Privacy Policy

Last updated: April 11, 2026

1. Introduction

WhisperBee LLC, a Colorado limited liability company ("WhisperBee," "we," "us," or "our"), operates the WhisperBee mobile application and the web portal at whisperbee.app (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service.

For the purposes of the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), WhisperBee LLC is the business that determines the purposes and means of processing personal information. See Section 8.2 for our position regarding the European Economic Area, United Kingdom, and Switzerland.

By using WhisperBee, you agree to the collection and use of information in accordance with this Policy. This Policy should be read alongside our Terms of Service.

If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect information from your Google or Apple account through our authentication provider (Clerk). This includes your name and email address. We do not collect or store your Google or Apple password.

2.2 Voice Recordings

WhisperBee records audio when you use the voice logging feature during hive inspections. Voice recordings are stored securely and processed by third-party AI services to transcribe your speech and extract structured inspection data. Recordings are associated with your account and the specific hive being inspected.

2.3 Location Data

When you create an apiary, we collect GPS coordinates to place it on the map and enable location-based features. Your exact coordinates are stored in your account for your personal use. For community features, your location is converted to an anonymized geographic area (H3 hexagonal grid cell of approximately 36 km²). Your exact GPS coordinates are never shared with other users.

Because we store precise (sub-1,750-foot) geolocation data for apiaries, these coordinates may also constitute Sensitive Personal Information under the CPRA. See Section 2.7 and Section 8.3 for how California residents can exercise the right to limit our use of Sensitive Personal Information.

2.4 Hive & Beekeeping Data

We collect and store the beekeeping data you create through the Service, including inspection records, treatment logs, harvest records, action items, and any notes or observations you provide. This data is created by you and belongs to you.

2.5 Device & Usage Information

The mobile app stores data locally on your device using SQLite for offline-first functionality. We collect basic usage information necessary to provide the Service, including sync timestamps and device permission states (microphone, location, Bluetooth). We do not use third-party analytics or advertising SDKs.

When the app or our backend encounters an error or crash, we send a diagnostic report to Sentry (our error-monitoring service) so we can investigate and fix the problem. These reports contain the error message, stack trace, your device model and operating system version, the app version, and your pseudonymous account identifier. They do not contain your voice recordings, inspection notes, GPS coordinates, email address, or payment information.

2.6 Payment Information

Paid subscriptions are processed through Stripe. WhisperBee does not directly collect, store, or have access to your credit card number or banking details. Stripe's collection and use of your payment information is governed by their own privacy policy.

2.7 Sensitive Personal Information

Under the California Privacy Rights Act (CPRA), certain categories of information are considered "Sensitive Personal Information." Two categories we collect may qualify:

  • Voice recordings (Section 2.2) — we process these solely for transcription and structured data extraction. We do not use voice recordings to infer characteristics about you, and we do not use voice biometrics to identify you.
  • Precise geolocation (Section 2.3) — GPS coordinates of apiaries are stored with precision below 1,750 feet. We use precise geolocation to place apiaries on your personal map, generate in-app hive briefings, and, if you opt in to community features, to derive the coarsened H3 grid cell described in Section 6.

We do not sell or share Sensitive Personal Information, do not use it for profiling or inferring characteristics protected by law, and do not use it for any purpose outside those described in this Policy.

California residents have the right to limit our use of Sensitive Personal Information to uses strictly necessary to provide the Service. See Section 8.3 for how to exercise this right.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service, including voice-to-text transcription and AI-powered data extraction
  • Generate AI-powered suggestions about hive health, recommended actions, and inspection insights
  • Synchronize your data across devices when connectivity is available
  • Contribute anonymized observations to community intelligence features (with your participation)
  • Process payments and manage subscriptions
  • Communicate with you about service updates, security alerts, and support
  • Troubleshoot and fix defects using crash reports from our error-monitoring service, which contain stack traces and device information but not your hive content
  • Comply with legal obligations, respond to lawful requests from authorities, enforce our Terms of Service, prevent fraud and abuse, and protect the rights, property, and safety of WhisperBee, our users, and the public

We do not sell your personal information to third parties. We do not use your data for advertising. We do not use your hive data or voice recordings to train AI models.

4. AI Processing Disclosure

WhisperBee uses artificial intelligence to process your voice recordings and provide suggestions about hive health, inspection findings, and recommended actions. These AI-generated outputs are suggestions only and should not be treated as professional diagnoses, veterinary advice, or agricultural consultation. Always use your own judgment and consult qualified professionals for significant hive health decisions.

