Skip to main content
WAIMAKERS
About UsCareersContact
|
Schedule Free Call
Back to overview

Wispr Flow

Wispr AI

PartialEU: Not AvailableOpt-out AvailableZero RetentionUS Only

Business Plan Price

$15/mo (Pro), $24/user (Enterprise) - billed in USD

Enterprise Features

Privacy Mode (ZDR), HIPAA BAA (all plans), SOC 2 Type II

Last Updated

March 23, 2026

Wispr Flow - GDPR & Data Privacy Overview for European Clients

Version: March 2026 - prepared by WAIMAKERS B.V.

1 Purpose

This overview explains how Wispr Flow (Free, Pro, Teams, Enterprise) handles data in relation to GDPR, with a focus on European customers. Wispr Flow is a voice-to-text dictation tool by Wispr AI, Inc. (San Francisco) offering optional Privacy Mode with zero data retention.

2 Comparison of Wispr Flow Tiers (EU focus)

Tier Privacy Mode (ZDR) HIPAA BAA Training on data? EU residency Compliance Price
Free ✅ Optional ✅ All plans (Aug 2025) ⚠️ Yes (if Privacy Mode off) ❌ No SOC 2, ISO 27001 (in progress) €0 (2,000 words/week)
Pro ✅ Optional ✅ All plans (Aug 2025) ⚠️ Yes (if Privacy Mode off) ❌ No SOC 2, ISO 27001 (in progress) $15/month (14-day free trial for teammates, Nov 2025)
Teams ✅ Optional (per user) ✅ All plans (Aug 2025) ⚠️ Yes (if Privacy Mode off) ❌ No SOC 2, ISO 27001 (in progress) $10/user/month (min 2)
Enterprise ✅ Available ✅ All plans (Aug 2025) ⚠️ Yes (if Privacy Mode off) ❌ No SOC 2, ISO 27001 (in progress) $24/user/month

Notes for Europe

  • Privacy Mode: When enabled, zero data retention (no audio/transcripts stored). Must be manually enabled in Settings → Data & Privacy. Not the default setting.
  • HIPAA BAA (expanded Aug 2025): HIPAA BAA is now available on ALL plans (Free, Pro, Teams, Enterprise), not just Enterprise. Accepting the BAA auto-enables Privacy Mode and locks it ON.
  • Infrastructure: 100% US-based cloud processing. No EU data centers available.
  • Data retention:
    • Privacy Mode ON: Zero retention at Wispr and third parties
    • Privacy Mode OFF: 30 days retention (confirmed standard retention period)
  • Enterprise pricing: $24/user/month (now publicly available).
  • Pro plan (Nov 2025): Restructured for teams; includes free 14-day trial for teammates.
  • Android app: Launched March 2026.
  • ISO 27001: Certification still "in progress" as of March 2026.
  • Pricing: Global pricing in USD.

3 Is Wispr Flow GDPR-Compliant?

Short answer: ⚠️ Partial compliance. Usable for EU personal data only with Privacy Mode enabled and proper US transfer safeguards (DPA with SCCs). All plans support Privacy Mode but require manual activation. US-only infrastructure.

What applies to all plans:

  • Privacy Mode (ZDR) - When enabled, no audio/transcripts stored; no training by Wispr or third parties
  • HIPAA compliance - BAA available on ALL plans (expanded August 2025); accepting BAA auto-enables and locks Privacy Mode ON
  • Strong certifications - SOC 2 Type II, ISO 27001

What's plan-dependent:

  • Privacy Mode enforcement - Free/Pro/Teams: user-optional. Enterprise: can negotiate enforced Privacy Mode
  • DPA availability - Status unclear for lower tiers; Enterprise should include DPA with SCCs

Infrastructure limitations (all plans):

  • US-only processing - All transcription occurs in US cloud; no EU data residency option
  • DPA/SCCs unclear - Not publicly documented; must be requested from Enterprise sales
  • Subprocessors undisclosed - List not publicly available

What that means in practice:

  • For non-sensitive work content (drafts, emails): Pro/Teams acceptable with Privacy Mode
  • For EU personal data (employee/customer info): Enterprise recommended; require DPA with SCCs and Transfer Impact Assessment
  • For special category data (Art. 9 GDPR): Not recommended even with Privacy Mode due to US infrastructure

Buyer's note: Only suitable for EU use if Privacy Mode is enforced organisation-wide, DPA with SCCs obtained, and Transfer Impact Assessment permits US processing.

