Whisper does not collect nor store any personally identifiable information (PII) from

users and is anonymous. To be clear, Whisper does not collect nor store: name, physical
address, phone number, email address, or any other form of PII. The privacy of our
users is not violated in any of the circumstances suggested in the Guardian story.

The Guardian staff, including its CEO and multiple members of the US editorial team,
have met with, partnered, and worked with Whisper since February 2014 and published
multiple stories utilizing Whispers, with full understanding of our guidelines. The
Guardian’s assumptions that Whisper is gathering information about users and
violating user’s privacy are false.

Here are a number of articles written, produced, and published by The Guardian with
full knowledge and understanding of the process of news gathering at Whisper:

http://www.theguardian.com/commentisfree/2014/jun/17/iraq-war-veterans-isis-
stories

http://www.theguardian.com/commentisfree/2014/aug/06/-sp-undocumented-
immigrant-american-spat-on

http://www.theguardian.com/lifeandstyle/2014/feb/14/whisper-valentines-day-
readers-secrets

More generally, all of the assertions below are either totally false or have been openly
disclosed by Whisper executives and reported as such:

http://www.forbes.com/sites/parmyolson/2014/01/24/3-reasons-to-be-wary-of-secret-
sharing-app-whispers-claim-to-anonymity/

http://online.wsj.com/news/articles/SB1000142405270230388060457940502063996
7010

1: Whisper is using data to ascertain the geographical coordinates of smartphones

belonging to users who have expressly opted out of the geolocation service on the app, in
an apparent breach of the company’s terms of service, which state: “Your permission to
our access to and tracking of your location based information is purely voluntary, and,
accordingly, you may freely opt-in of or opt-out of and determine the level of specificity
of the same.”

This is not true. We neither receive nor store geographical coordinates from users who
opt out of geolocation services. User IP addresses may allow very coarse location to be
determined to the city, state, or country level.

Even for users who opt into geolocation services, the location information that we do
store is obscured to within 500 meters of their smartphone device’s actual location.
There is nothing in our geolocation data that can be tied to an individual user and a
user’s anonymity is never compromised.

2: Whisper is retaining indefinitely Whisper postings and associated user data in a

searchable database - even messages which users believe have been deleted - in an
apparent breach of your own terms of service, which state: “Because of Whisper’s real-
time nature, usage data, posted content, and comments may be stored for a brief period
of time.”

Whisper may retain posted content for a brief period of time as stated in our terms of
service, however, the internal database contains no personally identifiable information
and is secure/access-audited, and not publicly accessible.

3: Whisper is closely monitoring, tracking and following users it believes are potentially
newsworthy, researching their history of activity on the app and previous locations. This
is a breach of the spirit of anonymity promised to users and counter to public statements
made by Whisper CEO, Michael Heyward, on the subject. Among the many targeted are
users who appear to work at McDonalds, WalMart, Yahoo, Disney, a range of secretive
US military bases and secure government buildings, a DC lobbyist and a user based on
Capitol Hill.

Whisper does not follow or track users. Whisper does not request or store any
personally identifiable information from users, therefore there is never a breach of
anonymity. From time to time, when a user makes a claim of a newsworthy nature, we
review the user’s past activity to help determine veracity.

Whisper does, however, surface and curate thematic narratives from users who are not
personally identifiable either to Whisper employees or to the public writ large.
Furthermore, workplace information from Whisper users is always volunteered without
solicitation or prompt, and users share any information about their workplace publicly.

http://www.buzzfeed.com/hillarylevine/14-horrifying-confessions-from-fast-food-
workers#14wsvs8

Most importantly, your assertion that Whisper’s editorial efforts are “counter to public
statements made by Whisper CEO, Michael Heyward” is demonstrably false. Below is a
link to one of many interviews conducted by Michael Heyward, in which he specifically
addresses Whisper’s editorial strategy:

https://www.youtube.com/watch?v=hPnjL-E7AxQ

4: Whisper’s editorial staff are using the app’s private messaging service to engage in
conversation with users without initially disclosing they work for the company. This is in
order not to spook or alarm users who may be surprised about the contact. You advised
us as journalists to initially conceal our true identity. The real intentions of these
communications are only disclosed once a conversation has been started.
This is untrue. After greeting a user or saying hello, the Whisper team always
immediately discloses that they work at Whisper. At no time did any Whisper team
member suggest to anyone that they conceal their identity as a reporter. In fact,
Guardian reporter Dominic Rushe, unprompted, expressed comfort with concealing his
own identity.

It is also vital to emphasize that no information exchanged between a user and a

member of the Whisper team through the service is ever handed off to a third party
without the explicit written consent of the user. If a user does not consent to the
interaction being made public, the exchange ends and no further contact is made.

