Security and compliance FAQ

Where is Wispr based, and what is the company's legal structure?

Wispr AI, Inc. is a Delaware C-corporation founded in 2023, headquartered at:

444 Townsend Street

San Francisco, CA 94107, United States

Wispr is privately held. The company operates the Wispr Flow product.

Who owns Wispr's security program?

The security and compliance program is led by:

• Sahaj Garg: Co-Founder, CTO, and CISO (overall accountability for security, compliance, and policy)

• Tanay Kothari: Co-Founder and CEO (executive sponsorship)

• Jason Scot: Senior Technical Support and Compliance Engineer (day-to-day execution of compliance, audits, and customer security inquiries)

• Ethan Carlson: Engineering Lead (application security ownership)

• Duncan McIsaac: Infrastructure Lead (cloud and database security)

• Steve Dotson: vCISO (independent advisory)

Functional ownership is documented in the CISO Policy and the Risk and Governance Executive Committee Charter.

What platforms does Wispr Flow support?

Wispr Flow is available as native applications for:

• macOS (primary desktop platform)

• Windows (desktop)

• iOS (mobile)

• Android (mobile)

A web-based Admin Portal for enterprise organization configuration is available at admin.wisprflow.ai.

How many languages does Wispr Flow support?

Wispr Flow supports over 100 languages for voice dictation, with continuing expansion. Quality varies by language; English has the most mature accuracy. Customers can validate language support during evaluation.

What security certifications and audits does Wispr have?

Current attestations:

• SOC 2 Type I: Completed April 2026 by A-LIGN, clean unqualified opinion. Scope: Security. Report available under NDA.

• ISO 27001:2022 Stage 1: Completed April 2026 by A-LIGN. Stage 2 scheduled June 2026.

• HIPAA-aligned controls: Business Associate Agreement (BAA) available for healthcare customers.

• Annual penetration testing: Most recent by BSK Security LLC (November 2025); next engagement with Doyensec planned after SOC 2 Type I.

In progress:

• SOC 2 Type II: Observation period underway; tentative fieldwork completion end of August 2026.

Historical note: Wispr previously held a SOC 2 Type II (Accorp Partners) and ISO 27001 (Gradient) certification, both proactively invalidated in March 2026 due to platform integrity concerns at the original auditor. See our note on our compliance program for full context.

Not currently held: FedRAMP, PCI DSS (Wispr does not process payment card data; Stripe handles payments under PCI DSS Level 1), SOC 1 (not applicable, Wispr is not a financial reporting service), SOC 3.

Can we get a copy of your SOC 2 report?

Yes, under NDA. Wispr's SOC 2 Type I report (A-LIGN, April 2026) is available via the Trust Center or through your account representative.

For interim periods, A-LIGN provides an Engagement Confirmation Letter as a standard alternative to a bridge letter.

Is Wispr HIPAA compliant? Do you sign a BAA?

Yes. Wispr offers a Business Associate Agreement (BAA) for healthcare customers requiring HIPAA-compliant data handling. The BAA can be requested through your account representative.

Supporting HIPAA-aligned controls:

• HIPAA Internal Privacy Policy

• PHI De-identification Policy and Procedure

• HIPAA-aligned Breach Notification Policy

• Security Awareness Training with HIPAA-specific content

• Encryption of PHI at rest (AES-256) and in transit (TLS 1.2+)

• Audit logging across infrastructure and application layers

Is Wispr PCI DSS compliant?

Not applicable. Wispr does not store, process, or transmit cardholder data directly. Stripe handles all payment processing under their PCI DSS Level 1 certification. Wispr is therefore out of scope for PCI DSS as a merchant beyond SAQ-A applicability.

Is Wispr FedRAMP authorized?

No. Wispr does not currently hold FedRAMP authorization.

What regulations does Wispr comply with?

Wispr operates in alignment with:

• GDPR (EU): DPA incorporates Standard Contractual Clauses

• CCPA / CPRA (California): Privacy Policy aligned to consumer rights

• HIPAA (US): under signed BAA with healthcare customers

• SOC 2 and ISO 27001:2022 industry frameworks

Not subject to: GLBA (not a financial institution), SOX (privately held), 21 CFR Part 11 (not FDA-regulated), CFTC, SEC reporting.

How does Wispr handle UK GDPR and international data transfers?

Wispr's Data Processing Addendum covers cross-border transfers:

• EU GDPR: Standard Contractual Clauses (SCCs) incorporated by reference

• UK GDPR: UK International Data Transfer Addendum (IDTA) and the UK Addendum to the EU SCCs are available

• Transfer Risk Assessment (TIA): Wispr can provide TIA materials supporting our reliance on SCCs/IDTA, including assessment of US legal context and supplementary measures (encryption, access controls)

All customer data is stored in the United States. EU/UK customers requiring specific transfer mechanism documentation should request via the Trust Center or their account representative.

Does Wispr offer Privacy Mode and Zero Data Retention?

Yes. Wispr offers Privacy Mode (also referred to as zero data retention or ZDR), which can be enforced at the organization level on enterprise plans such that individual users cannot disable it.

Defense-in-depth enforcement (four independent layers):

1. Client write gate: desktop app blocks all local DB writes (audio, history, AI rewrites) when ZDR is active

2. Client startup purge: on every app launch, any residual local data is deleted

3. Client upload serializer: strips content fields before they leave the device

4. Server-side sanitizer: backend independently strips content and forces shareType: "no", regardless of what the client sends

Fields stripped under Privacy Mode (dictation content): screenshot, additionalContext, axText, axHTML, asrText, formattedText, pastedText, audio, and opusChunks.

HIPAA BAA coupling: Signing a HIPAA Business Associate Agreement automatically enables Privacy Mode and locks the toggle on. It cannot be disabled while the BAA is in effect.

Subprocessors: Wispr requires subprocessors processing dictation content to operate consistent with zero retention. Contractual ZDR commitments are in place with certain providers (for example, Anthropic ZDR Certificate signed December 2025). For other subprocessors, retention controls are governed by provider standard terms and Wispr's DPA flow-down. Customers with specific contractual-evidence requirements should contact their account representative.

Privacy Mode is the default for Enterprise customers and HIPAA BAA customers.

Do you use customer data to train AI models?

No. Wispr does not use customer dictation content to train models.

• With Privacy Mode: Zero data retention means no dictation data is even available for training.

• Without Privacy Mode: Dictation content is not used for training per Wispr's AI Policy and our contractual arrangements with subprocessors.

Aggregated or anonymized dictation data is not retained indefinitely and is not used for marketing, benchmarks, or external sharing.

What is your data retention policy?

Data retention is governed by Wispr's Data Retention and Disposal Policy:

Data destruction follows NIST 800-88 standards for physical media; cloud data is purged per AWS and subprocessor contractual terms.

What happens to customer data when the contract terminates?

Under Privacy Mode (default for Enterprise): Dictation data is never retained, so no data persists after contract termination.

Account, configuration, and user data:

• Available for export via the Admin Portal during the contract term and a reasonable wind-down period

• Deleted within a defined window after contract termination per the Data Retention and Disposal Policy

• Backups containing the data age out within the standard retention schedule

Customer rights at termination: Customers may request data export and confirmation of deletion via their account representative.

Can customers export their data?

Yes. Customers can request data export of:

• User account information

• Organization configuration

• Snippets and dictionaries

• Available usage records

Export is available via the Admin Portal (for admins) or through account-level requests. Dictation content is not exportable under Privacy Mode because it is not retained.

Where is customer data stored geographically?

All customer data is processed and stored within the United States.

AWS regions:

• us-east-1 (primary): Northern Virginia

• us-west-1 (secondary): Northern California

• us-west-2 (content delivery): Oregon

Wispr does not currently offer data residency options outside the United States. International data transfers from customers in the EU/UK are governed by Standard Contractual Clauses (SCCs) incorporated into our DPA.

What data does Wispr Flow store locally on the user's device?

