Privacy Policy

1. Introduction

WhisperDoc (“we,” “our,” “us”) provides AI-assisted document organization services to business customers globally. We are based in Norway and comply with applicable Norwegian and EU/EEA data protection laws, including the GDPR.

This Privacy Policy explains how we collect, use, store, and protect personal data when customers use our service.

By using WhisperDoc, you agree to the practices described in this Privacy Policy.

2. Data Controller

3. Information We Collect

3.1 Account Information

When your company signs up:

• Company name
• Billing information
• Admin user name and email
• Authentication data

3.2 Cloud Storage Access

When you connect a cloud provider (Google Drive, SharePoint/Office 365, or Dropbox), we receive authorization tokens and scopes allowing us to:

• Read files and metadata
• Write metadata
• Create, move, or delete folders
• Move files

We do not store customers' files. We only process them temporarily to deliver the service.

3.3 Usage Data

We collect:

• Log data related to API actions (e.g., folder creation, metadata tagging)
• User prompts used to guide sorting
• Feature usage metrics
• Historical file structure snapshots (folder structure only, not file content)

3.4 AI Processing

We send file metadata and user-provided prompts to third-party AI providers to classify, tag, and organize documents. Customers may designate folders as “locked,” preventing them from being processed.

4. Purpose of Processing

We process personal data for:

• Providing and maintaining the WhisperDoc service
• Organizing documents and generating metadata
• Authentication and security
• Billing and subscription management
• Product improvements and analytics
• Customer support

5. Legal Basis for Processing (GDPR)

We rely on:

• Contractual necessity (Art. 6(1)(b)) for providing the service
• Legitimate interests (Art. 6(1)(f)) for security, analytics, and improving functionality
• Consent (Art. 6(1)(a)) for cloud storage access where required by the provider

6. Data Retention

• We do not store or retain your files.
• Historical folder structures are kept for rollback functionality and deleted once your account is closed.
• Account records and billing information are stored as required by law.

7. Sharing of Data

We may share data with:

• AI service providers for processing file metadata
• Cloud storage providers (Google, Microsoft, Dropbox)
• Payment processors
• Subprocessors necessary for operating the service

We do not sell personal data.

8. International Data Transfers

Your data may be processed outside the EEA. When this occurs, WhisperDoc ensures adequate protection using:

• EU Standard Contractual Clauses (SCCs)
• Providers certified under recognized frameworks

9. Security

We implement:

• Encryption in transit and at rest
• Access controls and least-privilege design
• Audit logs
• Regular security reviews

10. Your Rights (GDPR)

You have the right to:

• Access your personal data
• Rectification of inaccurate data
• Erasure of your data
• Restriction of processing
• Data portability
• Object to processing

To exercise these rights, contact us at gorm@infobreeze.no.

11. Children's Data

WhisperDoc is intended for business use only and is not directed at children.

12. Changes to this Policy

We will notify customers of significant changes via email or in-app notifications.

13. Contact

For questions or requests: