GDPR Compliance

SoulWhisp is committed to protecting your data privacy rights under the General Data Protection Regulation (GDPR).

Your Rights Under GDPR

Right to Access

You have the right to request access to the personal data we hold about you. Because SoulWhisp stores minimal data, this is limited to technical logs (IP address, device type, access times) retained for 30 days.

Right to Rectification

You can request correction of inaccurate or incomplete personal data. Because we don't collect personal information like names, emails, or profiles, this right has limited application.

Right to Erasure

You can request deletion of your personal data (“right to be forgotten”). Conversations are already deleted automatically when you close the chat — they are never stored. Technical logs can be deleted on request.

Right to Data Portability

You can request your data in a structured, commonly used format. This is limited to technical access logs, as no conversation data exists.

Right to Object

You can object to processing of your personal data in certain circumstances.

Data Collection & Processing

We collect and process only the minimum data necessary to operate the service:

What we collect:

  • Technical information: IP address (for security and abuse prevention), browser type, device type, access times
  • Usage patterns: Aggregate, anonymised data to improve service quality
  • Donation data: Processed by Stripe if you choose to donate (not stored by SoulWhisp)

What we do NOT collect or store:

  • Conversations — processed in real-time by AI, then deleted immediately when you close the chat
  • Your name, email, phone number, or location
  • User profiles or accounts
  • Any personally identifying information

Legal basis for processing:

  • Legitimate interest: Technical data for security and abuse prevention
  • Consent: Any optional data collection (such as donations)

Data Retention

  • Conversations: Not stored. Deleted immediately when you close the chat. Cannot be recovered.
  • Technical logs: Retained for 30 days for security purposes, then permanently deleted.
  • Donation records: Processed and retained by Stripe per their policy and tax requirements.
  • Aggregate analytics: Anonymised, cannot identify individuals. Retained indefinitely.

Data Transfers

  • Servers located in EU data centres
  • AI processing by OpenAI (US-based, GDPR-compliant)
  • Hosting by Vercel
  • Data transfers outside the EU are protected by Standard Contractual Clauses (SCCs) and strong encryption

How to Exercise Your Rights

To exercise any of your GDPR rights, contact us at:

Email: support@soulwhisp.ai

We will respond to your request within 30 days.

Data Protection Officer: For privacy concerns, contact our Data Protection Officer at support@soulwhisp.ai

Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority:

  • UK: Information Commissioner's Office (ICO)
  • EU: Your national data protection authority
  • Romania: Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)

Further Information

For complete details about how we handle your data, see our Privacy Policy.

Privacy PolicyTerms of Service