At Whisper, privacy is not treated as a feature or a setting you have to turn on. It is where everything begins. The idea is simple: when you have a conversation, it should stay between the people involved. Nothing extra. Nothing hidden behind the scenes.

Today, many platforms are built around collecting, analyzing, and learning from user activity. Conversations can become data points, and personal interactions can quietly turn into something that is observed or measured. Over time, this has made private communication feel less private.

Whisper takes a different direction. It is designed to keep communication limited to the intended participants, without building systems around observing or profiling what you say. There are no accounts to manage and no long-term records of your chats within the platform. The focus stays on the conversation itself, not on anything around it.

This approach is about respect. Respect for your space, your words, and your control over who gets to see them. You should not have to think about who else might be watching or how your messages could be used beyond their purpose.

Transparency means you are not left guessing. What the platform does is clear, and just as importantly, what it does not do is also clear. If you want to explore the details, you can read our Privacy Policy and User Agreement, where everything is explained in full.

Whisper | Private Messaging (“Whisper”, “the Service”) is a stateless, client-executed, browser-resident communication substrate operating over decentralized peer-to-peer (“P2P”) transport primitives implemented through WebRTC. The Service is distributed as static assets and does not maintain any server-side application layer, persistent datastore, account registry, or identity resolution framework under the control of the developer. The Service does not solicit, ingest, persist, or centrally process personally identifiable information, nor does it implement authentication, credentialing, or durable user-account constructs. All interaction occurs within an ephemeral, session-scoped execution context without persistent identity correlation. User-originated payloads, including textual, audiovisual, and file-based transmissions, are instantiated and processed exclusively within the client runtime environment and are conveyed directly between peer endpoints via WebRTC transport channels. Such payloads are not retained within developer-controlled infrastructure and remain transient within volatile browser memory for the duration of an active session. Session establishment is mediated through ICE negotiation, and network traversal may require the exchange of connection descriptors and related network-layer identifiers necessary for peer bootstrap. Data-in-transit is protected by browser-enforced cryptographic transport primitives, including DTLS and SRTP. The Service neither accesses nor retains communication content and is not positioned within the payload transmission path. The Service does not deploy cookies, behavioral telemetry, profiling instrumentation, or analytics mechanisms. Limited client-side storage may be utilized solely for non-sensitive functional state and does not constitute personal data processing. The Service may depend on third-party infrastructure for delivery or session coordination, and such infrastructure may independently process technical request metadata in accordance with its own policies. The Service is not intended for individuals under the age of 18. This Privacy Policy may be revised to reflect architectural or legal changes. Continued use of the Service constitutes acceptance of the updated version.

