Privacy Policy

This privacy policy informs you how your personal information may be used in connection with the Whispers product. The Whispers product is created and managed by the company Human Meetings Ltd, which is a registered company in the UK, with company number 14844481. We are registered with the UK Information Commissioners Office, with register number ZB715946.

 

If you have any queries in relation to this Privacy Policy or how we use your personal information, please feel free to contact us at: hello@whispers.tech

 

We may update this Privacy Policy from time to time. It was last updated on 11th September 2024.

What information we collect, use, and why

We may collect or use the following information to provide and improve products and services for clients:
• Names and contact details
• Transaction data (including details about payments to and from you and details of products and services you have purchased)
• Usage data (including information about how you interact with and use our website, products and services)
• Information relating to compliments or complaints
• Audio recordings (eg calls)
• Records of meetings and decisions
• Transcripts of meetings
• Political opinions
• Religious or philosophical beliefs

 

We may collect or use the following personal information for the operation of client or customer accounts:
• Names and contact details
• Purchase or service history
• Account information, including registration details
• Information used for security purposes
• Marketing preferences

 

We may collect or use the following personal information for information updates or marketing purposes:
• Names and contact details
• Profile information
• Marketing preferences
• Purchase or account history
• Website and app user journey information

 

We may collect or use the following personal information for dealing with queries, complaints or claims:
• Names and contact details
• Payment details
• Account information
• Correspondence

Where we get personal information from

The data that is used by Whispers comes from two sources:

  1. Directly, inputted by you, when you sign-up for a user account, and manage that account.
  2. Indirectly, gathered as audio data when you turn Whispers on.
    The nature of the Whispers product means that audio data will contain personal information not only of the user but also of other participants in the discussion or meeting in which Whispers is used.

Lawful bases and data protection rights

Your rights to your data

Generally you have the right to:

  • Access. You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.
  • Rectification. You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.
  • Erasure.  You have the right to ask us to delete your personal information. You can read more about this right here.
  • Restriction of processing.  You have the right to ask us to limit how we can use your personal information. You can read more about this right here.
  • Objection to processing.  You have the right to object to the processing of your personal data. You can read more about this right here.
  • Data portability.  You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.
  • Withdraw consent.  When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice. If you make a request, we must respond to you without undue delay and in any event within one month.

Our lawful bases for the collection and use of your data, and the specific rights that apply

Under UK and EU data protection laws, we must have a “lawful basis” for collecting and using your personal information. These lawful bases are:

  1. To provide and improve products and services for clients. Human Meetings Ltd collects and uses personal information for legitimate interests, specifically because it is necessary to provide the Whispers product to you as a user. Whispers collects information that is used in analyses and feedback to users designed to improve outcomes for group and individual performance. For group performance, Whispers supports its users to understand individuals’ thinking, preferences and personal characteristics, in order to improve the quality of thinking and decisions. For individual performance, Whispers supports its users to be better understood by colleagues. To provide and improve these products, audio data from meetings is captured, transcribed, and analysed.
    As per the standard provisions of ‘legitimate interests’, all of your data protection rights apply except for the right to portability.
  2. To operate client or customer accounts. We have permission from you to operate a user account on your behalf. All of your data protection rights apply except for the right to object. You have the right to withdraw your consent at any time.
  3. To provide information updates or for marketing purposes. We have permission from you to provide you with information about Whispers. All of your data protection rights apply except for the right to object. You have the right to withdraw your consent at any time.
  4. To deal with queries, complaints or claims. We have permission from you to use data about your account to deal with queries, complaints or claims. All of your data protection rights apply except for the right to object. You have the right to withdraw your consent at any time.

Intended users and their consent

  • Consent to transcription and analysis of voice data. Users are responsible for obtaining the consent of participants in the meeting to having their voice data transcribed and analysed. By using Whispers, the user is instructing Human Meetings Ltd to process voice data and transcripts on their behalf. Human Meetings Ltd is not responsible for unethical use of the Whispers tool by individual users.

    In principle, this consent may be informed by recognizing that any individual speaking in a meeting implicitly accepts that others in the group will judge them for what they say. A contributor in a meeting discussion already reasonably expects that what they say will be summarized in meeting minutes, recorded as part of a group decision or thinking process, and may be interpreted as implying specific aspirations, characteristics or personality traits. As such, the additional analysis that Whispers performs to improve the accuracy of those judgements is consistent with that existing paradigm; it is an extended use of that same data for similar purposes.

  • Children. This privacy policy is written on the basis that the Whispers product is used only by adults for analysis of voice data of adults. By using Whispers, you certify that the user and all participants being recorded are over the age of 18. Whispers is not directed towards children, and we do not knowingly collect, use, disclose, sell or share any information about children. Children are considered a vulnerable group, and special provisions for privacy and data management would apply for any child participants.

How long we keep information

We retain personal information to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.  The retention schedule depends on the specific type of data:

  1. Audio data. 
    Audio data is retained only until it is transcribed.  Unless an error occurs, the transcription happens within the timeframe of the meeting, then the audio data is deleted immediately.  The transcription is performed by a third party (see section on ‘Data processors’ below).  Whispers specifically chooses to use a transcription service that encrypts the audio file in transit, and deletes the audio file as soon as the transcription has completed.