4 Details by Offering

Free Plan

  • Privacy Mode: Optional (manual toggle)
  • Data collection: With Privacy Mode: only usage stats (word count). Without: audio, transcripts, may be used for training.
  • Training: No training if Privacy Mode ON; may be used if OFF
  • Retention: Zero if Privacy Mode ON; undefined if OFF
  • Pricing: Free (2,000 words/week limit)
  • When to use: Testing, non-sensitive personal use
  • When not to use: EU personal data (no contractual protections likely available at Free tier)

Pro Plan ($15/month)

  • Privacy Mode: Optional (manual toggle)
  • Important limitation: User can disable Privacy Mode at any time; no admin enforcement
  • Pricing: $15/month (unlimited dictation)
  • When to use: Individual professionals with non-regulated workflows, comfortable with manual Privacy Mode management
  • When not to use: Regulated data, team deployments requiring enforced controls

Teams Plan ($10/user/month)

  • Privacy Mode: Optional per user (manual toggle)
  • Important limitation: Each user controls their own Privacy Mode; no centralised enforcement
  • Pricing: $10/user/month (minimum 2 users = $20/month total)
  • When to use: Small teams with clear internal policies mandating Privacy Mode
  • When not to use: Environments requiring technical enforcement of data protection controls

Enterprise Plan ($24/user/month)

  • Privacy Mode: Available; can negotiate enforced Privacy Mode (not user-optional)
  • Additional features: Dedicated support, custom integrations, DPA with SCCs (negotiable)
  • Compliance: SOC 2 Type II, ISO 27001 (in progress), HIPAA BAA with enforced zero retention
  • Pricing: $24/user/month (publicly available pricing)
  • When to use: Regulated industries, EU personal data processing, need for contractual DPA/SCCs
  • When not to use: Organisations with strict "EU-only" data processing policies (no EU infrastructure available)

5 Data Processing Flow

[User dictates via app (Mac/Windows/iPhone/Android - Android added Feb 2026)]
  ↓
[Audio streamed to US cloud infrastructure] 🇺🇸
  ↓
[Speech-to-Text AI processing]
  ├─ Context understanding
  ├─ Editing/formatting
  └─ Command execution
  ↓
[Privacy Mode check]
  ├─ ON: Immediate deletion after transcription
  └─ OFF: May be stored/used for training (retention undefined)
  ↓
[Transcript returned to app]
  ↓
[Local insertion in target application]

*All transcription is cloud-based (not on-device)*
*No EU data centers available*

6 Recommendations (GDPR-first)

  • For EU personal data, Privacy Mode is mandatory. Enterprise tier recommended to obtain DPA with SCCs.
  • Complete a Transfer Impact Assessment (TIA) documenting US data transfer risks and safeguards.
  • Do not use Wispr Flow for special category data (Art. 9 GDPR) or in environments with "EU-only" policies.
  • If US transfers prohibited by your risk assessment, consider EU-based alternatives (Speechmatics, Philips SpeechLive) or on-device transcription (Apple Dictation, Windows Speech Recognition).

7 EU Rollout Checklist (Practical)

  1. Contractual safeguards - Request DPA with Standard Contractual Clauses from Wispr (Enterprise sales)
  2. Enable Privacy Mode - Activate on all accounts before first use (Settings → Data & Privacy → Privacy Mode ON)
  3. Transfer Impact Assessment - Document legal basis for US data transfers under GDPR Art. 46
  4. Internal policy - Document Privacy Mode as mandatory; establish incident response for accidental disablement
  5. Art. 30 records - Add Wispr Flow to processing records; note Privacy Mode enforcement as technical measure

8 Procurement Quick Answers (EU)

Can we use Wispr Flow for EU personal data?

⚠️ With restrictions. Requires: (1) Privacy Mode enabled, (2) DPA with SCCs, (3) Transfer Impact Assessment permitting US transfers, (4) enforcement via internal policy. Not recommended for special category data.

