Features

User features

  • Multi-user system with customizable user roles (whistleblower, recipient, administrator)

  • Fully manageable via a web administration interface

  • Allows whistleblowers to decide if and when to confidentially declare their identity

  • Facilitates multimedia file exchanges with whistleblowers

  • Secure management of file access and visualization

  • Enables chat with whistleblowers to discuss reports

  • Provides a unique 16-digit receipt for anonymous whistleblower login

  • Simple recipient interface for receiving and analyzing reports

  • Supports report categorization with labels

  • Includes user search functionality for reports

  • Supports the creation and assignment of case management statuses

  • Customizable appearance (logo, color, styles, font, text)

  • Allows defining multiple reporting channels (e.g., by topic, department)

  • Enables creation and management of multiple whistleblowing sites (e.g., for subsidiaries or third-party clients)

  • Advanced questionnaire builder

  • Provides whistleblowing system statistics

  • Support for more than 70 languages and Right-to-Left (RTL) languages

Security features

  • Designed in adherence to ISO 27001:2022, General Data Protection Regulation (EU) 2016/679, CSA STAR, and OWASP recommendations for privacy and security compliance

  • Full data encryption for whistleblower reports and recipient communications

  • Supports digital anonymity through Tor integration

  • Built-in HTTPS support with TLS 1.3 standard and SSLabs A+ rating

  • Automatic enrollment for free digital certificates with Let’s Encrypt

  • Multiple penetration tests with publicly available reports

  • Two-Factor Authentication (2FA) compliant with TOTP RFC 6238

  • Integrated network sandboxing with iptables

  • Application sandboxing with AppArmor

  • Complete protection against automated submissions (spam prevention)

  • Continuous peer review and periodic security audits

  • PGP support for encrypted email notifications and file downloads

  • Leaves no traces in browser cache

Technical features

  • Designed in adherence to ISO 27001:2022, Directive (EU) 2019/882, Directive (EU) 2016/2102, W3C WCAG 2.2, and WAI-ARIA 2.2 recommendations for accessibility compliance

  • Multi-site support enabling the operation of multiple virtual sites on the same setup

  • Responsive user interfaces created with Bootstrap CSS framework

  • Automated software quality measurement and continuous integration testing

  • Long-Term Support (LTS) plan

  • Built with lightweight framework technologies (Angular and Python Twisted)

  • Integrated SQLite database

  • Automatic setup for Tor Onion Services Version 3

  • Supports self-service signup for whistleblowing SaaS setup

  • Compatible with Linux operating systems (Debian / Ubuntu)

  • Debian packaging with a repository for updates/upgrades

  • Fully self-contained application

  • Easy integration with existing websites

  • Built and packaged with reproducibility in mind

  • REST API

  • IPv6 Ready