Last Reviewed & Updated: January 10, 2026
MYWB, Inc. ("us", "we", or "our") operates the MyWhistleBox.com website and mobile application (hereinafter referred to as the "Service" or "Site").
This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.
We collect some personal information when you register with us ("User"). We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.
We collect several different types of information for various purposes to provide and improve our Service to you.
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:
We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device ("Usage Data").
This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access the Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
Our Services allow you to upload and manage documents and files (“User-Submitted Content”). WhistleBox does not review, interpret, or analyze the contents of these files. User-Submitted Content is processed and stored in encrypted form and may be subject to automated, technical processing initiated by you solely to provide the features you request.
Customer files and documents uploaded to MyWhistleBox are encrypted prior to storage using encryption mechanisms controlled by MyWhistleBox. Our cloud infrastructure providers store encrypted data only and do not have access to the encryption keys required to view or process file contents in readable form. As a result, these providers cannot access the contents of customer documents. Access to decrypted content within MyWhistleBox is strictly limited to automated system processes initiated by the end user, and MyWhistleBox personnel do not review, inspect, or access the contents of customer documents.
We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
MyWhistleBox does not track its customers over time and across third party websites to provide targeted advertising and therefore, does not respond to Do Not Track (DNT) signals from web browsers.
MyWhistleBox uses the collected data for various purposes:
To provide certain features, WhistleBox may use automated tools, including machine-based or AI-assisted processing, to process User-Submitted Content. Such processing is performed without human review, is limited to the purpose requested by the user, and is subject to data minimization and deletion practices described in this Policy.
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.
If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
We may disclose your Personal Data in the good faith belief that such action is necessary to:
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
In the event of a confirmed breach of security that compromises the confidentiality, integrity, or availability of your Personal Data, we will notify you without unreasonable delay in accordance with applicable federal and state data breach notification laws.
Such notification will include, to the extent known at the time:
(a) a description of the nature of the breach;If and only if WhistleBox has entered into a separate written Business Associate Agreement (BAA) with you, and the breach involves Protected Health Information (PHI) subject to HIPAA, we will comply with the breach notification obligations set forth in that BAA and applicable HIPAA regulations.
You acknowledge that notification may be delayed where required by law enforcement or where necessary to determine the scope of the incident and restore the reasonable integrity of our systems.
We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Access is limited to the minimum necessary to provide the applicable service, and where feasible, service providers store or process data only in encrypted form and without access to encryption keys.
We may use third-party Service Providers to monitor and analyze the use of our Service.
Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You can opt-out of having your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visitors activity.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
Firebase
Firebase is an analytics service provided by Google Inc.
You may opt-out of certain Firebase features through your mobile device settings, such as your device advertising settings or by following the instructions provided by Google in their Privacy Policy: https://policies.google.com/privacy?hl=en
We also encourage you to review the Google's policy for safeguarding your data: https://support.google.com/analytics/answer/6004245. For more information on what type of information Firebase collects, please visit please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
For legal obligations related to HIPAA compliance and Business Associate Agreements, please see the HIPAA Compliance section of our Terms of Service.
Our platform securely collects and processes documents and data from your users. We implement appropriate safeguards to protect personally identifiable information (PII) including encryption, access controls, and audit logging.
WhistleBox does not offer services intended for the processing of Protected Health Information (PHI) by default. If your use of the Services involves PHI, a separate written agreement, including a Business Associate Agreement (BAA), must be executed prior to such use. Absent such an agreement, you should not upload or process PHI through the Services.
We provide paid products and/or services on our Website. In that case, we use third-party services for payment processing (e.g. payment processors).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council.
If you participate in the MyWhistleBox Partner Program, we may collect and process additional information necessary to administer the program. This may include your contact information, tax identification information, banking or payment details required to issue referral fee payments, and records of referral activity associated with your Partner Code.
Referral activity may include information about when a referral link or Partner Code is used to create an account or complete a purchase. This information is used solely to attribute referrals, administer the Partner Program, calculate Referral Fees, and prevent fraudulent or abusive activity within the program.
Payment and tax-related information provided by Partners is used solely for processing payments, maintaining accounting records, and complying with applicable financial and tax regulations.
We and our affiliates fully comply with national laws regarding SPAM. You can always opt out of receipt of further email correspondence from us and/or our affiliates. We agree that we will not sell, rent, or trade your email address to any unaffiliated third-party without your permission.
When you move files to your Trash, those files remain part of your account and continue to count toward your storage allocation. Files in the Trash may be restored or permanently deleted by you at any time through the Service.
When you permanently delete a file, it is removed from your active account and storage allocation. Permanently deleted files may be retained in encrypted backup or archival systems for a limited period (up to 60 days) solely for system integrity, disaster recovery, or support-related purposes, after which they are automatically removed.
File retention policies vary based on your account type. Unpaid accounts may be subject to automatic file deletion after extended periods of inactivity (such as six months), while paid accounts are not subject to automatic file deletion and retain content until you delete it or close your account, subject to the limits of your selected plan.
Upon account closure, all files and User-Submitted Content associated with your account are permanently deleted from active systems and are no longer accessible. Any remaining backup or archival copies are removed in accordance with standard backup retention cycles and are not restored or accessed following account closure.
Once deletion is complete, removal of data is irreversible, and WhistleBox will be unable to recover any associated content.
Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Our Service is not directed to children under the age of 13 ("Child"), and we do not knowingly collect personal information from children under 13.
If you are a child under 13, please do not use our Service or provide any information to us. Parents and guardians should supervise their children's online activities.
If we become aware that a child under 13 has created an account or provided personal information to us, we will take steps to delete such information and terminate the account immediately. If you are a parent or guardian and believe your child under 13 is using our Service, please contact us immediately at support@MyWhistleBox.com.
For children between 13 and 18, parental or guardian consent is recommended before using our Service.
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this policy, we may notify you on our Website, by a blog post, by email, or by any method we determine. The method we choose is at our sole discretion. We will also change the "Last Updated" date at the beginning of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Any changes we make to our Privacy Policy are effective as of this Last Updated date and replace any prior Privacy Policies.
If you have any questions about this Privacy Policy, please contact us: