Just how safe is the purported “safest place on the Internet”?

Sen. Jay Rockefeller (D-W.Va.) wants to find out. The Chair of the Senate Committee on Commerce, Science, and Transportation wrote to Michael Heyward, the CEO of social networking app Whisper, requesting information about the company’s privacy practices.

The self-described “safest place on the Internet” touts itself as a service where users are “free to anonymously share their thoughts with the world.” But a series of reports published by The Guardian “have raised serious questions regarding Whisper’s practices and commitment to the terms of its own privacy policy,” Sen. Rockefeller wrote.

Three practices caught the attention of the legislator. First, Whisper allegedly tracked the approximate location of users, even when they opted out of geolocation tracking and in contravention of its own posted privacy policy, which stated “permission to our access to and tracking of your location-based information is purely voluntary.”

Whisper’s privacy policy also claimed that the company processes and stores all user information in the United States. But The Guardian stories stated that the company operated a location in the Philippines to review user data.

Finally, Whisper reportedly provides access to its content to media outlets pursuant to various deals. “It is questionable, at best, whether users seeking to post anonymously on the ‘safest place on the Internet’ would expect that Whisper has information sharing relationships with third parties such as media organizations,” Sen. Rockefeller wrote. “While Whisper may provide its users a unique social experience, the allegations in recent media accounts are serious, and users are entitled to privacy policies that are transparent, disclosed, and followed by the company.”

Sen. Rockefeller requested a Committee staff briefing from Whisper focused on issues such as whether and how Whisper tracks the location of users who have opted out of geolocation services, as well as how the company uses the information collected.

Whisper’s practices regarding data sharing with third parties, the extent to which it retains data and the locations where data is processed and retained, as well as how the company notifies users about its privacy and data security policies – including changes to the policies – also need to be addressed at the briefing, the lawmaker said.

To read Sen. Rockefeller’s letter, click here.

Why it matters: The letter and request for a Committee staff briefing signal Sen. Rockefeller’s continuing focus on privacy and data security issues. “I take this matter seriously,” he wrote to Whisper’s CEO. “As Chairman, I have made consumer privacy a top priority, and the Committee has actively exercised its jurisdiction over commercial data practices and data security.”