When you use voice recording features, your audio is processed as follows:

  1. Speech-to-Text: Your audio recording is sent to OpenAI's Whisper API, which transcribes your speech into text.
  2. Data Extraction: The transcript is sent to Anthropic's Claude AI, which extracts structured inspection data (e.g., queen status, brood pattern, pest observations) and identifies potential action items.
  3. Results: The extracted data is stored in your account and presented to you for review. You can edit or correct any AI-extracted fields.

These third-party AI services process your data according to their respective privacy policies and data processing agreements. Your voice recordings and transcripts are sent to these services solely for the purpose of providing you with the Service. Neither OpenAI nor Anthropic uses your data to train their models under our data processing agreements.

For a plain-English breakdown of what each AI surface does, where it can be wrong, and when you should defer to a qualified human, see our AI Disclaimer.

Automated Decision-Making

The AI outputs we provide (inspection field extraction, health flags, action items, hive briefings) are suggestions that inform your decisions about the management of your bees. We do not use AI to produce decisions that have legal or similarly significant effects on you. You retain full decision-making authority at all times, and you can edit or reject any AI-generated output before acting on it. If you believe an automated output has materially affected you, you may request human review by contacting us at privacy@whisperbee.app.

5. Third-Party Services

We use the following third-party services to operate WhisperBee. Each service receives only the minimum data necessary for its function:

ServicePurposeData Shared
ClerkAuthenticationName, email, OAuth tokens
OpenAISpeech-to-text, embeddingsVoice recordings, text for search
AnthropicAI data extractionTranscribed text
Amazon Web ServicesInfrastructure, hosting, storageAll service data (encrypted)
StripePayment processingEmail, subscription status
PowerSyncOffline data synchronizationSync metadata, hive data
SentryCrash and error reportingStack traces, device info, pseudonymous user ID

We require all third-party service providers to handle your data in accordance with applicable data protection laws. We do not sell or rent your data to any third party.

Changes to our subprocessors. We will provide at least 30 days' notice before adding a new subprocessor that will process your personal data, by updating this Policy and, where you have subscribed to material-change notices, by email. If you object to a new subprocessor, contact us at privacy@whisperbee.app. If we cannot accommodate a reasonable objection, you may terminate your account and receive a prorated refund of any prepaid subscription fees.

6. Community Data & Anonymization

WhisperBee is building an optional community intelligence feature that, when released, will aggregate anonymized observations from beekeepers in the same geographic region to enable hyperlocal alerts about swarm season, nectar flows, pest pressure, and similar conditions. This feature is opt-in and not enabled by default. It is released on a rolling basis and may not be available in all regions at a given time. Until you explicitly enable it in Account Settings, none of your data is used for community features.

When you opt in, community data is anonymized as follows:

  • Your exact GPS coordinates are never shared. Your location is converted server-side to an H3 hexagonal grid cell (approximately 36 km²), and only this grid cell identifier is used for community features.
  • Community data is only surfaced when at least three beekeepers in a cell have contributed observations (k-anonymity), preventing identification of individual contributors.
  • It is not possible to reverse-engineer your exact apiary location from the anonymized grid cell.

You may opt out at any time through Account Settings without affecting your ability to use the rest of the Service. Opting out stops new contributions; previously-contributed anonymized observations remain in the aggregate data set because they are no longer linked to you after H3 coarsening and k-anonymity enforcement.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the Service. Specifically:

  • Account data: Retained while your account is active.
  • Hive data (inspections, treatments, harvests, action items): Retained while your account is active. When you delete an individual record from within the app, it is marked as deleted and hidden from your views, but the underlying row is retained while your account is active so that accidental deletions can be recovered if you contact support within 90 days. Soft-deleted records are permanently purged when you delete your account.
  • Voice recordings: Retained while your account is active. You may delete individual recordings at any time, in which case both the recording file in our storage and the corresponding database row are removed.
  • Account deletion: When you delete your account, all associated personal data, hive data, and voice recordings in our systems are permanently purged immediately at the time of deletion; our audio file storage is purged on a best-effort basis immediately thereafter. Records held by our subprocessors (authentication, AI processing, payment, error reporting) are purged in accordance with each subprocessor's retention policy and may persist for up to 30 days at those subprocessors before complete erasure. See our dedicated account deletion page for the in-app and email paths.
  • Legal and compliance records: We may retain limited records (such as the fact that an account was deleted and the date of deletion) for as long as necessary to comply with legal obligations, resolve disputes, or enforce our agreements.

We may retain de-identified, aggregated data (such as anonymized community statistics) that cannot reasonably be linked back to you after account deletion.

