Whisp Privacy Policy

Last Updated: August 12, 2025

Introduction:
Whisp is an AI-powered business assistant application developed and operated by Sole Proprietor Asadli E.V. (referred to as “Whisp,” “we,” “us,” or “our”), located in Karaganda, Kazakhstan. We are committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how and why we collect it, how it is used and stored, and your rights regarding this data. By using Whisp, you agree to the collection and use of information in accordance with this policy.

Data We Collect

We collect and process the following types of personal data in order to provide and improve the Whisp service:
• Contact and Account Information: Your name, business name (if applicable), email address, and other profile details when you register or connect your accounts to Whisp. This may include your Instagram username and basic profile information obtained via the Instagram Graph API (such as profile name and account ID).
• Communication Data: The content of messages and communications that you manage through Whisp. For example, if you integrate your Instagram or WhatsApp messaging with Whisp, we collect and process the messages you send and receive (including text, images, and other media in those messages) in order to automate and facilitate your client communications.
• Social Media and Meta Data: Information from your connected social media accounts that Whisp needs to function. This can include follower counts, timestamps of messages, message metadata, and other Instagram/WhatsApp account data available through official Meta integrations.
• Team Performance Data: Data related to your team’s use of Whisp, such as number of client inquiries handled, response times, resolution rates, and other key performance indicators (KPIs) that Whisp tracks to provide analytics on your team’s communication performance.
• Usage and Technical Data: When you use our website or app, we may collect technical information such as your device type, browser type, IP address, and usage logs (e.g. features used, time and date of access). This data helps us ensure the service is working securely and effectively.
• Any Data You Provide Us: This includes information you voluntarily provide when contacting support, responding to surveys or feedback requests, or any other interaction with us. We only collect what you choose to provide for such purposes.

We do not intentionally collect any sensitive personal data (such as financial information, health data, or special categories of personal data) through Whisp. We also do not target or knowingly collect data from anyone under the age of 18, as Whisp is intended for use by businesses and their authorized staff.

Purpose of Data Use

Whisp collects and uses your data solely for the following purposes:
• Providing the Service: We use the collected information to operate and deliver the Whisp services to you. This includes facilitating communication on your behalf (e.g. sending and receiving Instagram or WhatsApp messages through the app), automating responses via AI, and managing your messaging across platforms.
• Analytics and KPIs: Personal and team performance data are used to generate reports and analytics (such as response rates, message volumes, and other KPIs) to help you track business communication performance and improve customer service.
• Communication Automation: We process message content and history in order to enable Whisp’s AI-powered features, such as suggesting replies, routing inquiries, or automating certain client interactions. This helps your business respond faster and consistently to client messages.
• Service Improvement: We may analyze usage patterns, feedback, and error logs to understand how Whisp is used and to improve our application’s functionality, user interface, and AI algorithms. This is done to enhance your experience and introduce new features that benefit users.
• User Support and Contact: Information like your contact details and support tickets are used to respond to your inquiries, provide customer support, and send you important notices or updates about the Service (for example, changes to features, security alerts, or policy updates).
• Legal Compliance and Security: We may use data as necessary to enforce our Terms of Use, to monitor for fraudulent or illegal activity (such as misuse of the platform), and to comply with applicable laws or regulations. For instance, we could use log data to investigate security issues or fulfill obligations if lawfully required by authorities.

We will not use personal data for any purposes other than those described above without obtaining your consent or unless required or permitted by law. We do not use your data for any form of marketing or advertising by third parties, nor do we engage in automated decision-making or profiling that has legal or similarly significant effects on individuals, apart from the automated communication features you intentionally use within Whisp.

Legal Basis for Processing

Whisp processes personal data under the following legal grounds (as appropriate under applicable data protection laws such as GDPR):
• Consent: In cases where you connect your Instagram/WhatsApp accounts or otherwise grant Whisp permission to access your data, you are consenting to our collection and use of that data as described in this Privacy Policy. For example, by authorizing Whisp to access your Instagram messages via the Graph API, you consent to that data being processed by us. You may withdraw your consent at any time by disconnecting your social accounts from Whisp or contacting us to delete your data (see Your Rights below), but note that this will prevent us from providing related services.
• Performance of a Contract: When you sign up for and use Whisp, you enter into an agreement (our Terms of Use) with us. We need to process certain personal data to fulfill our obligations under that contract – namely, to provide you with the Whisp services and features you expect. This includes processing messages and account information as necessary for the tool to function. Without this data processing, we would be unable to deliver the service you have requested.
• Legitimate Interests: We may process your data for purposes that are in our legitimate interests as a service provider, provided such processing is not overridden by your rights and interests. For example, it is in our legitimate interest to use certain data to improve our product’s functionality, to secure our platform, to prevent misuse, or to communicate service updates to users. When relying on this basis, we ensure that our legitimate interests are balanced with your privacy rights. You have the right to object to processing based on legitimate interests (see Your Rights).
• Legal Obligation: In some cases, we may need to process or retain certain personal information to comply with a legal obligation. For instance, we might keep records as required by accounting laws or respond to lawful requests by public authorities (such as complying with a court order or law enforcement inquiry).

