Whisperly - Trust Center
Find all of our Security & Compliance information.
Find all of our Security & Compliance information.
Compliance & Certifications
We maintain the highest industry standards and regularly undergo rigorous third-party audits to ensure compliance.
Compliant
GDPR
In Progress
ISO 27001
Resource Library
Access our security documentation, policies, and compliance reports.
Policies
Code of Ethics
ABAC Policy
GDPR Information Security and Access Control Policy
Vendor Management Policy
Records of Processing Activities (ROPA) Policy
Personnel Security Policy
Information Security Management System Communication Plan Policy
Data Protection and Encryption Policy
Privacy Policy
Cookie policy
Terms of Use
Documents
ISO 27001 Certificate
Data Processing Agreement
Trusted by
Organizations that trust us with their data privacy and compliance needs.
Subprocessors
We carefully select and monitor all third-party services that process data on our behalf.
| Name | Category | Hosting Location |
|---|---|---|
 Pydantic Services UK Ltd | Developer Tools | United Kingdom |
 Qdrant Solutions GmbH | Developer Tools | Germany |
 Mistral AI SAS | Developer Tools | France |
 Sentry | Developer Tools | Germany |
 Amazon Web Services (AWS) | Cloud Providers | Germany |
Frequently Asked Questions
Find answers to common questions about our security and compliance practices.
Data is retained only for as long as necessary to fulfill business purposes or comply with legal requirements. When data is no longer needed, it is securely deleted using approved methods that prevent recovery. Regular audits ensure compliance with retention schedules.
All sensitive data is encrypted in transit using industry-standard protocols like TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption, and encryption keys are managed securely with regular rotation schedules.
Source code changes are logged, time-stamped, and attributed to their author in a source code management tool. Access to the source code tool is restricted to authorized users using multi-factor authentication.
The organization maintains an incident response plan that defines responsibilities, detection methods, and corrective actions during security incidents. Various monitoring tools are used for early detection, and the plan is tested, reviewed, and updated at least annually.
The organization adheres to the principle of least privilege, giving team members access only to information necessary for their job functions. Requests for privilege escalation require documented approval by an authorized manager, and regular audits of access privileges to sensitive applications are performed.
Updates
Latest news and announcements about our trust and compliance practices.
ISO 27001 Started!
SecurityMay 4, 2026
The company has initiated the implementation process for ISO/IEC 27001, marking the start of its information security management system (ISMS) certification journey.