WhisperTalkWhisperTalk

Privacy Policy

Last updated: December 6, 2025

1. Introduction

WhisperTalk ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our end-to-end encrypted messaging service.

By using WhisperTalk, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies, please do not use our service.

2. End-to-End Encryption

WhisperTalk uses end-to-end encryption (E2EE) for all messages. This means:

  • Your messages are encrypted on your device before being sent
  • Only you and your intended recipients can read your messages
  • We cannot read the content of your messages
  • Your private encryption key never leaves your device in unencrypted form
  • Even if our servers were compromised, your message content would remain unreadable

3. Information We Collect

3.1 Information You Provide

  • Account Information: Username (required), email address (optional), phone number (optional), and display name (optional)
  • Profile Information: Profile picture and bio/README that you choose to add
  • Encrypted Messages: We store encrypted message data that we cannot decrypt
  • Files: Encrypted files you share through the service

3.2 Information Collected Automatically

  • Usage Data: When you access the service, last active timestamps
  • Device Information: Browser type, operating system (for functionality purposes only)
  • Log Data: IP addresses, access times, and error logs (retained for limited periods for security and debugging)

3.3 Information We Do NOT Collect

  • Decrypted message content (we cannot access this)
  • Your private encryption keys in unencrypted form
  • Contact lists from your device
  • Location data
  • Advertising identifiers

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our service
  • Create and manage your account
  • Deliver messages between users (in encrypted form)
  • Process referral codes and invitations
  • Respond to your requests, comments, or questions
  • Monitor and analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues or abuse
  • Comply with legal obligations

5. Data Retention

  • Account Data: Retained until you delete your account
  • Encrypted Messages: Retained until deleted by users or through self-destruct features
  • Self-Destructing Messages: Automatically deleted after the specified time period
  • Log Data: Retained for up to 90 days for security purposes
  • Deleted Accounts: Data is permanently deleted within 30 days of account deletion request

6. Data Sharing and Disclosure

We do not sell your personal information. We may share information only in the following circumstances:

  • With Your Consent: When you explicitly agree to sharing
  • Service Providers: With third-party services that help us operate (e.g., hosting, analytics), bound by confidentiality agreements
  • Legal Requirements: When required by law, court order, or governmental authority
  • Safety: To protect the rights, property, or safety of WhisperTalk, our users, or others
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)

Important: Even when legally compelled, we can only provide encrypted message data, which we cannot decrypt.

7. Data Security

We implement appropriate security measures including:

  • End-to-end encryption using industry-standard algorithms (ECDH P-256, AES-GCM)
  • Secure password hashing (bcrypt)
  • HTTPS encryption for all data in transit
  • Regular security assessments
  • Access controls and authentication

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Rights and Choices

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct your account information
  • Deletion: Delete your account and associated data
  • Data Portability: Request your data in a portable format
  • Withdraw Consent: Where processing is based on consent
  • Object: Object to certain types of processing

To exercise these rights, please use the account settings or contact us directly.

9. Children's Privacy

WhisperTalk is not intended for users under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

11. Third-Party Services

Our service may use the following third-party services:

  • Pusher: For real-time message delivery (receives only encrypted data)
  • Vercel: For hosting and file storage

These services have their own privacy policies, and we encourage you to review them.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice (such as a prominent notice in the app).

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: privacy@whispertalk.app

← Back to Home