LEGAL
Privacy Policy
WhispR Ltd · Last updated: June 2026 · UK GDPR compliant
1. Who We Are
WhispR Ltd ("we", "us", "our") is the data controller for personal data collected through whispraudio.com. Contact us at legal@whispraudio.com for any privacy-related queries.
2. Data We Collect
Account data: Email address, username, display name, bio, and profile photo — provided by you on registration or profile edit.
Usage data: Tracks played, likes, listening history, search queries, and session timestamps — collected automatically to power recommendations and history features.
Payment data: Subscription status and billing period — we do not store card numbers. Payment processing is handled by our payment processor; their privacy policy applies to card data.
Technical data: IP address, browser type, device type, and referral URL — collected via server logs and analytics.
Communications: Any messages you send to legal@whispraudio.com or our support team.
3. Legal Basis for Processing
Contract performance: We process your account and payment data to deliver the WhispR service you signed up for (UK GDPR Art. 6(1)(b)).
Legitimate interests: We process usage data to improve the platform, detect abuse, and secure our systems (Art. 6(1)(f)).
Legal obligation: We retain certain records to comply with UK tax and regulatory requirements (Art. 6(1)(c)).
Consent: Non-essential cookies and marketing communications are processed only with your explicit consent (Art. 6(1)(a)), which you may withdraw at any time.
4. How We Use Your Data
- To create and manage your account.
- To stream audio content and personalise your experience.
- To process subscription payments and manage billing.
- To detect and prevent fraud, abuse, and policy violations.
- To send transactional emails (account confirmations, payment receipts).
- To comply with legal obligations including age verification requirements under the Online Safety Act 2023.
5. Data Sharing
We do not sell your personal data. We share data only with:
- Supabase Inc. — database and authentication infrastructure (data processed in EU under Standard Contractual Clauses).
- Payment processor — billing data only, subject to their privacy policy.
- Law enforcement — if required by a valid legal order.
6. Retention
We retain account data for as long as your account is active plus 6 years for tax and legal compliance. Listening history is retained for 24 months. You may request earlier deletion (see rights below).
7. Your UK GDPR Rights
You have the right to: access your data · rectify inaccuracies · erase your data (right to be forgotten) · restrict processing · port your data to another service · object to processing based on legitimate interests.
To exercise any right, email legal@whispraudio.com. We will respond within one calendar month. You also have the right to lodge a complaint with the ICO (Information Commissioner's Office).
8. Cookies
See our Cookie Policy for full details on how we use cookies and how to manage your preferences.
9. Security
We implement industry-standard security measures including encrypted data transmission (TLS), row-level access controls on our database, and regular security reviews. No system is 100% secure; please use a strong unique password.
10. Changes to This Policy
We will notify you by email or in-app notice if we make material changes. The "last updated" date at the top of this page reflects the most recent revision.