Wispr Flow stores the following locally on the user's device:

• Application binary and resources

• User preferences and settings (Privacy Mode state, activation shortcut, etc.)

• Authentication tokens (in OS-protected keychain/credential store)

• Snippets and dictionaries (synced from the backend, regardless of Privacy Mode)

• Local logs (application errors, telemetry, sanitized of dictation content)

Not stored locally:

• Past dictation content / transcripts (under Privacy Mode)

• Audio recordings (audio is streamed to the backend; not persisted locally)

• Customer business data

Uninstalling the app removes the binary; cached preferences may remain in standard OS application support directories and can be cleared by the user.

Are user snippets and dictionaries stored regardless of Privacy Mode?

Yes. User-created snippets (saved text expansions) and custom dictionaries (custom vocabulary) are stored in Wispr's backend and synced across the user's devices regardless of Privacy Mode status. These are user-authored productivity assets, not dictation content.

This is by design: these settings need to follow the user across devices so the product behaves consistently. They are stored with the same protections as other account/configuration data:

• Encrypted at rest (AES-256 via AWS KMS)

• Encrypted in transit (TLS 1.2+)

• Access-controlled and logged

What Privacy Mode covers is specifically the dictation content pipeline: screenshot, additionalContext, axText, axHTML, asrText, formattedText, pastedText, audio, and opusChunks.

Does Wispr capture screenshots?

Wispr Flow includes a Context Awareness feature that, when enabled, captures a screenshot of the user's active application to improve AI formatting accuracy (for example, understanding the email thread context for tone-appropriate output).

Defaults and controls:

• Context Awareness can be disabled at the organization level via the Admin Portal

• Under Privacy Mode, screenshots are stripped at both client and server layers and are never transmitted or stored

• Without Privacy Mode, screenshots are processed transiently for AI formatting and not retained for training

Enterprise admins control this via admin.wisprflow.ai.

Who are Wispr's subprocessors?

Active subprocessors handling customer data in production:

Cloud infrastructure

• Amazon Web Services (AWS): primary cloud (compute, database, storage)

• Cloudflare: DNS and edge for web properties (not currently in the audio/dictation data path)

AI / ML inference (active in production)

• Baseten: primary STT (hosts Wispr's proprietary speech foundation models)

• OpenAI: fallback STT (Whisper) and text processing

• OpenPipe: primary NLP (fine-tuned models)

• Fireworks AI: fallback completions

• ElevenLabs: multilingual STT

Authorized but not currently in standard production data flow

• Anthropic: listed in the DPA as an authorized NLP subprocessor; API key configured but no active production calls

• Cerebras: authorized for beta features (text transforms) only

• Google Cloud (GCP) and Mithril AI: used for model training infrastructure only; do not process enterprise customer data in production

Identity and access

• Supabase: authentication backend

• WorkOS: enterprise SSO and SCIM

Operations and support

• Stripe: payment processing (PCI DSS Level 1)

• Rippling: HRIS and MDM

• CrowdStrike: endpoint protection

• Material Security: email DLP

The authoritative subprocessor list, including all authorized providers, is Annex 2 of the DPA. Subprocessor changes are communicated via DPA updates.

Are subprocessors contractually bound to data protection requirements?

Yes. All active subprocessors handling customer data are bound by written agreements that include:

• Confidentiality obligations

• Data protection terms equivalent to our customer commitments

• Breach notification obligations

• Subprocessor flow-down restrictions

Zero data retention (ZDR): Where Privacy Mode applies, Wispr requires that dictation content not be retained by subprocessors. Specific contractual ZDR attestations are in place with certain providers (for example, Anthropic ZDR Certificate signed December 2025). For other providers, retention is governed by their standard terms and Wispr's DPA flow-down obligations. Customers with specific contractual-evidence requirements should contact their account representative.

Subprocessor risk is assessed annually as part of Wispr's Vendor Management Program.

How is data encrypted in transit?

All confidential data in transit is encrypted using TLS 1.2 or higher with forward-secrecy cipher suites.

• External-facing services (Wispr Flow client to backend, browser to Admin Portal) enforce TLS 1.2+

• Internal service-to-service communication uses AWS-managed encrypted channels

• Audio streaming to Baseten uses gRPC over TLS

• Certificates issued by trusted public CAs (Amazon, Let's Encrypt, Cloudflare) with automated renewal via AWS Certificate Manager

• Subprocessor egress uses TLS 1.2+, outbound-initiated only

Is Wispr Flow end-to-end encrypted? Can Wispr decrypt customer data?

Wispr Flow does not provide end-to-end encryption in the strict cryptographic sense (where the service provider cannot decrypt content). The service is encrypted in transit (TLS 1.2+) and at rest (AES-256 via AWS KMS), but Wispr's backend must decrypt audio to perform transcription.

Under Privacy Mode, the architectural mitigation is that decrypted audio and transcripts are not persisted. Sensitive fields are stripped at both client and server layers, and dictation flows through processing without storage.

For customers requiring true E2E encryption where the provider cannot read content, Wispr Flow's transcription model does not support that architecture.

Does Wispr support Single Sign-On (SSO)?

Yes. Wispr Flow supports SSO via WorkOS, which provides SAML 2.0 and OIDC integrations with major identity providers:

• Okta

• Microsoft Entra ID

• Google Workspace

• JumpCloud

• OneLogin

• Ping Identity

• Custom SAML / OIDC

SSO is available on Enterprise plans.

Is MFA enforced?

For Wispr's internal access (employees): MFA is required for all production system access, administrative cloud access (AWS), SSO (WorkOS), Rippling, GitHub, and all sensitive SaaS tools.

For enterprise customer access: MFA is enforced via the customer's own identity provider through SAML/OIDC SSO (delegated to the IdP). Direct application-layer MFA for customers not using SSO is on the roadmap.

How does Wispr manage user sessions?

Authentication tokens are issued by Wispr's managed identity providers (Supabase, WorkOS):

• Token format: JWT with time-bound validity

• Storage: OS-protected keychain (macOS) / credential store (Windows) on the client

• Transmission: TLS 1.2+ only; tokens never exposed in URLs or logs

• Revocation: Supported via the identity provider; SSO-managed sessions follow the customer's IdP session policy

• Re-authentication: Required after extended idle periods

For enterprise SSO customers, session timeouts and reauthentication policies are inherited from the customer's IdP.

Does Wispr Flow support remote uninstall or 'kill switch' capability?

Wispr Flow does not include a Wispr-controlled remote uninstall or kill switch. Enterprise admins manage Wispr Flow deployment and removal through their existing MDM (Jamf, Intune, Kandji, Rippling) using the same mechanisms used for any application.

For account-level termination, admins can:

• Deprovision user access via SCIM or SSO disablement, which terminates Wispr Flow's authentication

• Once authentication is terminated, the app cannot send audio to or receive responses from the backend

Can admin audit logs be exported or streamed to a SIEM?

Customer-accessible admin audit log export is on the product roadmap, targeted for the end of Q2 2026. Wispr's internal infrastructure already captures comprehensive audit logs (AWS CloudTrail, application logs in BetterStack), and is building the customer-facing export and SIEM streaming capability.

Customers with active SIEM integration requirements should contact their account representative to align on timing.

Does Wispr support staff access customer data or environments?

Wispr support and customer success personnel do not have access to customer dictation content under Privacy Mode (data isn't stored). For account-level support:

• Support staff use Pylon (the support platform) to handle customer requests

• Account-level data access (subscription, user list, organization settings) is read-only for support and requires authenticated, logged access

• Production database access for engineering troubleshooting is read-only, MFA-protected via AWS SSM, and logged in CloudTrail

• No remote access to customer environments or customer machines

For incidents requiring deeper data access, customer authorization is sought first.

How does Wispr provide customer support?

Wispr provides customer support through:

• In-app support: accessible from the Wispr Flow client

• Support page: wisprflow.ai/support

• Enterprise customers: dedicated account representative for escalation

• Status page: statuspage.incident.io/wispr-flow with subscribe-for-updates

Support response times and coverage hours are defined in the Master Services Agreement; enterprise SLAs are negotiable.

