Features¶
User Features¶
- Multi-user system with customizable user roles (whistleblower, recipient, administrator)
- Entirely manageable from a web administration interface
- Support for more than 40 languages with support for Right-to-Left (RTL)
- Let whistleblowers decide if and when to confidentially declare their identity
- Exchange multimedia files with whistleblower
- Chat with Whistleblower to discuss the report
- Unique 16-digit receipt for the whistleblower to log back in anonymously
- Simple recipient interface for receiving and analyzing reports
- Support for the categorization of the reports with labels
- Support for the user search of reports
- Support for assigning and creating case management statuses
- Customizable look and feel (logo, colour, styles, font, text)
- Define multiple reporting channels/contexts (e.g. per-topic, per-department)
- Manage multiple whistleblowing sites from a single dashboard
- Advanced questionnaire builder
- Whistleblowing system statistics
Legal Features¶
- Ready-made questionnaires for compliance law
- Bidirectional anonymous communication (comments/messages)
- Customizable case management workflow (statuses/sub-statuses)
- Whistleblower identity conditional reporting workflow
- Manage conflict of interest in the reporting workflow
- Custodian functionality to authorize access to whistleblower identity
- GDPR privacy by design
- GDPR configurable data retention policies
- GDPR compliant subscriber module for new users of SaaS services
- No logs of IP addresses
- Integratable with existing enterprise case management platform
- Free Software OSI Approved AGPL 3.0 License
Security Features¶
- Full data encryption of whistleblower reports and recipient communication
- Digital anonymity support with Tor integration
- Built-in HTTPS support with TLS 1.3 standard (SSLabs A+ rating)
- Automatic free digital certificate enrollment (Let’s Encrypt)
- Multiple penetration tests with full public reports
- Conform to industry standards and best practices for application security (OWASP)
- Two-Factor authentication (2FA) support compliant with standard TOTP RFC 6238
- Integrated network sandboxing with iptables
- Integrated application sandboxing with AppArmor
- Complete protection against automated submissions (spam prevention)
- Subject to continuous peer-review and periodic security audits
- PGP support for encrypted email notifications
- Does not leave traces in browser cache
Technical Features¶
- Multi-site support enabling to run multiple virtual site on the same setup
- Responsive UX made with Boostrap CSS Framework
- Built-in Accessibility Support with WAI-ARIA compliance
- Automated Software Quality Measurement and Continuous Integration Testing
- Long-Term Support plan (LTS)
- Built with lightweight framework technologies (AngularJS and Python Twisted)
- Embedded database - SQLite (optional support for other databases)
- Automatic setup of Tor Onion Services Version 3
- Integrated backup support
- Support for self-service signup for whistleblowing SaaS service setup
- Support for Linux operating system (Debian/Ubuntu)
- Deb Packaging with repository for update/upgrades
- Fully self-contained application (no web or application servers needed)
- Integrated collaborative translation/localization (Transifex)
- Easy integration of the platform with existing websites and intranets
- HTTP/2 support
- Rest API
- Provisioning API