Your data, kept quiet.
This policy explains how KwypeSoft (“we”, “us”) handles personal data when you use the Whispia mobile app and related services. We aim to collect as little as possible, keep it where it belongs, and let you take it back any time. Whispia is operated under the laws of France and complies with the EU General Data Protection Regulation (GDPR).
Who we are
The data controller for Whispia is KwypeSoft, a company registered in France. You can reach us, including our Data Protection Officer, at contact@whispia.app. For convenience, all privacy, security, and DPO requests can be sent to that single address — they are routed internally to the right team.
What we collect
We collect only what we need to run the service. Concretely:
| Category | Examples | Where it comes from |
|---|---|---|
| Account | Email, display name, language, hashed credentials or third-party auth identifier | You, or Apple / Google sign-in |
| Subscription & billing | Plan, renewal status, token balance, in-app receipt IDs | Apple, Google, RevenueCat |
| Listening activity | Stories played, soundscapes saved, sleep-timer use, completion ratios | The app, on your behalf |
| Generation prompts | Mood inputs, voice / length choices, the text of stories you generate, Learn-mode topics, and any name or age you choose to include | You, when you create a story |
| Mood entries | Self-reported mood, optional notes, time of entry | You |
| Family profiles | Child profile name (or nickname), age band (0–3, 3–10), parental-consent record | You, as the parent / legal guardian |
| Voice samples | Audio recording uploaded to create a voice Clone (10-second sample); discarded by us after upload to the synthesis provider | You, when you create a Clone via Voice Cloning |
| Provider API keys (BYOK) | Encrypted developer API keys you supply for third-party LLM and TTS providers (e.g. OpenAI, Azure, ElevenLabs, Fish Audio); never displayed back in clear, never logged, never sold | You, when you enable Bring Your Own Keys |
| Device & diagnostics | OS version, app version, device model, crash reports, anonymous performance metrics | The app |
We do not collect precise location, contacts, photos, raw microphone audio, or browsing history outside the app. We do not run third-party advertising SDKs.
Microphone access is used only for voice-to-text input on the story-prompt screen. Audio is processed on-device by your operating system's speech recogniser; only the resulting transcript is sent to our AI providers as part of the prompt. Raw audio is never uploaded or retained by us. You can revoke microphone permission at any time from your device settings without losing access to the rest of the app.
Voice samples. When you create a Clone, you upload an audio recording of a voice. This recording is uploaded to our voice-synthesis provider for the sole purpose of training the Clone, and is then discarded by us. We do not retain the recording in our systems by default. The synthesis provider's retention policy applies to the audio they hold for training and synthesis purposes.
Provider API keys (BYOK). If you enable Bring Your Own Keys, the developer API keys you paste are encrypted at rest in your account, used solely to authenticate outbound requests to the corresponding third-party provider on your behalf, and never displayed back to you in clear, exported, logged in plain text, or sold. You can rotate or remove a key at any time from the in-app settings; closure of your Whispia account wipes any stored keys from our systems. Whispia does not revoke the key on the provider side — that remains your responsibility. See Terms §19 for the full BYOK terms.
How we use it
- To create and authenticate your account and let it sync across devices.
- To deliver Originals, generate AI stories, and play soundscapes you choose.
- To process subscriptions, token purchases, and renewals.
- To diagnose crashes, measure aggregate stability, and improve the product.
- To send essential service messages (e.g. receipts, security notices). We do not send marketing email unless you opt in.
- To detect and prevent fraud, abuse, or unsafe content.
Legal bases under GDPR
Each processing activity has a lawful basis under Articles 6 and (where relevant) 9 of the GDPR:
- Performance of a contract — running your account, delivering content you requested, processing subscriptions.
- Legitimate interest — security, fraud prevention, basic product analytics on aggregated data. You may object at any time.
- Consent — optional analytics cookies on the website, marketing email opt-in, mood-history retention beyond the default window, and parental consent for child profiles. You can withdraw consent at any time.
- Legal obligation — keeping invoices, responding to lawful requests from authorities.
AI generation and your prompts
When you generate a story, your prompt (mood, theme, length, voice choice, and any free-text input) is sent to one of our AI providers — currently, for text, mainly OpenAI and Perplexity; and, for voice synthesis, OpenAI, Azure Speech, Google Gemini, Fish Audio, or ElevenLabs. We require these providers to:
- Process your prompt only to fulfil the request.
- Not use your prompt to train their models, where the provider offers that option, which we enable by default for paid API tiers.
- Delete prompts on a short retention schedule on their side (typically 30 days or less).
Learn mode. When you create a Learn story, the topic you type is sent to our AI providers to research, write, and fact-check it. Alongside the text and voice providers above, we use Perplexity AI to research the subject against real online sources and to help fact-check the finished story. If you choose to include a person's name — or a child's first name and age — in your request so the story can be made about them, that text is part of the prompt and is processed by these providers too. Including a name or an age is entirely optional and at your discretion; Learn mode works without it. Learn-mode prompts follow the same retention as other generation prompts (see Retention).
If you use Bring Your Own Keys (BYOK), the same prompt is instead sent to the provider you configured, authenticated with your developer API key. In that case, you have a direct contractual relationship with that provider for those requests, and the provider's own privacy policy, retention schedule and training-opt-out controls apply (which may differ from what we negotiate on the standard pipeline). Whispia acts only as a technical relay and does not store the prompt body server-side beyond what is required to dispatch the request, surface the result in your library, and run the safety pipeline described in Terms §19.
