Skip to content

Data privacy and cloud security with Whispir

Security and the protection of privacy is of the utmost importance to Whispir. 
We continue to invest a significant amount of time and resources to secure the Whispir platform, customer data entrusted to us, and our operations and network communications.

Compliance certifications

Whispir’s operational practices are embedded within an Information Security Management System that is both ISO/IEC-27001:2013 and ISO/IEC-27018:2019 certified. Whispir adopts a comprehensive approach towards managing its information security program. We ensure that appropriate measures are in place to protect customer data and privacy.

Security attestation

Whispir has completed a detailed security questionnaire and assessment via CyberGRX, a leader in Third-Party Risk Management. Whispir’s assessment was independently validated by CyberGRX partner, KPMG. Assessment results allow customers to gain assurance over Whispir’s information security program at the security control level. The assessment also provides advanced capabilities by integrating Whispir responses with analytics, threat intelligence, and sophisticated risk models, based on known breach kill chains, to provide a dynamic and an in-depth view of Whispir’s security posture.

Security affiliations

Our Security Industry Affiliates: ACSC Partner (Australian Cyber Security Centre), OWASP, AWS.

We align and collaborate with industry leaders for security, privacy, and compliance to ensure we are operating in parallel with evolving industry best practices.

Report a vulnerability

We actively encourage engagement with the security research community, our customers and the wider public to report vulnerabilities in our products to us. Whispir recognizes those who contribute to keep Whispir safe.

Key features

Access control

Only a limited set of staff who demonstrate the strict need-to-access Whispir data and systems are provided access. Principle of least privilege is enforced.

Data encryption

TLS 1.2 is enforced for Data in-transit. AES-256 encryption is used to implement encryption Data at-rest. AWS capabilities are used for managing and securing encryption keys. Your passwords are hashed and stored securely.

Security incident response

Whispir aligns its security incident response processes to NIST guidelines for incident handling. Our dedicated security team has access to a combination of best of breed security tooling, clear incident triaging criteria and incident playbooks to effectively handle and coordinate a response to a security incident. The team also has on-demand access to external expertise to augment security incident response, coordination, and forensics capabilities.  Comprehensive logging and monitoring of our platform and its cloud infrastructure enables quick identification and response to potential security incidents.

Vulnerability management

Whispir maintains a comprehensive vulnerability management program using technology and processes to effectively identify, triage and remediate vulnerabilities and misconfigurations according to the risk it presents. This is a key aspect of our ISO27001 certification that is independently audited. We have best of breed tooling to identify software assets across our production and end-user computing environments and conduct regular vulnerability scanning that includes web application and host scanning as well as static application security testing. We also conduct penetration testing prior to significant IT changes and maintain a Responsible Vulnerability Management Policy on our public website that encourages researchers to disclose vulnerabilities identified in a responsible manner.


As a global entity, Whispir has a range of different obligations in its operating jurisdictions and commits to meeting those obligations, including but not limited to requirements outlined in the Australian Privacy Act 1988, the EU General Data Protection Regulation (GDPR), the Personal Data Protection Act (2012) of Singapore, California Consumer Privacy Act (CCPA), and the New Zealand Privacy Act (2020). Please see our Privacy Policy and Terms of Service.

Privacy by design

Whispir adopts the model recommended by the Office of the Australian Information Commissioner (OAIC) for carrying out privacy impact assessments when we build new products, services, or implement a new process, or when we change an existing one where personal information is involved.

Data sovereignty

Customers have the option to choose the region or territory where the customer's Whispir account be based in. Once the customer is homed to a specific Whispir environment, customer's data does not leave that Jurisdiction.

Human resources security

Whispir human resource security management processes ensure that background verification checks are performed for all employees. All staff and, where relevant, contractors and third-party personnel receive security awareness training on Whispir security policies, standards and guidelines, and prevailing security risks.