What are your RTO and RPO targets?

Recovery Time Objective (RTO):

• Authentication and core API services: ≤ 4 hours

• Transcription and inference services: ≤ 8 hours

• Admin Portal and reporting: ≤ 24 hours

Recovery Point Objective (RPO):

• Production database: ≤ 5 minutes (AWS RDS continuous backup, point-in-time recovery)

• Object storage: Near-zero (S3 versioning, cross-region replication where configured)

• Infrastructure-as-code: Zero (Git-based version control)

Under enterprise Privacy Mode, dictation content is not retained, so RPO is non-applicable for that data class.

How does Wispr handle network security?

Wispr's production network security:

• Edge: Cloudflare (DDoS protection, bot management, edge filtering)

• Web application firewall: AWS WAF v2 on Application Load Balancers with managed and custom rules

• Network isolation: Application compute (Fargate, Lambda) and databases (RDS) in private VPC subnets with no public IP addresses

• Ingress: All inbound connections terminate on AWS Application Load Balancers with TLS 1.2+ enforced

• Egress: Outbound to subprocessors uses TLS 1.2+, outbound-initiated only

• Threat detection: AWS GuardDuty for runtime anomaly detection

• Logging: AWS VPC Flow Logs, WAF logs, and CloudTrail centralized in BetterStack

Wispr does not operate traditional DMZ architecture (no internet-routable application servers); all internet-facing surfaces are managed AWS services with WAF protection.

What network endpoints does the Wispr Flow client need to reach?

The Wispr Flow desktop and mobile clients require outbound HTTPS connectivity to Wispr-controlled endpoints:

• *.wisprflow.ai: primary API, authentication, and content endpoints

• AWS-hosted backend services (resolved through *.wisprflow.ai)

• Auto-update endpoints (also under *.wisprflow.ai)

All connections use TLS 1.2+ on standard ports (443). No inbound ports are required on customer networks. Customers requiring more restrictive firewall configurations should contact their account representative for the current list of resolvable hostnames.

Does Wispr apply rate limiting to API and AI endpoints?

Yes. AI and transcription endpoints are protected by per-user rate limiting to prevent abuse and ensure fair resource allocation. AWS WAF and Cloudflare provide additional rate-based protection at the edge.

Authentication endpoints have stricter rate limits and are monitored for credential-stuffing patterns via GuardDuty and WAF rules.

How does Wispr secure employee devices?

All employee endpoints are managed and hardened:

Management:

• Rippling MDM: primary device management across macOS and Windows

• Centralized configuration enforcement; users cannot disable security controls

Protection:

• CrowdStrike Falcon Complete: managed detection and response across 41 endpoints

• Prevention mode with automatic sensor updates

• Tamper protection enabled

• USB mass storage set to Full Block mode (non-storage peripherals function normally)

Encryption and screen lock:

• Full-disk encryption: FileVault (macOS) and BitLocker (Windows)

• 15-minute screen lock centrally enforced

Patching:

• Patch SLAs per the Baseline Hardening Policy (Critical 3d, High 14d, Medium 60d, Low 90d)

BYOD: Not permitted for production system access. All access requires Wispr-managed devices.

What physical security controls protect customer data?

Wispr Flow is a cloud-native SaaS. Production customer data is hosted entirely in AWS data centers, and AWS's physical security controls apply:

• 24/7 staffed security

• Biometric access controls

• CCTV monitoring

• Perimeter fencing

• Multi-factor authentication for facility access

• Environmental controls (fire suppression, temperature, humidity)

• Redundant power and cooling

• Site selection considering natural and man-made hazards

AWS data center physical and environmental controls are attested under SOC 2, SOC 3, ISO 27001:2022, ISO 27017, ISO 27018, and PCI DSS. The full attestation set is available at aws.amazon.com/compliance.

Wispr's office (444 Townsend Street, San Francisco) houses no production customer data. Office controls follow Wispr's Physical Security Policy: multi-tenant commercial building with building-managed lobby access, suite-level badge access, and Wispr-escorted visitors.

