Security you can trust with your clients' most sensitive matters
Your clients place their deepest trust in you. Whisperit is built to honour that trust — with Swiss infrastructure, end-to-end encryption, and a privacy-first architecture.
Swiss Hosting
Your data never leaves Switzerland. All Whisperit infrastructure runs on ISO 27001-certified Swiss data centres, subject to Swiss law and independent from US CLOUD Act jurisdiction. No data transfers to third-country servers without explicit consent.
AES-256 Encryption
All documents, transcriptions, and case data are encrypted using AES-256 at rest and TLS 1.3 in transit. Encryption keys are managed per-tenant and never shared. Even Whisperit employees cannot read your documents. Your clients' confidential information stays confidential.
Human-in-the-Loop AI Review
Every AI-generated document, draft, or suggestion is explicitly presented for your review before it can be used or sent. Whisperit never auto-sends or auto-files anything on your behalf. You approve each action. This ensures professional accountability and eliminates the risk of unreviewed AI output reaching clients or courts.
Your Data Never Trains AI Models
Whisperit does not use your documents, cases, voice recordings, or any client data to train, fine-tune, or improve AI models. Your data is exclusively used to serve your firm. We work with AI providers under strict data processing agreements that explicitly prohibit training on customer data.
GDPR & nLPD Compliant
Whisperit is fully compliant with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nLPD, in force since September 2023). We serve as both Data Controller and Data Processor. Data Processing Agreements (DPAs) are available on request and included in Enterprise contracts.
SOC 2 Type II (In Progress)
Whisperit is currently undergoing SOC 2 Type II audit by an accredited third-party assessor. We publish a public-facing security page and share audit reports under NDA with Enterprise customers. ISO 27001 certification is also on our roadmap for 2025.
Our security commitments
Access control
Role-based access ensures that each team member only sees the cases and documents they need. Audit logs record every access, edit, and export.
Two-factor authentication
All accounts support TOTP-based 2FA. Enterprise plans include SSO via SAML 2.0 and OIDC for integration with your identity provider.
Data residency
By default, all data is stored and processed exclusively in Switzerland. No data is replicated outside Swiss territory without explicit configuration.
Vulnerability management
We conduct regular penetration tests and maintain a responsible disclosure programme. Critical vulnerabilities are patched within 24 hours.
Business continuity
Whisperit maintains automated backups with 30-day retention and a recovery time objective (RTO) of under 4 hours. Enterprise SLAs include uptime guarantees.
Have security questions?
Our team is happy to walk you through our architecture, share compliance documentation, or arrange a security review.