The Studio
Sign up

Privacy Policy

Last Updated: March 17, 2026

HIPAA Compliant

We adhere to strict standards for protecting Protected Health Information (PHI).

COPPA Compliant

Designed for safety. We never collect personal data from children under 13 without verification.

Data Ownership

You own your data. We do not sell your personal information to third parties.

Kapps Systems LLC ("WhisperWise", "we", "us", or "our") operates the WhisperWise website, the WhisperWise Guide caregiver mobile application, and the planned WhisperWise Coach learner-facing mobile application (collectively, the "Service"). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

1. Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

  • Personal Data: Email address, First name and Last name, Cookies and Usage Data.
  • Child Data: Name (Encrypted), Age, Developmental Profile, Sensory preferences.
  • Therapy Data: Session logs, Activity circles, Audio transcripts (transiently processed, not stored as raw audio unless explicitly authorized for clinical review).
  • Coach Data: Learner-level Coach settings, current hooks, adjacent-expansion boundaries, session caps, session events, accepted/resisted adjacent expansions, caregiver handoff moments, sync status, and suggested shared follow-up.

2. Use of Data

WhisperWise uses the collected data for various purposes:

  • To provide and maintain the Service
  • To notify you about changes to our Service
  • To provide customer care and support
  • To provide analysis or valuable information so that we can improve the Service
  • To monitor the usage of the Service
  • To detect, prevent and address technical issues
  • To preserve separate source-surface reporting so caregiver-led Guide activity and learner-facing Coach activity are never merged accidentally

3. Data Security (HIPAA & COPPA)

The security of your data is important to us.

  • Encryption: All sensitive data is encrypted at rest and in transit using industry-standard protocols.
  • Audio Privacy: Our "Audio-First" AI processing is designed to be transient. Raw audio from the Guide app is processed for affect and intent and then immediately discarded from memory, unless you explicitly choose to save a "Moment" or share a clip with a clinician.
  • Access Controls: Strict role-based access controls ensure that only authorized personnel (and your designated clinicians) can access your data.
  • Coach Runtime Controls: Coach uses learner-scoped permissions, conservative safety fallbacks, and caregiver repair-path handoff rules before any learner-facing runtime can activate.
  • Shared Supabase Hardening: Production Coach rollout requires documented BAA status, High Compliance, Point in Time Recovery, SSL enforcement, and network restrictions in the shared Supabase environment.

4. Introduction to AI Processing

We use Large Language Models (LLMs) like Google Gemini to analyze session data and provide coaching suggestions.

  • Anonymization: Data sent to third-party AI providers is stripped of direct personal identifiers where possible.
  • No Training: Your personal data is not used to train the public foundation models of our AI provides.
  • Coach Boundaries: Coach is designed as a brief relationship-bridge and developmental-expansion support product. It is not intended to function as an open-ended autonomous companion or drill engine.

5. Service Providers

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used. These third parties have access to your Medical Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose (Business Associate Agreements are in place where required).

6. Children's Privacy

Our Service does not address anyone under the age of 18 ("Children") directly. We do not knowingly collect personally identifiable information from anyone under the age of 18 without parental consent. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us.

7. Data Rights, Export, and Deletion

Account owners can request export or deletion coverage for caregiver-led Guide records and Coach-specific artifacts, including learner settings, Coach sessions, event trails, adjacent-expansion outcomes, sync metadata, and related summaries. Learner-scoped Coach settings and runtime records are included in the same export/delete review process as the rest of the WhisperWise platform.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us at privacy@whisperwise.org.