Features¶

User features¶

Multi-user system with customizable user roles (whistleblower, recipient, administrator)
Entirely manageable from a web administration interface
Support for more than 40 languages with Right-to-Left (RTL)
Support for customization of advanced questionnaires
Receive reports from whistleblower through structured multi-step questionnaire
Let whistleblowers decide if and when to confidentially declare their identity
Exchange multimedia files with whistleblower
Chat with Whistleblower to discuss the report
Unique 16-digit receipt for the whistleblower to log back in anonymously
Simple recipient interface for receiving and analyzing reports
Support to the categorization of the reports with labels
Support to the user search of reports
Support for assigning and creating case management statuses
Customizable look and feel (logo, colour, styles, font, text)
Define multiple reporting channels/contexts (e.g. per-topic, per-department)
Manage multiple whistleblowing sites from a single dashboard
Advanced questionnaire builder
Whistleblowing system statistics

Ready-made questionnaires for compliance law
Bidirectional anonymous communication with the ability for whistleblower to disclose identity at a later stage
Customizable case management workflow (statuses/sub-statuses)
Whistleblower identity conditional reporting workflow
Manage conflict of interest in the reporting workflow
Custodian functionality to authorize access to whistleblower identity
GDPR privacy by design
GDPR configurable data retention policies
GDPR compliant subscriber module for new users of SAAS services
No logs of IP addresses
Integratable with existing enterprise case management platform
Free Software OSI Approved AGPL 3.0 License

Full data encryption of whistleblower reports and recipient communication
Digital anonymity support with Tor integration
Built-in HTTPS support with TLS 1.3 standard (SSLabs A+ rating)
Automatic free digital certificate enrollment (Let’s Encrypt)
Multiple penetration tests with full public reports
Conform to industry standards and best practices for application security by following OWASP Security Guidelines
Two-Factor authentication (2FA) support compliant to standard TOTP RFC 6238
Integrated network sandboxing with iptables
Integrated application sandboxing with AppArmor <http://wiki.apparmor.net/>
Complete protection against automated submissions (spam prevention)
Subject to continuous peer-review and periodic security audits
PGP support for encrypted email notifications
Does not leave traces on browser cache

Multi-site support enabling to run multiple virtual site on the same server installation
Responsive UX made with Boostrap CSS Framework
Built-in Accessibility Support with WAI-ARIA compliance
Automated Software Quality Measurement and Continuous Integration Testing
Long-Term Support plan (LTS)
Built with lightweight framework technologies (AngularJS and Python Twisted)
Embedded Database - SQLite (optional support for other Databases)
Automatic setup of Tor Onion Services Version 3
Integrated backup support
Support for self-service signup for whistleblowing SAAS service setup
Support for Linux operating system (Debian/Ubuntu)
Deb Packaging with repository for update/upgrades
Fully self-contained application (no web or application servers needed)
Integrate collaborative translation/localization (Transifex)
debEasy integration of the platform with existing websites and intranets
HTTP/2 support
Provisioning API