  2. Meeting transcripts. 
    Meeting transcripts are stored in Whispers database to be available if/when needed, but can be deleted by the user via the ‘Review Previous Meetings’ screen.  The transcript is deleted by the transcription service as soon as it is sent to Whispers.

  3. Meeting analyses.
    Meeting analyses are created by Whispers in order to provide the user with a service.  These analyses are stored in the Whispers database so that they can be accessed and reviewed by the user, and so that patterns and further analyses across the user’s meetings can be inferred by Whispers as a coaching tool.  The user is able to request instant deletion of any of these analyses through management of their user account, via the ‘Review Previous Meetings’ screen.

All non-anonymised user information is deleted if an account with Whispers is closed and deleted.  In some circumstances we may anonymise personal information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.  

 

Who we share information with

Data processors

Human Meetings Ltd engages three data processors for specific tasks during analysis of personal data. The purposes of each of these data processors is described here, and the following section describes how information is transferred securely.

  • Bubble Group, Inc. (https://bubble.io)
    Bubble is a full-stack app platform. In its beta form, Whispers is built using the Bubble platform. That means that Bubble Group stores data, processes data, and manages data, as requested by Human Meetings during the provision of the Whispers product and service, and in management of user accounts.
  • AssemblyAI, Inc. (https://assemblyai.com)
    AssemblyAI is a Speech AI company that provides analytic tools for voice data. Human Meetings Ltd engages AssemblyAI to deliver a speech-to-text transcription service on Whispers audio data. That means audio data is transmitted to AssemblyAI, is transcribed, and the transcription is returned to the Whispers app.
  • Anthropic PBC (https://anthropic.com)
    Anthropic is a provider of Large Language Models (LLMs). Human Meetings Ltd engages Anthropic to analyse transcripts of users’ meetings in real-time using proprietary prompts that are transmitted to Anthropic together with the transcript. The transcript is analysed on the same dimensions that users see on the Whispers screen (i.e. instant minutes, sharper thinking, and group cohesion) and the results are delivered to the user of Whispers.
  • Postmark (https://postmarkapp.com)
    Postmark is a provider of email application services. Human Meetings Ltd engages Postmark to send email summaries of a user’s meeting to the user. As such, summary data from the meeting is transmitted to Postmark, which then sends the email to the user.

International sharing of personal data

We may transfer data outside the UK where it allows us to deliver an improved product, consistent with legitimate interests. When doing so, we aim to comply with the UK and EU GDPR provisions, making sure appropriate safeguards are in place. As far as we are aware, all data processors use data protection clauses that are deemed adequate by UK, EU, and other relevant data protection requirements.

  • Bubble Group
    Provider of no-code platform, compute, and data storage.

    Country the personal information is sent to:
    USA

    How the transfer complies with UK data protection law:
    The Whispers database is encrypted at rest, and HTTPS / SSL encryption is used to securely transfer between the Whispers database, other data processors, and your device. User passwords are salted and encrypted and held separately. Privacy roles are utilized to ensure data is not visible to other users.

  • AssemblyAI
    Speech recognition.

    Country the personal information is sent to:
    USA

    How the transfer complies with UK data protection law:
    HTTPS / SSL encryption is used to securely transfer between the Whispers database, Anthropic, and your device.

    AssemblyAI is a US-based company, and is are compliant with SOC 2 Type 1 and Type 2 industry standards, which control the way that data is encrypted, accessed, and protected. None of the audio data passed to AssemblyAI are used to train AI models, nor are passed to any further third parties.
    Whispers uses AssemblyAI specifically because it has a policy to delete audio files as soon as transcription has completed. (More information available here.)


  • Anthropic
    Large language model

    Country the personal information is sent to:
    USA and others

    How the transfer complies with UK data protection law:
    HTTPS / SSL encryption is used to securely transfer between the Whispers database, Anthropic, and your device.

    Anthropic is a US-based company, using servers located predominantly in the US (full list here). Anthropic Claude is are compliant with SOC 2 Type 1 and Type 2 industry standards, which control the way that data is encrypted, accessed, and protected– with details here. The provider of the LLM may retain the transcript securely for up to 30 days, then will delete it. More information on their data management policies is available here. None of the personal data passed to Anthropic are used to train AI models, nor are passed to any further third parties.


  • Postmark
    Email services

    Country the personal information is sent to:
    USA

    How the transfer complies with UK data protection law:
    HTTPS / SSL encryption is used to securely transfer between the Whispers database, Postmark, and your device. Postmark retains content and metadata for 45 days, after which it is removed from their system. Further information on Postmark’s privacy policies is available here.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the relevant supervisory authority.

A full list of EU supervisory authorities’ contact details is available here. If you live or work in the UK, you have the right to lodge a complaint with the UK Information Commissioner’s Office. If you live in Brazil, you have the right to lodge a complaint with the Brazilian Data Protection Authority (ANPD).

Scroll to Top