5: In addition to Whisper’s LA-based news team, the company has employed 200 people
in the Philippines to monitor messages posted on the app. You told us their job is
primarily to filter out messages which abuse the company’s code for users and they are
also trained to identify postings that are potentially newsworthy. What access to
metadata do these people have and what security measures do you have in place?

Whisper maintains a team of over 100 content moderators in the Philippines to

moderate publicly posted content and enforce our safety guidelines. Whisper does not
moderate or monitor private messages in chat.

Moderators in the Philippines never participate in identifying Whispers that are

potentially newsworthy. No one at Whisper ever claimed that they did.

Our process is extremely secure and our moderation team never has access to personally
identifiable information because we do not have any.

6. You said the company “usually” requires a subpoena or court order before passing
information to law enforcement authorities, but added there have been times when the
company has bypassed that process to provide user data to the FBI or the British secret
service, MI5. You said this information is occasionally provided voluntarily to law
enforcement, unsolicited.

We note your terms of service say you will “only respond to valid, legal process from a
US law enforcement authority or court”. Also, Whisper’s approach to passing user
information to law enforcement appears to be less stringent than other tech firms such
as Twitter, Google, Microsoft and Yahoo that state they require a warrant signed by a
judge under the electronic communications privacy act (ECPA).

Your quote above is not from our TOS/Privacy Policy. Here is the section in our Privacy
Policy about this issue:

Compliance with Laws and Law Enforcement

WhisperText cooperates with government and law enforcement officials to
enforce and comply with the law. We may therefore disclose Personal
 Information, Usage Data, Message Data, and any other information about you, if
we deem that it is reasonably necessary to: (a) satisfy any applicable law,
regulation, legal process (such as a subpoena or court order) or enforceable
governmental request; (b) enforce the Terms or the Services, including
investigation of potential violations thereof; (c) detect, prevent, or otherwise
address fraud, security or technical issues; or (d) protect against harm to the
rights, property or safety of WhisperText, its users or the public as required or
permitted by law.

We comply with the legal process in all instances. We respond to both subpoenas and
preservation requests from law enforcement. Whisper is not a place for illegal activity.
Whisper has always been public about the fact that we will proactively report threats of
violence or anything dangerous involving a minor (or child abuse) to law enforcement
out of public safety concerns.

http://www.businessinsider.com/what-happens-to-threats-on-whisper-2014-7

Again, Whisper does not have any personally identifiable information from users that
can be shared.

7: Whisper is also cooperating with the US Department of Defense, sharing data for a
multi-year study into the frequency of mentions of suicide or self-harm from
smartphones that are used in US military bases or compounds. We can find no evidence
of your having notified users about this study.

We’re proudly working with many organizations to lower suicide rates and the US
military is among them. We have referred more than 40,000 people to the National
Suicide Prevention hotline and hear from Whisper users every day that Whisper saved
their life. We are not sharing specific user data with any organization. We noticed how
frequently suicide is mentioned among those living on US military bases or compounds
and reached out to organizations to see how we could work together to address this
important issue.

We have publicly shared similar aggregated PTSD statistics that are absent of any
personally identifiable information, as, again, we do not collect or store PII:

http://www.buzzfeed.com/neetzanzimmerman/what-ptsd-is-actually-like-according-
to-veterans#14wsvs8

8: Whisper has developed a Chinese-version of its app, which received a soft-launch last
week. Unlike major tech companies such as Facebook and Twitter, which are blocked in
mainland China, Whisper has agreed to the government’s terms - including a ban on
certain words appearing on its app. We would be grateful if you could tell us whether
you plan to cooperate with requests from the Chinese government for user data?

We haven’t launched in China but we operate in many countries and comply with the
same local laws and regulations as other US-based technology companies that operate
internationally do. Again, Whisper does not collect or store any personally identifiable
information from users that can be shared.

9. In general, the information we were exposed to revealed that Whisper’s internal

practices contrast strongly with Michael Heyward’s public declarations, the company’s
terms of service and the expectations of users who are downloading the app in growing
numbers in the belief their privacy and anonymity will be closely protected.

This is untrue. Whisper does not collect nor store any personal identifiable information
from users therefore their privacy and anonymity are always protected.
Additionally, it important to emphasize that Whisper and every user-generated
“Whisper” text-over-image is entirely public (while the contents of private chat are not),
and users are fully aware of this fact. The internal tools shared with The Guardian’s
reporters during their stay at Whisper HQ, while more robust than public search
functionality, do not afford Whisper team members any additional insight into a user’s
identity, as, again, Whisper does not collect nor store any personally identifiable
information of any sort or kind.
Lastly, as stated above, Whisper is not a place to make violent or child-endangering
threats, and we will proactively notify law enforcement in order to protect our users and
the public.