Acceptable use, prohibited conduct, and reservation of rights

This policy covers the Whispr Compliance Italy product only

Whispr Compliance Italy is one of multiple independent product lines under the BackPR umbrella (backpr.com). Each product is developed and operated by a separate product team, with separate contracts, infrastructure scope, and acceptable-use policies. Conduct on or around another BackPR product, including the Whispr EDU product line, is governed by that product's own policies and is not binding on this product or this team.

Conduct that is never permitted

• Any unlawful, fraudulent, defamatory, retaliatory, or harassing use of the service.
• Submitting reports or content known by the submitter to be materially false, vexatious, or intended to harm a specific person without lawful basis.
• Using the service to circumvent, replace, or undermine the customer's own legal, safety, or reporting obligations to authorities.
• Attempting to access another tenant's data, another user's account, or any non-public Whispr system, code, or interface.
• Probing, scanning, fingerprinting, or testing the service without prior written authorisation, including any automated load testing, fuzzing, or vulnerability scanning.
• Interfering with, degrading, or attempting to disable the service, its sub-processors, or its security controls.
• Uploading malware, ransomware, illegal content, content infringing third-party rights, or material that violates the rights of any individual.
• Using the service in a high-risk environment where its failure or unavailability could reasonably cause death, personal injury, environmental damage, or critical infrastructure impact. The service is not certified, designed, or sold for those use cases.
• Reselling, sublicensing, white-labelling, or making the service available to third parties outside the scope of the signed order form.
• Removing, obscuring, or modifying any legal notice, attribution, branding, or audit-related metadata generated by the service.
• Training, fine-tuning, or evaluating machine-learning models on data that originates from the service, except as expressly permitted by the signed agreement.
• Bulk extraction, scraping, or mirroring of service outputs other than through documented administrative or export functionality used in the ordinary course of business.

The customer remains responsible for lawful, governed, and supervised use

The customer is solely responsible for: (i) the conduct of its administrators, handlers, advisors, viewers, integrators, and any third party it grants access; (ii) the lawful basis for any data processing it configures; (iii) the accuracy, completeness, and lawfulness of any content it submits or invites others to submit; (iv) appropriate role assignment, access reviews, and offboarding; (v) any communication, signage, internal training, or onboarding material it produces in connection with the channel; (vi) escalation, response, and any reporting required by law or by its own internal policies; and (vii) supervision of minors, vulnerable individuals, or any high-risk reporter category where applicable. Whispr does not police, validate, moderate, or audit customer-side conduct as a matter of course.

What we reserve, without prior notice, refund, or credit

• Suspend, throttle, restrict, or terminate access by any user, organisation, or IP range.
• Remove, quarantine, or block specific content where we reasonably believe it violates this policy, breaches applicable law, infringes third-party rights, or threatens service integrity.
• Investigate suspected misuse, including by accessing relevant system logs, metadata, and case-handling records, subject to the privacy notice and the signed agreement.
• Cooperate with competent authorities, regulators, and lawful process, including responding to requests under the applicable Italian and EU legal framework.
• Decline to enter into, renew, or extend any commercial relationship with any prospective or existing customer at our sole discretion.
• Change features, workflows, retention behaviour, sub-processors, and operating practice over time, as described in the terms.

How to report a suspected violation of this policy

If you believe the service is being misused, write to abuse@backpr.com with a short description and any context you can lawfully share. We acknowledge reports as practical and decide on follow-up at our sole discretion. We make no representation about response time, outcome, remediation, or notification, and submission of a report does not create a legal, contractual, or fiduciary relationship between you and Whispr.

Customer indemnification for breach

The customer shall defend, indemnify, and hold harmless Whispr, its team, BackPR, and their respective affiliates, officers, employees, contractors, and agents from and against any third-party claim, regulatory action, fine, loss, cost, damage, or expense (including reasonable legal fees) arising out of or in connection with: (a) any breach of this policy by the customer or by anyone using the customer's account; (b) the customer's own configuration, communications, or rollout decisions; (c) the customer's processing of personal data; or (d) the use of the service in a context, geography, sector, or risk profile for which it was not procured.

This policy can be updated unilaterally

We may update this policy at any time by publishing a new version at this URL. Continued use of the service after publication constitutes acceptance of the updated version. Where this policy and a signed commercial document diverge, the signed commercial document controls in favour of whichever of the two provides the broader protection for Whispr.

Publication of this page does not waive rights

Nothing on this page constitutes a warranty, representation, or commitment by Whispr. Failure or delay in enforcing any provision of this policy is not a waiver of that provision or any other right. Where any part of this policy is held to be unenforceable, the remainder continues in full force.