By initiating, invoking, rendering, executing, instantiating, or otherwise interacting with Whisper | Private Messaging (the “Service”), the User irrevocably, unconditionally, and perpetually assents to be bound by these Terms and Conditions, constituting a digitally manifested, jurisdictionally cognizable, and legally enforceable agreement to the maximum extent permissible under applicable statutory and common-law constructs, and any failure to assent necessitates immediate and irreversible cessation of all interface-level, protocol-level, and execution-layer interactions with the Service; the Service is architected as a stateless, non-custodial, client-executed, browser-resident computational interface operating over decentralized, peer-to-peer communication topologies utilizing WebRTC-based signaling orchestration, ICE candidate negotiation, STUN/TURN-assisted traversal, DTLS-SRTP encrypted transport channels, and ephemeral session-layer key exchange primitives, and explicitly does not instantiate, provision, orchestrate, or maintain any server-side execution environments, persistence layers, storage backplanes, identity resolution mechanisms, authentication frameworks, telemetry pipelines, or centralized control planes, such that all computational execution, cryptographic derivation, packetization, transmission, decryption, rendering, and session lifecycle management are exclusively performed within the User-controlled client runtime environment and remain entirely external to any developer-governed infrastructure domain; all message payloads, signaling metadata, session identifiers, cryptographic key material, and transport-layer artifacts are transiently instantiated within volatile execution memory and are deterministically destroyed upon session termination, garbage collection, or runtime invalidation, thereby precluding any possibility of persistence, replayability, auditability, or state reconstruction within any developer-associated system boundary, and the User explicitly acknowledges and consents to the irreversible, non-recoverable, and non-reproducible nature of all communication artifacts and execution states; the User assumes absolute, unilateral, non-transferable, and perpetual responsibility for the integrity, confidentiality, availability, and security posture of their computational environment, including but not limited to browser execution integrity, operating system hardening, device-level attack surface minimization, network-layer encryption fidelity, DNS resolution trust chains, certificate validation mechanisms, entropy sources for cryptographic operations, and resilience against adversarial threat vectors including but not limited to man-in-the-middle interception, session hijacking, endpoint compromise, malicious code injection, extension-level exfiltration, timing attacks, side-channel leakage, downgrade attacks, protocol exploitation, and quantum-adjacent cryptanalytic methodologies, and the Service expressly disclaims any and all liability, accountability, or responsibility arising from, related to, or in connection with any such vulnerabilities, exploits, or security degradations irrespective of causal attribution; the Service performs zero data ingestion, zero persistence, zero indexing, zero behavioral analytics, zero telemetry aggregation, and zero state retention, and consequently maintains no capability for forensic introspection, evidentiary reconstruction, audit logging, or data recovery, and the User expressly waives any expectation of recoverability, continuity guarantees, or operational determinism; the Service is provided strictly on an “as-is,” “as-available,” “with all faults,” and “without warranties of any kind whatsoever” basis, including but not limited to implied warranties of merchantability, fitness for a particular purpose, non-infringement, uninterrupted operability, latency guarantees, throughput consistency, synchronization accuracy, protocol reliability, cryptographic invulnerability, or resistance against current, emergent, or hypothetical computational attack paradigms including but not limited to post-quantum adversarial models, and no representation, warranty, or assurance is made regarding system behavior under any operational condition; the User irrevocably agrees to utilize the Service in strict compliance with all applicable statutory, regulatory, and international legal frameworks and assumes exclusive and total liability for all content transmitted, received, or processed via the Service, and acknowledges that due to the Service’s zero-knowledge, non-observable, and non-interventionist architecture, enforcement, moderation, and supervisory capabilities are inherently non-existent or severely constrained; to the maximum extent permissible under applicable law, the developer, operator, maintainer, distributor, licensors, and any affiliated or associated entities shall bear no liability, obligation, or accountability whatsoever for any direct, indirect, incidental, consequential, special, exemplary, punitive, or otherwise categorized damages, losses, liabilities, or claims arising from, related to, or in connection with the use, misuse, inability to use, or reliance upon the Service, including but not limited to data exfiltration, packet interception, cryptographic compromise, endpoint exploitation, network-layer disruption, protocol failure, user misconfiguration, third-party infrastructure behavior, or emergent systemic vulnerabilities, and any residual liability, if adjudicated notwithstanding the foregoing disclaimers, shall be strictly limited to the minimal quantum permissible under applicable law; the User expressly, knowingly, and irrevocably waives, releases, and discharges any and all claims, causes of action, demands, disputes, or proceedings against the Service and its developer to the fullest extent legally permissible, acknowledging that such waiver is a fundamental precondition to access; the Service operates exclusively as a non-custodial, non-intermediary, non-processor, and non-controller computational interface, facilitating direct peer endpoint communication without assuming any fiduciary, custodial, supervisory, or agency relationship under any applicable legal or regulatory classification, and all data exchange occurs solely between User-governed endpoints outside the dominion, control, or observability of the Service; the Service reserves absolute, unilateral, and discretionary authority to modify, mutate, refactor, suspend, deprecate, or terminate any component, protocol implementation, cryptographic primitive, or operational parameter without prior notification or liability, and continued utilization of the Service constitutes binding acceptance of any such modifications irrespective of User awareness; these Terms shall be governed, interpreted, and enforced in accordance with applicable legal doctrines, excluding conflict-of-law principles, and any dispute resolution mechanism, jurisdictional venue, or adjudicatory forum shall be determined exclusively at the discretion of the Service operator to the maximum extent enforceable under applicable law.