About AI outputAI-generated stories are produced on demand and may occasionally be unexpected, repetitive, lower quality than usual, or contain content that does not match your intent — even with the safety pipeline in place. By using the generation feature you accept this inherent variability. See the Terms for the full disclaimer.
Children and family profiles
Whispia accounts are reserved for adults (16+ in the EU, 13+ in jurisdictions where local law sets a lower threshold). Children listen via a family profile created and managed by a parent or legal guardian. To create a child profile we ask the parent to confirm their age, agree to the parental-consent statement, and pick an age band (0–3 or 3–10).
For child profiles we collect only the profile name (which may be a nickname), the age band, and listening activity. We do not ask for a child's email, location, or contact details. Parents can review, export or delete a child profile at any time from the family settings screen, or by writing to contact@whispia.app.
Sub-processors and sharing
We share the minimum data each provider needs to do its job. We do not sell personal data, ever.
| Provider | Purpose | Data shared |
|---|---|---|
| OpenAI | Story text generation | Prompt, language, length |
| Perplexity AI | Story text generation, and Learn-mode fact research and fact-checking | The prompt or Learn topic and language, plus any optional name / age you include |
| OpenAI / Azure Speech / Google Gemini / ElevenLabs (or equivalent) | Voice synthesis | Generated text, voice ID |
| Fish Audio (https://fish.audio) | Voice synthesis and voice cloning | Text we send for narration, voice samples you upload for cloning, the resulting audio. Their privacy policy: https://fish.audio/privacy. |
| Apple / Google | Sign-in, in-app purchases, app distribution | Auth identifier, IAP receipt IDs |
| RevenueCat | Subscription & entitlement management | App user ID, plan, receipt IDs |
| Microsoft Azure (Application Insights) | Crash reporting, performance and stability telemetry | App / OS version, anonymised event metadata, stack traces |
| Datadog | Server-side observability and error tracking | Server logs, request metadata, error context (no story content) |
| Umami (self-hosted on the KwypeSoft NAS, France) | First-party marketing-site analytics (page-view counts, referrers, country, device class) | URL path, referrer URL, screen size, browser language. No cookies. No cross-site profiling. The IP address is used in-memory for the country lookup and discarded; only an opaque daily-rotating hash is stored to count a visitor without identifying them. Data never leaves the KwypeSoft NAS. |
Each sub-processor is bound by a written data-processing agreement consistent with Article 28 GDPR. The current list is maintained and may be updated; material changes are announced at least 14 days before they take effect.
BYOK requests. When you use Bring Your Own Keys, requests for the corresponding capability are authenticated with your own developer key and routed to the provider directly through your account. For those specific requests, the provider acts as your processor under your direct agreement with them, not as our sub-processor. Whispia's sub-processor list above continues to apply to all other requests and to the Whispia-side overhead (orchestration, moderation, audit logging) that wraps a BYOK call. See Terms §19 for the full allocation of responsibilities.
International transfers
Some of our sub-processors are based in the United States. Where personal data leaves the European Economic Area we rely on the European Commission's Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework. Supplementary measures (encryption in transit, minimisation, short retention) are applied to reduce risk.
How long we keep things
- Account & subscription — for as long as your account exists, then deleted within 30 days of closure (longer where law requires, e.g. invoices kept for 10 years in France).
- Generation prompts — stored alongside the generated audio; they stay in your library for as long as your account is active and follow the same deletion lifecycle as the story they belong to.
- Generated stories and audio — kept in your library for as long as your account is active. When you delete a story, or when you close your account (which deletes all your stories at once), the data is removed within 30 days. Free-tier accounts are subject to a storage cap; when the cap is reached, the oldest items are automatically removed to make room for new generations.
- Mood entries — kept by default for 12 months; you may extend, shorten, or wipe them at any time.
- Provider API keys (BYOK) — kept (encrypted) for as long as you keep them configured; deleted from our systems immediately when you remove the key in-app and within 30 days of account closure. Provider-side revocation remains your responsibility.
- Diagnostic logs — 90 days, aggregated thereafter.
Your rights under GDPR
You have the right to access, correct, delete, restrict, or object to the processing of your data, and to data portability. You can exercise most of these directly from the app's Privacy & data screen, or by writing to contact@whispia.app. We respond within 30 days.
If you believe we have mishandled your data, you may lodge a complaint with the French data-protection authority, the CNIL, or with the supervisory authority in your country of residence.
Security
We use industry-standard practices: encryption in transit (TLS 1.2+), encryption at rest for sensitive fields, access controls, regular dependency updates, and isolated environments. No system is perfectly secure. If we ever suffer a breach affecting your data we will notify you and the CNIL within 72 hours of becoming aware, as required by Article 33 GDPR.
Changes to this policy
We may update this policy as the product, the law, or our sub-processors change. We will post the new version on this page with a revised effective date. For material changes, we will notify you in-app or by email at least 14 days before they take effect, so that you can review and, if you wish, close your account before the change applies to you.
Contact and DPO
Privacy questions, rights requests, and DPO contact: contact@whispia.app. Postal correspondence: KwypeSoft — Whispia Privacy, France. We will route your message internally to the right team.