How do we enable Privacy Mode?

Settings → Data & Privacy → Toggle Privacy Mode to ON. Note: Not the default setting; must be manually enabled by each user.

Is there EU data residency?

❌ No. All processing occurs in US cloud infrastructure. No EU data centers available or announced.

Who are the subprocessors?

⚠️ Not publicly disclosed. Request list from Enterprise sales (likely includes cloud provider and speech-to-text APIs).

What happens if Privacy Mode is disabled?

Audio and transcripts may be stored and used for training. Retention period undefined. No automatic alerts.

Is a DPA available?

⚠️ Not found in public documentation. Enterprise customers should request DPA with SCCs and subprocessor notification rights.

9 Notes & Caveats

  • Privacy Mode is optional - Not the default; users must manually enable and can disable at any time (except HIPAA BAA customers, where it's auto-locked).
  • No EU data centers - All processing in US; unsuitable for strict "EU-only" data localisation requirements.
  • DPA/SCC status unclear - Not publicly available; must negotiate with Enterprise sales.
  • Retention without Privacy Mode: 30 days - Confirmed standard retention period for non-Privacy Mode data.
  • HIPAA BAA expanded (Aug 2025) - HIPAA BAA now available on ALL plans (previously Enterprise-only). Accepting the BAA auto-enables Privacy Mode.
  • ISO 27001 in progress - Certification not yet completed as of March 2026.
  • Android app (Feb 2026) - Wispr Flow launched Android app, expanding the platform beyond Mac/Windows/iPhone.

10 Disclaimer

This overview is intended solely as an informative tool. We strongly advise customers to thoroughly review all Data Processing Agreements (DPAs) and privacy documentation before deploying Wispr Flow in production environments - especially when processing EU personal data. WAIMAKERS applies this same principle internally; all tools we use have been thoroughly assessed and included in our own privacy and security documentation. Customers should always carefully evaluate the official documentation, terms, and DPAs of each AI provider they use. WAIMAKERS cannot be held legally liable for the accuracy, currency, or completeness of the information in this document; the ultimate responsibility for GDPR compliance rests with the customer.

Prepared and issued by WAIMAKERS B.V. - March 2026.

References

  • https://wisprflow.ai/privacy-policy - Wispr Flow Privacy Policy
  • https://wisprflow.ai/data-controls - Wispr Flow Data Controls (Privacy Mode Documentation)
  • https://docs.wisprflow.ai/articles/1163060507-wispr-flow-it-guide-on-privacy-and-security - Wispr Flow IT Guide on Privacy and Security
  • https://docs.wisprflow.ai/articles/4608289566-hipaa-support - Wispr Flow HIPAA Support Documentation

Disclaimer

This overview is intended solely as an informative tool. We strongly advise customers to thoroughly review all Data Processing Agreements (DPAs) and privacy documentation before deploying Wispr Flow in production environments - especially when dictation data or voice recordings are processed. WAIMAKERS applies this same principle internally; all tools we use have been thoroughly assessed and included in our own privacy and security documentation. Customers should always carefully evaluate the official documentation, terms, and DPAs of each AI provider they use. WAIMAKERS cannot be held legally liable for any mistakes, errors, inaccuracies, or for the accuracy, currency, or completeness of the information in this document; the ultimate responsibility for GDPR compliance rests with the customer.

Prepared and issued by WAIMAKERS B.V. - March 2026.

Need help navigating AI?

Schedule Free Call
WAIMAKERS

Learn. Lead. Make.

AI Transformation Boutique · Amsterdam

Make work exciting, make businesses unstoppable.

Who We Help

View all roles & industriesCEOs & Board MembersPE & Investment ManagersCFOs & Finance LeadersInnovation DirectorsCTOs & IT LeadersCommercial Directors

What We Do

View all servicesOur ApproachLearnTailored Training ProgrammesAI Champions ProgrammeAgentic Way of WorkingE-learningLeadMake

Company

About UsResourcesContactCareersPodcast ↗

© 2026 WAIMAKERS. All rights reserved.

Privacy PolicyCookie Policy