Privacy Policy

Whisperit SA
Route des Flumeaux 46
1008 Prilly, Switzerland

1. Introduction

1.1 Purpose of the Policy

At WhisperIt, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy is designed to inform you about our practices regarding the collection, use, and safeguarding of your personal information when you use our transcription and AI-powered content generation services. We are committed to complying with all applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Swiss Federal Data Protection Act.

1.2 Scope of Application

This policy applies to all users of WhisperIt's services, including our website, mobile applications, and any other platforms or services we offer. It covers all personal data processed by WhisperIt, whether provided by you directly or collected through your use of our services. Users will be notified of updates to this policy via email or through a notification on our platform.

2. Data Collection

2.1 Types of Personal Data Collected

We adhere to a strict data minimization approach, collecting only the essential information required to provide our services. The types of personal data we may collect include:

  • Account information (e.g., name, email address)
  • Audio and video files uploaded for transcription
  • Transcribed text and generated content
  • Usage data (e.g., features used, time spent on the platform)

2.2 Methods of Data Collection

We collect personal data through the following methods:

  • Direct provision by you when creating an account or using our services
  • Automatic collection through your interaction with our platform
  • Cookies and similar technologies (as detailed in Section 7)

2.3 Legal Basis for Data Collection

We process your personal data based on one or more of the following legal grounds:

  • Your consent
  • Necessity for the performance of a contract with you
  • Compliance with legal obligations
  • Our legitimate interests, where not overridden by your rights and freedoms

If we process special categories of personal data (such as health information), additional safeguards will be applied to ensure its protection.

3. Data Usage

3.1 Purposes of Data Processing

We use your personal data solely for the following purposes:

  • Providing and improving our transcription and content generation services
  • Managing your account and ensuring the security of our platform
  • Responding to your inquiries and providing customer support
  • Complying with legal obligations and enforcing our terms of service

We may use anonymized and aggregated data for research purposes and service improvement without compromising individual privacy.

3.2 Limitation of Use

We are committed to using your data only for the purposes specified above. We do not sell, rent, or share your personal information with third parties for their marketing purposes. Your data is processed only to the extent necessary to fulfill the stated purposes.

4. Data Storage and Security

4.1 Data Storage Location

All data, including personal information and uploaded content, is stored on secure servers located in Switzerland. This ensures compliance with strict Swiss data protection laws and regulations. Our data centers are certified to ISO/IEC 27001 standards, ensuring the highest level of security.

4.2 Security Measures Implemented

We employ robust security measures to protect your data, including:

  • End-to-end encryption for all data in transit and at rest
  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms
  • Firewalls and intrusion detection systems
  • Regular backups and disaster recovery procedures

4.2.1 Encryption Methods

We employ state-of-the-art encryption methods to protect your data:

  • Data in transit: All data transmitted between your device and our servers is protected using TLS 1.3 encryption.
  • Data at rest: We use AES-256 encryption to protect all data stored on our servers.
  • End-to-end encryption: For highly sensitive communications, we offer end-to-end encryption using the Signal Protocol, ensuring that only the intended recipients can access the content.

4.3 Data Retention Period

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy. Specific retention periods include:

  • Account information: Retained until account deletion
  • Uploaded files: Deleted within 30 days after processing
  • Generated content: Retained as long as your account is active
  • Usage data: Anonymized after 12 months

4.4 Employee Training and Awareness

We recognize that our employees play a crucial role in maintaining data security. Therefore:

  • All employees undergo mandatory data protection and privacy training upon joining the company and annually thereafter.
  • We conduct regular workshops and updates on the latest privacy regulations and best practices.
  • Employees with access to sensitive data receive specialized training and are bound by strict confidentiality agreements.
  • We foster a culture of privacy awareness, encouraging employees to report any potential data risks or breaches immediately.

5. Data Sharing and Transfer

5.1 Third-party Service Providers

We may engage trusted third-party service providers to assist in operating our platform. These providers are bound by strict confidentiality agreements and are only permitted to process data as instructed by WhisperIt. Such providers may include cloud storage providers, payment processors, and analytics services.

5.2 International Data Transfers

WhisperIt primarily processes and stores data within Switzerland. In the rare event that data needs to be transferred outside of Switzerland, we ensure that appropriate safeguards are in place to protect your information, such as Standard Contractual Clauses approved by the European Commission.

