WhisplyWhisplyHome

Privacy Policy

Effective: May 23, 2026

1. What this policy covers

This policy explains what personal data Whisply collects, why, how it is processed, and the rights you have over it. It applies to the macOS app and whisply.net website.

2. What we collect

  • Account data. Email address, display name, and authentication provider when you sign in. Stored in our hosted database.
  • Subscription data. If you subscribe, Stripe collects payment method and billing metadata directly. We receive subscription status, plan, and a Stripe customer ID — never raw card details.
  • Telemetry. Anonymous crash diagnostics, app version, macOS version, and a stable per-install identifier so we can fix bugs and measure feature reliability. No window contents, no clipboard, no screenshots leave your Mac.
  • API keys (BYOK). Bring-your-own-key API keys you configure (OpenAI, Anthropic, Google, etc.) are stored in the macOS Keychain on your device and never transmitted to our servers.
  • Web traffic. Standard request logs (IP address, user agent, path, status) kept for 30 days for abuse prevention and debugging.

3. Telemetry opt-out

You can disable telemetry from the macOS app at any time by setting the DGTelemetryDisabled environment variable to 1 before launching Whisply. With this set, the app does not emit any crash or version-check beacons.

4. How we use it

  • Authenticating you and managing your account.
  • Processing subscriptions and refunds.
  • Fixing bugs and improving reliability based on telemetry.
  • Sending transactional and product emails (you can opt out of product emails).
  • Detecting and preventing fraud or abuse.

5. Data processors we share with

  • Lovable Cloud (Postgres + Storage). Hosts our application database and asset storage. Hosted in US data centres.
  • Stripe. Processes payments. Stripe's privacy policy applies to data you provide them at checkout.
  • Cloudflare. Serves the website and acts as a CDN; sees standard request metadata.
  • Resend. Delivers transactional email when you sign up, recover an account, or receive a receipt.
  • Upstream model providers. When you use BYOK, the chat content you send and the response you receive are exchanged directly with whichever provider's key you configured. We are not a man-in-the-middle for those requests.

6. International transfers

Data is processed in the United States. If you are in the UK, EEA, or Switzerland, transfers are made under standard contractual clauses or the UK addendum where required.

7. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Receive a portable copy of your data.
  • Object to processing or restrict it.
  • Withdraw consent for any optional processing.

To exercise any of these, email whisply@pm.me. We respond within 30 days. EU/UK users have the right to lodge a complaint with their local data-protection authority.

8. Retention

  • Account data: retained while your account is active and for up to 30 days after deletion to allow restoration.
  • Subscription / billing data: retained as required by tax and accounting law (typically 7 years).
  • Web request logs: 30 days.
  • Crash telemetry: 90 days.

9. Cookies

We use a small number of strictly-necessary cookies to keep you signed in and remember your preferences. We do not use third-party advertising or cross-site tracking cookies.

10. Children

Whisply is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Changes

We will post any changes to this policy on this page and update the effective date. Material changes will be communicated by email or in-app at least fourteen days before taking effect.

12. Contact

Privacy questions? Email whisply@pm.me.