authentication credentials, organization details, and user role assignments you provide when creating or managing an account.
  • Workspace and project data: repository metadata, configuration selections, scan preferences, issue annotations, and feedback shared through the Services.
  • Usage data: device information, log files, diagnostic data, security audit trails, cookies, and similar technologies that help us operate and secure the Services.
  • Payment information: billing contact details and transaction records processed on our behalf by PCI-compliant payment providers (for example, Stripe). We do not store full payment card numbers.
  • Support and communications: messages, files, and contact details submitted through support requests, webinars, research programs, or sales inquiries.

3. How We Use Information

We use collected data to:

  • Deliver, maintain, and improve the Services, including personalized dashboards and automation features.
  • Authenticate users, enforce access controls, and safeguard customer environments.
  • Provide customer support, onboarding, training, and product communications.
  • Monitor usage metrics, detect abuse, and maintain the security and stability of our infrastructure.
  • Process payments, manage subscriptions, and send invoices or renewal notices.
  • Comply with legal obligations, industry standards, and enforce our agreements.

4. Legal Bases

If you are located in the European Economic Area, United Kingdom, or Switzerland, we rely on the following legal bases to process personal data: performance of a contract, legitimate interests in delivering and securing the Services, compliance with legal obligations, and your consent where required.

5. Information Sharing

We do not sell personal information. We may share information with service providers who support hosting, data processing, analytics, payment processing, customer success, or communication workflows. These providers are bound by confidentiality and data protection obligations. We may also disclose information if required by law, to protect the rights and safety of Whisper Security or others, or in connection with a corporate transaction such as a merger, financing, or acquisition.

6. Data Retention

We retain personal information for as long as necessary to provide the Services, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. When retention is no longer required, we take reasonable steps to delete or anonymize the information.

7. Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. No system can be completely secure, so we encourage you to use strong passwords, keep credentials confidential, and promptly notify us of any suspected compromise.

8. Your Choices and Rights

Depending on your location, you may have the right to access, correct, update, delete, or restrict the processing of your personal information. You can manage many settings within the product or by contacting us. You may also opt out of marketing communications by following the instructions in those messages.

9. Children's Privacy

The Services are not directed to individuals under 16, and we do not knowingly collect personal information from children. If we become aware that a child has provided personal information, we will take steps to remove the data and disable the account.

10. International Transfers

Whisper Security operates in multiple regions. When we transfer personal information outside of the country where it was collected, we do so in accordance with applicable data protection laws and rely on appropriate safeguards such as standard contractual clauses.

11. Changes to This Policy

We may update this Privacy Policy to reflect product changes, legal requirements, or best practices. We will post the revised policy on this page and update the "Last updated" date. If changes materially affect your rights, we will provide additional notice through the Services or by email.

12. Contact

For privacy requests or questions, email support@usewhisper.dev. We aim to respond within two business days.