8. Your Rights

8.1 All Users

Regardless of where you are located, you have the right to:

  • Access your personal data and receive a copy in a portable format (JSON export)
  • Correct inaccurate or incomplete personal data
  • Delete your account and all associated data
  • Export your hive data at any time through the web portal
  • Withdraw consent for any processing based on your consent (including voice recording and community-feature participation), at any time, without affecting the lawfulness of processing before withdrawal. You may withdraw consent in the app via Settings, or by contacting us at privacy@whisperbee.app.

8.2 European Economic Area, United Kingdom, and Switzerland

WhisperBee is a United States-based service and does not offer the Service to data subjects located in the European Economic Area, the United Kingdom, or Switzerland, and does not monitor behavior of individuals in those regions. We have not designated an EU Representative under Article 27 of the GDPR and do not rely on the Standard Contractual Clauses for data transfers, because the GDPR's territorial scope (Article 3) is not triggered by our operations.

If you believe you are located in the EU, EEA, UK, or Switzerland, please do not create an account or use the Service. If you have already done so, you may contact us at privacy@whisperbee.app and we will delete your account and associated data. We will re-evaluate this position — and take on the corresponding GDPR compliance obligations — if and when we deliberately offer the Service in those regions.

8.3 California Residents (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:

  • Right to know: You may request details about the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties to whom we disclose personal information.
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to correct: You may request correction of inaccurate personal information we maintain about you.
  • Right to opt out of sale or sharing: We do not sell or share your personal information for cross-context behavioral advertising. We never have and never will.
  • Right to limit use of Sensitive Personal Information: You may direct us to limit our use of your Sensitive Personal Information (including voice recordings — see Section 2.7) to uses strictly necessary to provide the Service. Note that substantially restricting our use of voice recordings will disable AI transcription and structured extraction, and therefore most of the app's inspection features; you may prefer to instead use manual-entry mode for inspections.
  • Non-discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights, including by denying service, charging different prices, or providing a different level of quality.
  • Financial incentives: We do not offer financial incentives, bonuses, discounts, or differential pricing in exchange for the collection, sale, or retention of your personal information.
  • Authorized agent: You may designate an authorized agent to submit rights requests on your behalf. Your agent must provide us with written permission signed by you, and we may verify your identity directly before responding to the request. Send agent requests to privacy@whisperbee.app.

To exercise any of these rights, contact us at privacy@whisperbee.app. We will respond to verifiable rights requests within 30 days (45 days for California residents under CCPA/CPRA, extendable by an additional 45 days with notice).

8.4 Colorado and Other US State Residents

If you are a resident of Colorado, Connecticut, Virginia, Utah, Oregon, Texas, Montana, or another US state with a comprehensive consumer privacy law, you may have rights similar to the California rights described in Section 8.3 — including the right to access, correct, delete, or obtain a portable copy of your personal data, and the right to opt out of targeted advertising, profiling that produces legal or similarly significant effects, or sales of personal data. We do not sell personal data or engage in targeted advertising or legal-effect profiling. To exercise any applicable right, contact us at privacy@whisperbee.app. We will respond within the timeframe your state law requires (typically 45 days). If we decline a request, you may appeal by replying to our decision email.

9. Children's Privacy

WhisperBee is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@whisperbee.app and we will promptly delete such information.

10. Cookies & Tracking

WhisperBee does not use tracking cookies, third-party analytics, or advertising pixels. The web portal uses only essential session tokens provided by our authentication service (Clerk) to keep you signed in. These are strictly necessary for the Service to function and cannot be used to track you across other websites.

The mobile app does not use cookies for its own operation. When you sign in with Google or Apple, the operating system's native authentication flow may briefly use cookies managed by iOS or Android (for example, inside ASWebAuthenticationSession or CustomTabs). Those cookies are managed and retained by your device's operating system, not by WhisperBee, and WhisperBee does not read or persist them.

11. Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures, including:

  • Encryption of data in transit using TLS/HTTPS
  • Encryption of data at rest in our databases and file storage
  • Infrastructure hosted on Amazon Web Services with industry-standard physical and network security
  • Access controls and monitoring for all backend systems
  • Secrets and credentials stored in AWS Secrets Manager, not in application code

While we strive to protect your personal information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

Breach notification. In the event of a personal data breach, we will notify affected users as required by applicable US state breach-notification laws (including California's Civ. Code §§ 1798.29, 1798.82) without undue delay after confirming the breach. Where the breach is likely to result in a high risk of harm, we will also notify you directly via the email address on your account.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Privacy inquiries & rights requests: privacy@whisperbee.app

General support: support@whisperbee.app

Mailing address: WhisperBee LLC is a Colorado limited liability company. The current physical address for service of process on our registered agent of record will be provided upon written request to legal@whisperbee.app.

We will respond to verifiable rights requests within 45 days for California residents under CCPA/CPRA, extendable by an additional 45 days with notice.