Privacy Policy
Last updated: July 2026
Overview
This privacy policy applies to the Wisper Tunnel Chrome extension, the Wisper desktop application, and the Wisper Go server binary. All three products share the same data-handling principles described below.
Wisper is designed around a simple premise: your data stays on your devices unless you explicitly route it through a tunnel you control.
What data we collect
Nothing. Wisper does not collect, transmit, or sell any personal information, usage analytics, or telemetry. The extension and applications function entirely without a backend service operated by the developer.
Data stored on your device
Wisper stores the following data locally on your device. It never leaves your device except as needed to route tunnel traffic (see "Tunnel traffic" below).
Chrome extension (chrome.storage.local):
- Tunnel configuration — local endpoint address, optional basic-auth credentials (username/password), optional custom hostname, and the tunnel name and ID.
- UI preferences — theme selection (light / dark / system) and language preference (English / Chinese).
Desktop app (Go binary, config file at ~/.config/wisper/config.yml):
- Tunnel and entrypoint configuration — the same tunnel definitions, serialized as YAML on disk.
- Statistics — cumulative byte counts and connection counts (stored locally for display; do not leave your device).
- Logs — operation logs written to
~/.config/wisper/logs/(JSON, 10 MB rotation, 7-day retention). These are only used for debugging and are never transmitted.
What Wisper stores that relates to you personally:
- Basic-auth credentials (username/password) if you enable authentication on a tunnel. These are stored locally and sent to your target service when it requests authentication — Wisper does not transmit them anywhere else.
- No cookies, no tracking identifiers, no advertising IDs, no analytics tokens.
Tunnel traffic
When a tunnel is active, Wisper relays bytes between a public *.gost.run endpoint and your local service over a secure WebSocket (WSS) connection through the GOST relay network.
- What is relayed: The raw bytes of the HTTP, TCP, or UDP session you are tunneling.
- What is not done: Wisper and the GOST relay network do not log, inspect, cache, or store the contents of relayed traffic. The relay operates as a transparent transport layer.
- Encryption: All relay traffic is encrypted in transit via WSS (WSS over TLS).
- No persistent storage: Relay nodes do not retain packet payloads after forwarding.
Third-party services
Wisper uses the following third-party infrastructure solely as a transport layer:
- gost.run GOST relay nodes that forward tunnel traffic. These nodes do not log or inspect payload content.
No third-party analytics, ad networks, or tracking services are used by Wisper.
Data retention and deletion
- Chrome extension: All data is removed when you delete the tunnel from the extension, or when you uninstall the extension from Chrome.
- Desktop app: Delete
~/.config/wisper/to remove all locally stored configuration and logs. - Relay network: The GOST relay nodes do not retain any data related to your tunnels beyond the duration of an active WebSocket connection. There is nothing for a user to request deletion of on the server side.
Changes to this policy
If this policy changes materially, the date at the top of this page will be updated. Continued use of Wisper after a change constitutes acceptance of the updated policy.
Contact
If you have questions about this privacy policy, please open an issue on GitHub or reach out via the Telegram group.