Service scope, responsibilities, and contract boundaries

Whispr provides hosted reporting, case management, and supporting workflow tools

• Reporter intake and mailbox-style follow-up
• Administrative case handling, routing, and audit-related activity
• Role-aware access and operational settings
• Export, attachment, and legal-hold related controls in supported workflows

The customer remains responsible for lawful and appropriate use

That includes deciding who may access cases, how reports are handled, which retention rules apply, when legal review is needed, and how escalation should work within the organization’s own policies.

Whispr is software. It does not, by itself, make any organisation compliant with anything

Without limiting any other disclaimer on this site:

• No regulatory outcome. Use of the product does not guarantee compliance with D.Lgs. 24/2023, the ANAC guidelines, Reg. UE 2016/679 (GDPR), the Codice Privacy (D.Lgs. 196/2003), the Codice del Consumo (D.Lgs. 206/2005), or any other law. Use of the product does not guarantee that ANAC, the Garante per la protezione dei dati personali, any judicial authority, any sectoral supervisor, or any other authority will refrain from opening investigations, imposing sanctions, issuing prescriptive orders, or taking any other action.
• No safe harbour. The product is not a safe harbour for the customer's obligations under Italian or EU law. The customer remains exclusively responsible for determining whether and how each obligation applies to it, for meeting each obligation, and for the consequences of any failure to meet it.
• No advice. Nothing in the product, on this website, or in any sales, support, or onboarding interaction constitutes legal, regulatory, compliance, audit, accounting, or any other professional advice. Whispr is not the customer's lawyer, compliance officer, DPO, auditor, or representative before any authority.
• No anti-retaliation enforcement. The product supports confidentiality, role-restricted access, and audit-trail recording. It does not detect, prevent, or remedy retaliatory conduct by the customer or any third party. Compliance with Art. 17 D.Lgs. 24/2023 is exclusively the customer's responsibility.
• Marketing language is not warranty. Descriptive statements on the marketing site that reference statutes, articles, deadlines, or guidelines (for example, "allineato al D.Lgs. 24/2023", "Art. 5 · 7 giorni", "ANAC guidelines") are informational and do not create any warranty of compliance or regulatory acceptance.

For the full statement, see the Disclaimers page, which is incorporated by reference into these Terms.

The product must not be used to abuse others or bypass security

• No unlawful, abusive, or retaliatory use of the platform
• No attempts to bypass access controls or access another customer’s data
• No use of the service as an emergency-response substitute where it is not designed for that purpose

How the 14-day trial and the first charge work

Workspace activation requires a valid payment card at signup. The card is verified through Stripe with 3-D Secure (PSD2 / SCA). The verification is a payment-method authorisation, not a charge. The card-on-file requirement exists to verify the identity of the workspace owner, to prevent fake or automated account creation, and to enable continuity of service at the end of the trial.

• Trial period. Each new workspace receives a 14-day evaluation period. No charge is applied during the trial.
• Cancellation during the trial. The customer can cancel at any point before the trial ends, directly from the admin console. Cancellation before the trial end date means no charge is taken and the workspace is closed at the end of the period.
• Automatic charge after the trial. Unless the customer cancels before the trial end date, the first invoice is automatically charged to the card on file at the end of the trial, at the price applicable to the chosen plan. By providing a card, the customer explicitly authorises this charge.
• Renewals. Subsequent renewals are billed automatically on the same payment method until the subscription is cancelled. Cancellation takes effect at the end of the current billing period.
• Failed payments. If a charge fails (insufficient funds, SCA challenge declined, card expired), Whispr may suspend access pending payment. The customer is responsible for keeping the payment method up to date.
• Refunds and prorated credits. Whispr does not commit to mid-period refunds on this page. Refund handling, including any voluntary discretionary refund or credit, is determined under the signed commercial agreement and applicable mandatory law.
• VAT and invoicing. Where required, VAT is applied based on the customer's tax status and place of supply. Italian B2B customers expecting fattura elettronica via SDI should provide their SDI codice destinatario or PEC during commercial onboarding.
• Price changes. Plan prices may change. Material price increases applicable to existing subscriptions take effect at the next renewal after reasonable notice.
• Consumer-protection law. Where the customer qualifies as a consumer under Italian or EU law (D.Lgs. 206/2005, Codice del Consumo) and a statutory cooling-off right applies, that right is honoured under the law's terms. The product is designed and sold for organisational use; the typical buyer is a business customer for whom statutory consumer rights do not apply.

Card data is never seen, stored, or transmitted by Whispr's own systems. All payment-method handling runs on Stripe under Stripe's PCI-DSS scope. Whispr stores only the Stripe customer reference, subscription identifier, and last-four digits where Stripe exposes them.

Commercial and legal specifics should come from the order form or enterprise agreement

Support tiers, negotiated liability caps, DPA language, implementation commitments, SLAs, and any offboarding timing should be confirmed in the signed commercial documents. Those documents take precedence.

Product and documentation can change over time

Features, workflows, and trust materials may evolve. Procurement-critical commitments should be captured in writing rather than assumed from a website page alone.