Features

User Features

• Multi-user system with customizable user roles (whistleblower, recipient, administrator)

• Entirely manageable from a web administration interface

• Support for more than 40 languages with support for Right-to-Left (RTL)

• Let whistleblowers decide if and when to confidentially declare their identity

• Exchange multimedia files with whistleblower

• Chat with Whistleblower to discuss the report

• Unique 16-digit receipt for the whistleblower to log back in anonymously

• Simple recipient interface for receiving and analyzing reports

• Support for the categorization of the reports with labels

• Support for the user search of reports

• Support for assigning and creating case management statuses

• Customizable look and feel (logo, colour, styles, font, text)

• Define multiple reporting channels/contexts (e.g. per-topic, per-department)

• Manage multiple whistleblowing sites from a single dashboard

• Advanced questionnaire builder

• Whistleblowing system statistics

Legal Features

• Ready-made questionnaires for compliance law

• Bidirectional anonymous communication (comments/messages)

• Customizable case management workflow (statuses/sub-statuses)

• Whistleblower identity conditional reporting workflow

• Manage conflict of interest in the reporting workflow

• Custodian functionality to authorize access to whistleblower identity

• GDPR privacy by design

• GDPR configurable data retention policies

• GDPR compliant subscriber module for new users of SaaS services

• No logs of IP addresses

• Integratable with existing enterprise case management platform

• Free Software OSI Approved AGPL 3.0 License

Security Features

• Full data encryption of whistleblower reports and recipient communication

• Digital anonymity support with Tor integration

• Built-in HTTPS support with TLS 1.3 standard (SSLabs A+ rating)

• Automatic free digital certificate enrollment (Let’s Encrypt)

• Multiple penetration tests with full public reports

• Conform to industry standards and best practices for application security (OWASP)

• Two-Factor authentication (2FA) support compliant with standard TOTP RFC 6238

• Integrated network sandboxing with iptables

• Integrated application sandboxing with AppArmor

• Complete protection against automated submissions (spam prevention)

• Subject to continuous peer-review and periodic security audits

• PGP support for encrypted email notifications

• Does not leave traces in browser cache

Technical Features

• Multi-site support enabling to run multiple virtual site on the same setup

• Responsive UX made with Boostrap CSS Framework

• Built-in Accessibility Support with WAI-ARIA compliance

• Automated Software Quality Measurement and Continuous Integration Testing

• Long-Term Support plan (LTS)

• Built with lightweight framework technologies (AngularJS and Python Twisted)

• Embedded database - SQLite (optional support for other databases)

• Automatic setup of Tor Onion Services Version 3

• Integrated backup support

• Support for self-service signup for whistleblowing SaaS service setup

• Support for Linux operating system (Debian/Ubuntu)

• Deb Packaging with repository for update/upgrades

• Fully self-contained application (no web or application servers needed)

• Integrated collaborative translation/localization (Transifex)

• Easy integration of the platform with existing websites and intranets

• HTTP/2 support

• Rest API

• Provisioning API