We will clarify the applicable legal basis when required and will only rely on consent as a legal basis for processing where we have obtained your voluntary, specific and unambiguous permission. Where we rely on legitimate interests, we will only do so in ways that you would reasonably expect and that have minimal privacy impact.

How We Store and Protect Data

We take the security and careful handling of your data very seriously. We store personal data on secure servers and use industry-standard security practices to protect it from unauthorized access, alteration, disclosure, or destruction. Key measures we implement include:
• Encryption: Sensitive data (for example, authentication tokens or credentials to access your Instagram/WhatsApp accounts) is encrypted both in transit and at rest wherever feasible. We use HTTPS and other encryption protocols to protect data transmission between Whisp and your browser or device.
• Access Controls: Personal data is accessible only to authorized personnel who need it to operate or support the service. We restrict access to databases and logs, and our team members are trained on data privacy and security.
• Secure Infrastructure: We utilize reputable cloud service providers and data centers with strong security and compliance standards. Servers are kept up-to-date with security patches, and we employ firewalls and monitoring to guard against intrusion.
• Data Minimization: We only keep the personal data that is necessary for the purposes described. For example, if certain content or information is no longer required, we aim to either not collect it in the first place or delete/anonymize it.
• Periodic Reviews: We periodically review our data collection and storage practices to ensure they remain safe. In case of any security incident or data breach, we have procedures in place to contain and remediate the issue and will notify you and authorities as required by law.

If you integrate Whisp with Instagram, WhatsApp, or other third-party platforms, please note that those platforms handle data according to their own policies when data is in their systems. For instance, messages sent via Instagram are also subject to Instagram’s/Data Policy on Meta’s side. Whisp ensures that when data is under our control, it is protected as described above.

Data Retention: We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy. This generally means we keep your information as long as you maintain an account with Whisp or use our service. If you discontinue use or request deletion, we will remove or anonymize your personal data, barring any information we are required to keep for legal compliance or legitimate internal purposes. For example, we may retain minimal records of transactions or communications to demonstrate compliance or to resolve disputes. When data is no longer needed, we securely delete it.

Data Sharing and Disclosure

We value your privacy and handle your personal data with care. We do not sell, rent, or share your personal information with third parties for their own marketing or commercial purposes. In fact, Whisp does not disclose your data to any third parties except in the limited scenarios described below, all of which are aligned with providing you the service or complying with the law:
• Service Providers (Processors): We may use trusted third-party service providers to assist us in operating Whisp (for example, cloud hosting services, database management, or email service for support). These providers may process personal data on our behalf solely for the purposes of providing their services to us. We ensure any such providers are bound by strict confidentiality and data protection obligations, and they are not permitted to use your data for any purpose other than to support Whisp as instructed by us.
• Meta Platforms Integration: Since Whisp integrates with platforms like Instagram and WhatsApp via the Meta APIs, certain data inherently passes through or is stored on Meta’s systems. For example, when Whisp sends or retrieves a message for you, that message is processed by Meta’s Instagram Graph API or WhatsApp systems. This is not considered us “sharing” your data in the conventional sense (as it is part of using the service you requested), but we want to clarify this integration. We do not provide Meta with any additional personal data about you beyond what is required for the integration. Any data that Meta receives will be handled according to Meta’s own terms and policies. We encourage you to review Meta’s privacy policy for information on how Instagram or WhatsApp handle data on their side.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities. This might include responding to a court order, subpoena, or other legal process. We will only disclose the minimum necessary information and only when we have a good-faith belief that such disclosure is legally required or necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
• Business Transfers: If we ever plan to merge, sell, or transfer our business or assets (for example, during a reorganization or acquisition of Whisp by another company), your personal data might be part of that transaction. If such a change in ownership happens, we will ensure the new owners are bound to respect the terms of this Privacy Policy, and we will notify you of any significant changes to how your data is handled.
• With Your Consent: In any situation other than the above, if there is ever a need to share your information with a third party, we will only do so if you have given explicit consent for that sharing.