What is Wispr's secure development lifecycle?

Wispr maintains a formal Software Development Lifecycle (SDLC) Policy covering initiation, planning, design, development, testing, deployment, maintenance, and disposal.

Engineering controls:

• Peer code review required for every change via GitHub pull requests

• CI/CD validation via CircleCI and GitHub Actions with automated tests (unit, integration, end-to-end, regression)

• Static analysis (SAST) on every commit

• Secret scanning via GitHub native scanning

• Dependency scanning via Dependabot with automated alerts and PRs

• Segregated environments (development, staging, production)

• No direct interactive production access for developers

• Security-sensitive changes receive additional review by Engineering Lead and/or CISO

The full SDLC Policy is available under NDA.

How does Wispr address OWASP Top 10 risks?

Wispr's application security controls address OWASP Top 10 categories:

• Injection: Parameterized queries, ORM use, input validation

• Broken Authentication: Managed identity providers (Supabase, WorkOS) with industry-standard protections

• Sensitive Data Exposure: AES-256 encryption at rest, TLS 1.2+ in transit, AWS Secrets Manager for credentials

• XML External Entities (XXE): JSON-based APIs; XML parsers not used in user-facing paths

• Broken Access Control: Authorization checks at API/service layer, not client-side

• Security Misconfiguration: Terraform-managed IaC with peer review; Baseline Hardening Policy

• Cross-Site Scripting (XSS): Output encoding, CSP headers, React framework defaults

• Insecure Deserialization: Memory-safe languages, schema validation

• Vulnerable Components: Dependabot, AWS Inspector, annual pen test

• Insufficient Logging and Monitoring: Multi-layered logging (CloudTrail, application, endpoint)

Validation via annual penetration testing (BSK Security, most recent November 2025).

How does Wispr Flow insert text into other applications?

Wispr Flow uses the system clipboard with a simulated paste keystroke:

• macOS: NSPasteboard to write the formatted text, then CGEvent to issue Cmd+V

• Windows: Win32 clipboard APIs to write text, then SendInput to issue Ctrl+V

The clipboard is snapshotted before the insertion and restored after, so the user's clipboard contents are not disrupted.

Accessibility APIs are used only for context inspection (for example, understanding which application is active for AI formatting context). They are never used for text insertion.

MDM impact: Customer MDM policies that restrict clipboard usage or synthetic keyboard input may prevent Wispr Flow from inserting text. In those cases, Wispr Flow displays the formatted text and the user can copy/paste manually.

Does Wispr conduct background checks on employees?

Yes. All employees and contractors with access to production systems or customer data undergo background screening prior to system access.

Screening (via Checkr, administered through Rippling):

• Identity verification

• Employment history

• Education verification

• Criminal background check (where legally permitted)

Onboarding requirements (all personnel):

• Signed offer letter

• Confidentiality / Non-Disclosure Agreement

• IP assignment

• Acknowledgment of Acceptable Use, security policies, and Code of Conduct

Re-acknowledgment occurs annually.

What security awareness training do employees receive?

All personnel complete security awareness training:

• Within 30 days of hire

• Annually thereafter

• Role-specific training for engineering (secure coding, OWASP) and personnel with PHI access (HIPAA-specific)

Content covers: Phishing, social engineering, data handling, incident reporting, password hygiene, acceptable use, AI policy awareness.

Completion is tracked in Drata with attestation records.

Does Wispr conduct AI-specific security testing?

Partial. Wispr's annual penetration test (BSK Security) covers the application and infrastructure layers, including the AI/LLM endpoints from a web-application security perspective. Separate adversarial-AI specific testing (red-teaming for model manipulation, jailbreaks, data exfiltration via the model) is not part of the current standard program.

Approach to AI security validation:

• AI/ML controls (model input validation, output handling, data pipeline integrity) are in scope of the A-LIGN SOC 2 audit

• Code-level protections for prompt-level handling and system prompt leakage are implemented

• Wispr is open to engaging an independent firm for AI-specific assessment where customer requirements warrant it