Privacy Policy

Last updated: April 11, 2026

1. Introduction

WhisperBee ("we," "us," or "our") operates the WhisperBee mobile application and the web portal at whisperbee.app (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using WhisperBee, you agree to the collection and use of information in accordance with this policy. This policy should be read alongside our Terms of Service.

If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect information from your Google or Apple account through our authentication provider (Clerk). This includes your name and email address. We do not collect or store your Google or Apple password.

2.2 Voice Recordings

WhisperBee records audio when you use the voice logging feature during hive inspections. Voice recordings are stored securely and processed by third-party AI services to transcribe your speech and extract structured inspection data. Recordings are associated with your account and the specific hive being inspected.

2.3 Location Data

When you create an apiary, we collect GPS coordinates to place it on the map and enable location-based features. Your exact coordinates are stored in your account for your personal use. For community features, your location is converted to an anonymized geographic area (H3 hexagonal grid cell of approximately 36 km²). Your exact GPS coordinates are never shared with other users.

2.4 Hive & Beekeeping Data

We collect and store the beekeeping data you create through the Service, including inspection records, treatment logs, harvest records, action items, and any notes or observations you provide. This data is created by you and belongs to you.

2.5 Device & Usage Information

The mobile app stores data locally on your device using SQLite for offline-first functionality. We collect basic usage information necessary to provide the Service, including sync timestamps and device permission states (microphone, location, Bluetooth). We do not use third-party analytics or advertising SDKs.

2.6 Payment Information

Paid subscriptions are processed through Stripe. WhisperBee does not directly collect, store, or have access to your credit card number or banking details. Stripe's collection and use of your payment information is governed by their own privacy policy.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service, including voice-to-text transcription and AI-powered data extraction
  • Generate AI-powered suggestions about hive health, recommended actions, and inspection insights
  • Synchronize your data across devices when connectivity is available
  • Contribute anonymized observations to community intelligence features (with your participation)
  • Process payments and manage subscriptions
  • Communicate with you about service updates, security alerts, and support
  • Improve and develop the Service based on aggregated, de-identified usage patterns

We do not sell your personal information to third parties. We do not use your data for advertising. We do not use your hive data or voice recordings to train AI models.

4. AI Processing Disclosure

WhisperBee uses artificial intelligence to process your voice recordings and provide suggestions about hive health, inspection findings, and recommended actions. These AI-generated outputs are suggestions only and should not be treated as professional diagnoses, veterinary advice, or agricultural consultation. Always use your own judgment and consult qualified professionals for significant hive health decisions.

When you use voice recording features, your audio is processed as follows:

  1. Speech-to-Text: Your audio recording is sent to OpenAI's Whisper API, which transcribes your speech into text.
  2. Data Extraction: The transcript is sent to Anthropic's Claude AI, which extracts structured inspection data (e.g., queen status, brood pattern, pest observations) and identifies potential action items.
  3. Results: The extracted data is stored in your account and presented to you for review. You can edit or correct any AI-extracted fields.

These third-party AI services process your data according to their respective privacy policies and data processing agreements. Your voice recordings and transcripts are sent to these services solely for the purpose of providing you with the Service. Neither OpenAI nor Anthropic uses your data to train their models under our data processing agreements.

5. Third-Party Services

We use the following third-party services to operate WhisperBee. Each service receives only the minimum data necessary for its function:

ServicePurposeData Shared
ClerkAuthenticationName, email, OAuth tokens
OpenAISpeech-to-text, embeddingsVoice recordings, text for search
AnthropicAI data extractionTranscribed text
Amazon Web ServicesInfrastructure, hosting, storageAll service data (encrypted)
StripePayment processingEmail, subscription status
PowerSyncOffline data synchronizationSync metadata, hive data

We require all third-party service providers to handle your data in accordance with applicable data protection laws. We do not sell or rent your data to any third party.

6. Community Data & Anonymization

WhisperBee offers an optional community intelligence feature that aggregates anonymized observations from beekeepers in the same geographic region. This enables hyperlocal alerts about swarm season, nectar flows, pest pressure, and other conditions.

To protect your privacy, community data is anonymized as follows:

  • Your exact GPS coordinates are never shared. Your location is converted server-side to an H3 hexagonal grid cell (approximately 36 km²), and only this grid cell identifier is used for community features.
  • Community data is only surfaced when at least three beekeepers in a cell have contributed observations (k-anonymity), preventing identification of individual contributors.
  • It is not possible to reverse-engineer your exact apiary location from the anonymized grid cell.

Participation in community features is voluntary. You may opt out at any time through your account settings without affecting your ability to use the rest of the Service.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the Service. Specifically:

  • Account data: Retained while your account is active.
  • Hive data (inspections, treatments, harvests): Retained while your account is active. Soft-deleted data is permanently removed within 30 days.
  • Voice recordings: Retained while your account is active. You may delete individual recordings at any time.
  • Account deletion: When you delete your account, all associated personal data, hive data, and voice recordings are permanently purged within 30 days.

We may retain de-identified, aggregated data (such as community statistics) that cannot be linked back to you after account deletion.

8. Your Rights

8.1 All Users

Regardless of where you are located, you have the right to:

  • Access your personal data and receive a copy in a portable format (JSON export)
  • Correct inaccurate or incomplete personal data
  • Delete your account and all associated data
  • Export your hive data at any time through the web portal

8.2 European Economic Area (GDPR)

If you are located in the EU or EEA, you have additional rights under the General Data Protection Regulation:

  • Legal basis for processing: We process your data based on your consent (voice recordings, community features) and legitimate interest (providing the Service, security, improvement).
  • Withdraw consent: You may withdraw consent for any consent-based processing at any time without affecting the lawfulness of processing before withdrawal.
  • Data portability: You may request your data in a structured, commonly used, machine-readable format.
  • Restrict processing: You may request that we restrict processing of your data in certain circumstances.
  • Supervisory authority: You have the right to lodge a complaint with your local data protection authority.
  • International transfers: Your data is stored on servers in the United States (AWS us-east-1). We rely on standard contractual clauses and other appropriate safeguards for data transfers outside the EEA.

8.3 California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to know: You may request details about the categories and specific pieces of personal information we have collected about you.
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to opt-out of sale: We do not sell your personal information. We never have and never will.
  • Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, contact us at support@whisperbee.app. We will respond to your request within 30 days.

9. Children's Privacy

WhisperBee is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@whisperbee.app and we will promptly delete such information.

10. Cookies & Tracking

WhisperBee does not use tracking cookies, third-party analytics, or advertising pixels. The web portal uses only essential session tokens provided by our authentication service (Clerk) to keep you signed in. These are strictly necessary for the Service to function and cannot be used to track you across other websites.

The mobile app does not use cookies.

11. Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures, including:

  • Encryption of data in transit using TLS/HTTPS
  • Encryption of data at rest in our databases and file storage
  • Infrastructure hosted on Amazon Web Services with industry-standard physical and network security
  • Access controls and monitoring for all backend systems
  • Secrets and credentials stored in AWS Secrets Manager, not in application code

While we strive to protect your personal information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incident and notifying affected users as required by law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: support@whisperbee.app