5.3 Legal Requirements for Disclosure

We may disclose your personal data if required by law, regulation, or legal process. In such cases, we will notify you unless prohibited by law.

5.4 Handling Law Enforcement Requests

We have strict protocols in place for managing requests from law enforcement:

  • All requests must be submitted in writing and must comply with Swiss law.
  • We thoroughly review each request to verify its legitimacy and scope.
  • We only disclose the minimum amount of information required to comply with the request.
  • Unless prohibited by law, we inform affected users if their data is requested by law enforcement.
  • We publish an annual transparency report detailing the types and numbers of law enforcement requests received.

6. User Rights

6.1 Right to Access Personal Data

You have the right to request access to the personal data we hold about you. We will provide this information within 30 days of your request.

6.2 Right to Rectification

If you believe any of your personal data is inaccurate or incomplete, you have the right to request its correction or completion.

6.3 Right to Erasure

You can request the deletion of your personal data in certain circumstances, such as when it's no longer necessary for the purposes for which it was collected.

6.4 Right to Restrict Processing

You have the right to request the restriction of processing of your personal data in specific situations, such as when you contest the accuracy of the data.

6.5 Right to Data Portability

You can request to receive your personal data in a structured, commonly used, and machine-readable format, or have it transmitted directly to another controller where technically feasible.

6.6 Right to Object

You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.

To exercise any of these rights, please contact our Data Protection Officer using the information provided in Section 8. You may also withdraw your consent at any time by contacting our Data Protection Officer.

7. Cookies and Tracking Technologies

7.1 Types of Cookies Used

We use the following types of cookies:

  • Essential cookies: Necessary for the functioning of our website.
  • Performance cookies: Help us understand how visitors interact with our site.
  • Functionality cookies: Remember your preferences and settings.

7.2 Purpose of Cookies

Our cookies are used to:

  • Improve site navigation and user experience.
  • Analyze site usage and performance.
  • Remember your login status and preferences.

7.3 Cookie Management Options

You can manage cookie preferences through your browser settings. However, disabling certain cookies may impact the functionality of our service. WhisperIt does not respond to Do Not Track (DNT) signals.

8. Data Protection Officer

8.1 Contact Information

Our Data Protection Officer can be reached at:

Email: info@whisperit.ch
Address: Whisperit SA, Route des Flumeaux 46, 1008 Prilly, Switzerland

8.2 Role and Responsibilities

The Data Protection Officer oversees our data protection strategy and implementation to ensure compliance with relevant laws and regulations.

9. Data Breach Notification

9.1 Internal Procedures

We have strict internal procedures in place for promptly notifying affected users in the event of a data breach.

9.2 External Notification

In the event of a data breach, we will notify the relevant data protection authorities and affected users as required by law.

10. International Transfers

10.1 Standard Contractual Clauses

WhisperIt primarily processes and stores data within Switzerland. In the rare event that data needs to be transferred outside of Switzerland, we ensure that appropriate safeguards are in place to protect your information, such as Standard Contractual Clauses approved by the European Commission.

10.2 Adequacy Decisions

We only transfer data to countries that have been deemed adequate by the European Commission.

11. Third-party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these websites. We encourage you to read the privacy policies of these third-party websites before providing them with your personal information.

12. Children's Privacy

WhisperIt's services are not intended for children under the age of 13. We do not knowingly collect personal information from children under the age of 13. If you are a parent or guardian and you believe that your child has provided us with personal information, please contact us immediately.

13. Data Security

We employ robust security measures to protect your data, including:

  • End-to-end encryption for all data in transit and at rest
  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms
  • Firewalls and intrusion detection systems
  • Regular backups and disaster recovery procedures

We recognize that no security system is completely foolproof. We cannot guarantee the absolute security of your data. However, we strive to implement the best possible security measures to protect your information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes to this policy by email or through a notification on our platform.

15. Contact Information

If you have any questions about these policies, please contact us at:

Whisperit SA,
Route des Flumeaux 46
1008 Prilly, Switzerland

Email: info@whisperit.ch

By using our service, you acknowledge that you have read and understood these Terms and agree to be bound by them.

Last updated: 18 October 2024