Security
On our platform, we place great emphasis on data security and user privacy. Below, we present the most important information regarding how we protect data in our service, including data storage methods, applied technical measures, and rules for ensuring anonymity for individuals submitting reports.
1. Data Storage
Physical Infrastructure
Our servers (cloud infrastructure) are located in data centers managed by reputable hosting service providers. This ensures a high level of physical security and protection against unauthorized access to the infrastructure.
All data – including backups – is stored in various availability zones, minimizing the risk of data loss in the event of hardware failures or natural disasters.
Location
We store data on servers located within the European Union territory, always adhering to GDPR regulations and ensuring the highest standard of privacy protection for our users.
2. Application Security
The development of our software is guided by principles of security and code quality. Before releasing new features, we conduct detailed tests (both automated and manual) aimed at identifying potential vulnerabilities, such as Cross-Site Scripting (XSS) or SQL injection attacks.
We also use multi-factor authentication (MFA) and encrypted connections (TLS/SSL protocol) to ensure a high level of protection during login and data transmission.
When necessary, we collaborate with external security experts for additional audits of our applications and infrastructure.
3. Network Security
To minimize the risk of attacks, including DDoS attacks, we implement mechanisms to secure the network infrastructure. All communication with our platform is monitored, and access to resources is protected by firewalls, traffic filters, and other tools for detecting and blocking irregularities.
4. Privacy and Anonymization
No Access to Report Content by Staff
We respect the privacy of our users – including whistleblowers. Therefore, the content of reports (texts, attachments) is secured in such a way that only authorized personnel within the organization can access them. The technical staff of the service has no access to the content of the reports.
Option for Anonymous Reporting
Our system allows whistleblowers to submit reports completely anonymously (if required by the internal procedures of the organization and local laws). Additionally, we have provided features that enable anonymization or pseudonymization of reports at later stages of processing, depending on the needs.
The "Privacy by Design" Principle
When designing and developing our solutions, we adhere to the Privacy by Design principle, which means incorporating data protection at the design stage of processes and tools. This strengthens user privacy through the implementation of solutions like Privacy Enhancing Technologies (PETs) and additional organizational measures to enhance data protection.
5. Additional Security Measures
End-to-End Encryption
In key areas of our solution – such as report transmission – we use End-to-End Encryption (E2EE). Data is encrypted on the user's side with a unique key before being transmitted to the database. Decrypting the data only occurs in the user's browser or on the side of the user possessing the appropriate key.
This ensures a high level of security – both during data transmission (TLS protocol encryption) and while stored on servers (E2EE).
Access Control and Permissions Management
The administrator or person handling reports is protected by a password, with the option to enhance security with multi-factor authentication (MFA). The system also allows for detailed access definitions – for example, permissions to read or archive specific cases – to prevent unauthorized access to reports.
Transparency and Event Logging
Our service includes features that allow monitoring and recording the activities of individuals in the system. For each case, information such as the date and time of edits, changes in report status, or actions taken is logged. This makes it easy to trace who accessed specific data and when.
6. Compliance with Regulations
Our system is designed and developed in compliance with current legal requirements, including GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council). We strive to ensure maximum security and compliance with legal requirements for data protection and privacy, both for organizations using our solution and whistleblowers.
7. Have Questions?
If you have additional questions about security on our platform, feel free to contact us via email or phone. We will be happy to provide detailed information and help clarify any doubts.