Privacy Policy

Privacy Policy

Human Meetings Ltd
(UK Company No. 14844481, ICO Registration ZB715946)

Contact: hello@whispers.tech

Last updated: 22nd April 2026

What data we collect and why

Whispers collects data needed to provide our services. This data falls into four categories:

Service delivery:

Account details (name, email), audio data captured during sessions, transcripts generated from that audio, AI-generated session analyses, and usage data needed to operate the product.

Account management:

Login credentials (managed by Supabase Auth — Whispers does not store passwords), purchase history, and billing details (processed by Stripe — card data never touches Whispers servers).

Marketing:

Name, email, and communication preferences, used only where you have given explicit consent.

Support:

Correspondence records used to resolve queries and complaints.

Meeting audio and transcripts may incidentally capture sensitive personal data (for example, opinions expressed by participants). This data is processed solely to generate the session analysis and is not used for any other purpose.

Where your data comes from

Directly from you

When you create an account, configure settings, or record a session.

From meeting audio

Captured when you use Whispers to analyse a session. This may include the voices and contributions of other meeting participants.

Your rights

Under UK and EU GDPR, you have the right to:

- Access — request a copy of your personal data

- Rectification — request correction of inaccurate data

- Erasure — request deletion of your data (see Retention section below)

- Restriction — limit how your data is processed

- Objection — object to processing based on legitimate interests

- Portability — receive your data in a portable format (Markdown and CSV export available directly in the app)

- Withdraw consent — at any time, where processing is consent-based

Requests should be sent to hello@whispers.tech. We will respond within one month.

Legal bases for processing

Contract performance.
Core service delivery — storing your sessions, generating analyses, sending result emails — is processed on the basis of performing the contract you have with us.
Legitimate interests.
We may use aggregated, anonymised patterns derived from session data — such as meeting type distributions, dimension score patterns, and topic categories — to improve the Whispers service and the quality of our analyses. This does not involve raw transcript content or any data that could identify you or your meeting participants.
Consent.
Marketing communications and any optional data processing features are consent-based. You can withdraw consent at any time.
Legitimate interests (complaints).
We retain correspondence related to support queries and complaints for as long as necessary to resolve them.

Consent for recording

Your responsibility.
Before recording any session, you must ensure that all participants are aware the meeting is being recorded. By using Whispers to record a session, you confirm that appropriate consent has been obtained from all participants.
Rationale.
The analysis Whispers produces extends existing meeting practices — summarising discussion, capturing decisions, identifying follow-ups — as a human staff member would. Participants who know their contributions may be summarised and interpreted should understand that Whispers automates this process.
Age requirement.
Whispers is not designed for use with participants under the age of 18. By recording a session, you confirm that all participants are adults.

Data retention

We retain personal information to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention schedule depends on the specific type of data:

Audio data.
Audio is never stored in Whispers' database. When a session ends, audio is transmitted to AssemblyAI for transcription and is deleted from AssemblyAI's servers immediately once the transcript is extracted — typically within a few minutes of session end. No audio is retained anywhere after this point.
Transcripts.
The text transcript of your session is stored in your Whispers account and accessible to you. You can delete any transcript at any time via the session detail screen. When you delete a session, the transcript is permanently and immediately removed.
Meeting analyses.
AI-generated analyses are stored in your account to allow you to review sessions and track patterns over time. You can delete any session — and its associated analysis — at any time. Deletion is immediate and permanent with no recovery mechanism.
Account closure.
All personal data is deleted upon account closure. Anonymised, de-identified data (from which no individual can be identified) may be retained for service improvement purposes.

Data processors

The only place your session content — transcripts and analyses — is persistently stored is in the EU (Supabase).

Every other processor in our pipeline either performs transient processing with zero data retention (AssemblyAI, Anthropic, OpenAI, Railway), auto-deletes within 45 days (Postmark), or never receives your session content at all (Stripe).

All processors are engaged under data processing agreements. International transfers to processors outside the UK/EU are covered by Standard Contractual Clauses or equivalent adequacy mechanisms recognised under UK and EU GDPR.

Supabase Inc. (https://supabase.com)
Function: Database and authentication
Location: EU (database hosted in EU region)
Safeguards: AES-256 encryption at rest; TLS in transit; row-level security ensuring users can only access their own data; SOC 2 Type II certified management of user accounts.
Railway Corp. (https://railway.app)
Function: Backend application hosting
Location: EU
Safeguards: TLS enforced on all connections; no persistent storage of audio or personal data
AssemblyAI, Inc. (https://assemblyai.com)
Function: Speech-to-text transcription
Location: USA
Safeguards: TLS in transit; SOC 2 Type I and II certified; audio deleted from AssemblyAI servers immediately upon transcription completion; audio not used for model training
Anthropic PBC (https://anthropic.com)
Function: AI analysis of meeting transcripts (primary LLM provider)
Location: USA
Safeguards: TLS in transit; SOC 2 Type I and II certified; zero data retention — transcript content is not retained beyond the duration of the API call; content not used for model training under Anthropic's API terms
OpenAI, LLC (https://openai.com)
Function: AI analysis of meeting transcripts (fallback LLM provider)
Location: USA
Safeguards: TLS in transit; SOC 2 Type II certified; zero data retention under OpenAI's API terms; content not used for model training
Postmark (https://postmarkapp.com)
Function: Transactional email delivery
Location: USA
Safeguards: TLS in transit; email content and metadata retained for up to 45 days before deletion
Stripe, Inc. (https://stripe.com)
Function: Payment processing
Location: USA
Safeguards: PCI DSS Level 1 certified; card data is processed directly by Stripe and never transmitted to or stored by Whispers

Complaints

If you have a concern about how we handle your data, please contact us at hello@whispers.tech. If we are unable to resolve your complaint, you may escalate to the UK Information Commissioner's Office (ico.org.uk) or, if you are in the EU, your local supervisory authority.

Company Info

Whispers®

Human Meetings Ltd, 71-75 Shelton Street, London WC2H 9JQ

Human Meetings Ltd,
71-75 Shelton Street,
London WC2H 9JQ

UK Company No: 14844481 | ICO Registered

UK Company No: 14844481
ICO Registered

Quick Links