Importantly, aside from the necessary processing through Meta’s platforms and our service providers under contract, your data stays within Whisp. We do not share your clients’ message content or your analytics with any external marketing companies or unrelated parties. All data use stays aligned with the purposes explained to you.

Your Rights and Choices

Whisp is designed to give you control over your data. Under applicable data protection laws, and as a core part of our service values, you have the following rights regarding the personal data we hold about you:
• Right to Access: You have the right to request a copy of the personal data we hold about you. We will provide you with a summary of the information, along with an explanation of how it is used, upon verification of your identity (for security).
• Right to Rectification: If any personal data we have is inaccurate or incomplete, you have the right to request that we correct or update it. For instance, if you change your name or email, you can update your account settings or ask us to do so.
• Right to Deletion: You have the right to request the deletion of your personal data (“right to be forgotten”). If you no longer wish to use Whisp, you can contact us to delete your account and associated data from our systems. We will honor such requests, provided we do not have a legal obligation to retain certain information. Once deleted, your data (including messages, analytics, and account info) will be removed from our active databases. (Note: It may take a brief period to fully remove data from backups and caches, but we will ensure it’s erased in a reasonable timeframe.)
• Right to Object or Restrict Processing: You may object to our processing of your data or ask us to limit the use of your data if you believe it is being processed in a way that is not consistent with the purposes you consented to or our legitimate interests. For example, you can request that we stop using your data for improvement analytics if you have concerns. In certain cases, you can also disable specific features that involve data processing (such as turning off certain analytics collection, if options are provided in-app).
• Right to Data Portability: To the extent applicable, you have the right to obtain the personal data you provided to us in a structured, commonly used, machine-readable format, and to have that information transmitted to another service provider where technically feasible. This typically applies to data processed based on your consent or a contract, and that is processed by automated means.
• Right to Withdraw Consent: If we are processing any of your personal data based on your consent, you have the right to withdraw that consent at any time. For example, if you consented to connect Whisp to your Instagram account, you can later revoke that access by disconnecting the integration or contacting us. Withdrawal of consent will not affect the lawfulness of processing that occurred before you withdrew consent.
• Right to Lodge a Complaint: If you have concerns about our data practices, you have the right to lodge a complaint with a supervisory data protection authority in your jurisdiction. We encourage you to contact us first so we can address your concerns directly.

Exercising Your Rights: To exercise any of your rights above, please contact us using the contact information in the section below. We will respond to your request as soon as possible, and within any timeframe required by applicable law (generally within 30 days for most requests under GDPR, for example). We may need to verify your identity before fulfilling certain requests to ensure we do not disclose or delete data to the wrong person.

Please note that some rights may not apply in all circumstances. For instance, certain data might be exempt from deletion requests if it is required for us to comply with legal obligations or defend legal claims. If we cannot fulfill a request in part or in full, we will explain the reason to you.

Cookies and Tracking Technologies

(Note: If Whisp’s website or app uses cookies or similar technologies, that should be disclosed. If not applicable, this section can be very brief or omitted.)

Whisp’s website may use cookies or similar tracking technologies to enhance user experience and ensure proper functionality. Cookies are small text files placed on your device that help us remember your preferences, login session, or collect aggregate analytics about site usage. For example, we might use cookies to keep you logged in as you navigate through the dashboard, or to understand which features are most frequently used so we can improve them.
• You have choices regarding cookies. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies or alert you when cookies are being sent. However, please note that some parts of our site or service might not function properly if you disable cookies entirely (for example, you may not be able to log in or use certain features).
• We do not use cookies for advertising or to share data with third-party ad networks. Any analytics cookies are used for our internal product improvement only. Where required by law, we will obtain your consent for any non-essential cookies.

For more detailed information on the cookies we use (if applicable) and your choices, please refer to our Cookie Policy or relevant help section in the application.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will notify you by updating the “Last Updated” date at the top of this policy. In the case of significant changes that affect your rights or how we use personal data, we will provide a more prominent notice (such as by email or an in-app notification) to inform you. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting the personal information we collect.

Your continued use of Whisp after any modifications to this Privacy Policy will signify your acceptance of the changes. If you do not agree with any update, you should stop using the service and can request that your data be deleted.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please do not hesitate to contact us. We are here to help and address any issues you may have.

Contact Us at:
Sole Proprietor Asadli E.V. (Whisp)
Karaganda, Kazakhstan
Email: diana09kz@icloud.com
Phone: +7778 267 33 60

We will respond to inquiries as promptly as possible. For security and privacy reasons, we may need to verify your identity before discussing or disclosing personal data.

Thank you for trusting Whisp with your business communications. We are dedicated to protecting your privacy and ensuring your data is handled safely and responsibly.

⸻