Privacy, data handling, and access roles

The product can hold organizational data, user data, and report content

• Organization and tenant configuration data
• User account and role information for administrative access
• Report content, case activity, notes, and file metadata depending on the mode in use
• Operational data needed for security, audit, authentication, and notifications

Data is processed to run the reporting workflow and support the hosted service

Whispr uses customer data to deliver intake, case handling, authentication, notifications, audit logging, and customer support. The customer organization remains responsible for choosing how the workflow is configured and used internally.

Access is limited to authorized customer users and controlled service operations

Customer-side visibility depends on the configured role and scope model. BackPR personnel access customer data only when needed for service support, maintenance, security investigation, or legal obligations, subject to internal controls and contractual limits.

Current processor visibility aligns with the trust-center list

The current product stack uses Cloudflare for core infrastructure, Resend for transactional email, and Stripe only where billing functionality is relevant. See the dedicated subprocessor page for the current provider list.

Retention expectations depend on mode, configuration, and contract

Whispr does not publish fixed post-termination timing or universal automatic deletion windows on this page. See the retention page for the current control model and confirm final requirements through legal review and contract.

Privacy questions and data-rights handling follow the controller model

In most deployments, the customer organization is the first point of contact for data-rights requests relating to its reporting channel. Processor-side assistance is handled under the DPA and the operational support process.