Timeline for New SOC 2 Audit
Last updated: April 24, 2026
Available on: Mac, Windows, iOS, Android
We've engaged new, independent partners — Drata and A-LIGN — to conduct a completely fresh SOC 2 audit of Wispr Flow. Here's what's involved and when to expect results.
What's happening
We have partnered with Drata and A-LIGN for a completely fresh SOC 2 audit.
Drata: A leading security and compliance automation platform, trusted by companies like LinkedIn, GEICO, and Capital One.
A-LIGN: Has completed more SOC 2 audits than any other firm, including for organizations like US Bank, DocuSign, and Snowflake. They are using US-based auditors for Wispr Flow.
Timeline
Given the seriousness of the Delve allegations, we are not rushing the audit timeline. We expect a completely fresh SOC 2 report in about 6–8 weeks, and potentially sooner. We will not compress the timeline in any way that draws questions to the integrity of the audit.
What we're doing in the meantime
We have independently verified all of our controls to confirm compliance with our policies. Our security infrastructure, encryption, data handling practices, and access controls remain fully in place and operational.
The desktop app enforces Content Security Policy restrictions, restricts web content connections to an allowlist of trusted domains, and imports trusted root CA certificates from the operating system certificate store (macOS and Windows) for compatibility with corporate network configurations. Only root CAs (self-signed, with CA basic constraints) are imported — intermediate and non-CA enterprise certificates are excluded.
Existing compliance features — including HIPAA Business Associate Agreement signing, Privacy Mode (zero data retention), enterprise-enforced ZDR (Business/Enterprise plan), SSO/SAML with SCIM provisioning, and configurable local data policies — continue to operate normally.
Important: Signing the HIPAA BAA permanently enables Privacy Mode and cannot be undone.
Note: HIPAA BAA signing and enterprise-enforced ZDR are available on Mac, Windows, and iOS. Android supports Privacy Mode but does not currently include HIPAA BAA or enterprise enforcement features.
Engagement documentation
The A-LIGN engagement letter is attached below.
If you have questions about the audit, reach out through any of these channels:
In-app support: Use the Talk to Support option to report issues, ask billing questions, or make account and data management requests.
Help Center: docs.wisprflow.ai
Security questions: Email security@wispr.ai
Trust Center: trust.wispr.ai
FAQs
Why a completely new audit?
In response to the Delve allegations, we wanted to ensure full transparency and rigor by engaging new, independent partners to audit our security controls from scratch.
Why not rush the timeline?
A rushed audit would undermine the trust it's meant to establish. We are moving with urgency, but giving A-LIGN the time they need to conduct a thorough, credible examination.
Is Wispr Flow still secure in the meantime?
Yes. All security controls, encryption, and data handling practices remain fully in place. We have independently verified all controls to confirm compliance with our policies.
Where can I find the A-LIGN engagement letter?
The engagement letter is attached in the Engagement documentation section above.
Where can I find the new SOC 2 report once it's ready?
The new SOC 2 report will be available through our Trust Center. We will also update this page when the report is published.