Whistl Data Security & Privacy: Encryption and Protection
Your financial and behavioural data is deeply personal. Whistl is built on a privacy-first architecture: on-device AI processing, end-to-end encryption, and minimal data collection. This comprehensive guide explains exactly how Whistl protects your data, what information is collected, and why our approach differs from cloud-based competitors.
Privacy-First Architecture
Whistl's core design principle: process data on your device whenever possible, transmit only what's absolutely necessary, and encrypt everything.
On-Device Processing
Unlike cloud-based financial apps, Whistl processes sensitive data locally:
- Neural network inference: AI predictions run on your phone's Neural Engine
- Location data: GPS coordinates never leave your device
- Biometric data: Heart rate, HRV, sleep data stays in HealthKit/Oura secure enclaves
- Transaction analysis: Spending patterns processed locally after secure sync
- Behavioural patterns: Personal triggers stored encrypted on-device only
This means your most sensitive data is never transmitted to servers or used for training external models.
What Stays On Your Device
| Data Type | Processing Location | Transmitted to Server? |
|---|---|---|
| Neural impulse predictions | On-device | No |
| GPS coordinates | On-device | No |
| Biometric data (HRV, sleep) | On-device | No |
| Transaction details | On-device | No |
| Journal entries | On-device | No |
| Dream Board images | On-device | Optional (iCloud sync) |
| Partner messages | Encrypted transit | Yes (end-to-end encrypted) |
Encryption Standards
Data at Rest
All data stored on your device is encrypted:
- iOS Data Protection: Uses hardware-backed encryption with Secure Enclave
- File-level encryption: Individual files encrypted with unique keys
- Keychain storage: Sensitive credentials stored in iOS Keychain
- Database encryption: SQLite databases encrypted with SQLCipher (AES-256)
Data in Transit
When data must be transmitted, it's protected:
- TLS 1.3: All network traffic encrypted with latest TLS protocol
- Certificate pinning: Prevents man-in-the-middle attacks
- End-to-end encryption: Partner messages encrypted so only recipients can read
- Perfect forward secrecy: Compromised keys don't expose past communications
Encryption Specifications
Algorithm: AES-256-GCM Key Derivation: PBKDF2 with 100,000 iterations Key Storage: iOS Secure Enclave / Android Keystore Transport: TLS 1.3 with ECDHE key exchange Certificate: SHA-256 with RSA 2048-bit
Bank Connection Security
Whistl connects to your bank accounts via secure third-party providers:
Plaid Integration (Australia/US/UK/EU)
- OAuth authentication: You authenticate directly with your bank
- Whistl never sees credentials: Bank login never enters Whistl app
- Read-only access: Whistl can view transactions, not move money
- Token-based: Secure tokens used instead of credentials
- Plaid certifications: SOC 2 Type II, ISO 27001, Privacy Shield
Argyle Integration (Australia)
- Direct bank APIs: Uses Consumer Data Right (CDR) framework
- Accredited data recipient: Whistl is CDR-accredited
- Explicit consent: You approve each data sharing permission
- Consent dashboard: Revoke access anytime via your bank
What Data Whistl Collects
Minimal Server-Side Data
Whistl collects only what's necessary for core functionality:
| Data Type | Purpose | Retention |
|---|---|---|
| Account email | Authentication, recovery | Until account deletion |
| Device ID (hashed) | Fraud prevention | 90 days |
| App version | Compatibility, bug fixes | Aggregate only |
| Crash reports | App stability | 90 days |
| Partner message metadata | Message delivery | Until delivered |
| Subscription status | Billing | 7 years (tax law) |
What Whistl Does NOT Collect
- Full transaction details (merchant names, amounts, categories)
- Account balances (processed on-device only)
- Location history (GPS stays on device)
- Biometric data (HealthKit/Oura data stays on device)
- Journal content (stored encrypted on device)
- Browsing history (DNS queries processed locally)
- Contacts or social connections
- Identifying information for analytics (aggregate only)
Compliance and Certifications
Regulatory Compliance
- Privacy Act 1988 (Cth): Australian Privacy Principles compliance
- Consumer Data Right (CDR): Accredited data recipient
- GDPR: EU General Data Protection Regulation compliance
- APRA CPS 234: Information security standard for financial entities
- SOC 2 Type II: Independent security audit certification
Third-Party Audits
- Annual penetration testing: External security firm conducts ethical hacking
- Code audits: Independent review of security-critical code
- Privacy impact assessments: Regular DPIA for new features
- Vulnerability disclosure: Bug bounty program for security researchers
Your Privacy Rights
Access and Portability
- Data export: Download all your data in machine-readable format (Premium feature)
- Access request: Request copy of all personal data held
- Correction: Update or correct inaccurate information
Deletion and Retention
- Account deletion: Permanently delete account and all data
- Data retention: Data deleted within 30 days of account closure
- Backup deletion: Backups purged within 90 days
Consent Management
- Granular permissions: Approve each data access individually
- Withdraw consent: Revoke permissions anytime
- Partner sharing: Control exactly what partners see
Security Best Practices for Users
Protect Your Account
- Enable biometric lock: Face ID or Touch ID required to open app
- Use strong passcode: 6-digit minimum, avoid obvious patterns
- Keep app updated: Security patches delivered via updates
- Enable two-factor authentication: For account recovery
Privacy Settings
- Review permissions: Check iOS Settings > Privacy regularly
- Limit partner sharing: Share only what you're comfortable with
- Disable iCloud sync: If you prefer local-only storage
- Clear data on uninstall: Option to wipe data when deleting app
Incident Response
Breach Notification
In the unlikely event of a data breach:
- 72-hour notification: Affected users notified within 72 hours
- OAIC reporting: Notifiable Data Breaches scheme compliance
- Remediation support: Free credit monitoring if financial data exposed
- Transparent communication: Public disclosure of significant breaches
Security Contact
- Security team: security@whistl.app
- Privacy officer: privacy@whistl.app
- Bug bounty: Report vulnerabilities via HackerOne
Comparison to Competitors
| Feature | Whistl | Typical Budgeting App | Cloud AI Apps |
|---|---|---|---|
| On-device AI processing | Yes | No | No |
| Location data stays on device | Yes | Often no | No |
| Biometric data stays on device | Yes | N/A | No |
| End-to-end encrypted messaging | Yes | N/A | Rarely |
| Minimal server-side data | Yes | No | No |
| Third-party security audits | Yes | Varies | Varies |
Conclusion
Whistl's privacy-first architecture ensures your financial and behavioural data stays private. On-device processing, military-grade encryption, and minimal data collection mean you get powerful behavioural finance protection without compromising your privacy.
Your data belongs to you. Whistl is designed to keep it that way.
Privacy-First Protection
Experience powerful behavioural finance features with industry-leading privacy protection. Download Whistl free.
Download Whistl FreeRelated: Whistl API Guide | AI Financial Coach | All Whistl Features