Back to home

Privacy Policy for Whisperate

1. Roles and responsibilities

The educational institution using Whisperate is the data controller for personal data processed in connection with teaching activities.

Whisperate AS acts as a data processor and processes personal data on behalf of the institution in accordance with a data processing agreement and applicable data protection legislation.

2. Personal data processed

When using Whisperate, the following personal data is processed:

  • Email address provided during account registration
  • Institutional or course affiliation
  • Text-based messages (questions and answers)
  • Technical metadata, including timestamps and system logs

3. Anonymity and identification

Messages are displayed anonymously to other users within Whisperate.

To ensure operation, security, and moderation, messages are technically linked to the user's account. This information is accessible only to authorized system administrators at Whisperate when necessary.

4. Purpose of processing

Personal data is processed for the following purposes:

  • Support of teaching and learning activities
  • Facilitation of participation and dialogue during lectures
  • Display and storage of questions and answers for later review
  • Operation, security, and troubleshooting
  • Moderation and handling of violations of guidelines

5. Storage and deletion

Questions and answers are stored so that students can review content after the lecture, and so that lecturers can follow up and respond to questions afterwards.

When messages are deleted, they are removed from the system. Deleted data is retained in encrypted backups for up to 7 days before being permanently deleted.

6. Access to personal data

Access to personal data is restricted to:

  • Authorized system administrators at Whisperate when necessary
  • Technical sub-processors providing hosting and infrastructure services, where access to personal data is required for service operation

Lecturers do not have access to personal data identifying individual students unless this is requested through Whisperate in connection with violations of the guidelines.

All access is limited to what is necessary and governed by contractual and technical security measures.