Features
User features
Multi-user system with customizable user roles (whistleblower, recipient, administrator)
Fully manageable via a web administration interface
Allows whistleblowers to decide if and when to confidentially declare their identity
Facilitates multimedia file exchanges with whistleblowers
Secure management of file access and visualization
Enables chat with whistleblowers to discuss reports
Provides a unique 16-digit receipt for anonymous whistleblower login
Simple recipient interface for receiving and analyzing reports
Supports report categorization with labels
Includes user search functionality for reports
Supports the creation and assignment of case management statuses
Customizable appearance (logo, color, styles, font, text)
Allows defining multiple reporting channels (e.g., by topic, department)
Enables creation and management of multiple whistleblowing sites (e.g., for subsidiaries or third-party clients)
Advanced questionnaire builder
Provides whistleblowing system statistics
Support for more than 70 languages and Right-to-Left (RTL) languages
Legal features
Designed in adherence to ISO 37002:2021 and Directive (EU) 2019/1937 recommendations for whistleblowing compliance
Supports bidirectional anonymous communication (comments/messages)
Customizable case management workflow (statuses/sub-statuses)
Conditional reporting workflow based on whistleblower identity
Manages conflicts of interest in the reporting workflow
Custodian functionality to authorize access to whistleblower identity
GDPR privacy by design and by default
Configurable GDPR data retention policies
GDPR-compliant subscriber module for new SaaS users
No IP address logging
Includes an audit log
Integrates with existing enterprise case management platforms
Free Software OSI Approved AGPL 3.0 License
Security features
Designed in adherence to ISO 27001:2022, General Data Protection Regulation (EU) 2016/679, CSA STAR, and OWASP recommendations for privacy and security compliance
Full data encryption for whistleblower reports and recipient communications
Supports digital anonymity through Tor integration
Built-in HTTPS support with TLS 1.3 standard and SSLabs A+ rating
Automatic enrollment for free digital certificates with Let’s Encrypt
Multiple penetration tests with publicly available reports
Two-Factor Authentication (2FA) compliant with TOTP RFC 6238
Integrated network sandboxing with iptables
Application sandboxing with AppArmor
Complete protection against automated submissions (spam prevention)
Continuous peer review and periodic security audits
PGP support for encrypted email notifications and file downloads
Leaves no traces in browser cache
Technical features
Designed in adherence to ISO 27001:2022, Directive (EU) 2019/882, Directive (EU) 2016/2102, W3C WCAG 2.2, and WAI-ARIA 2.2 recommendations for accessibility compliance
Multi-site support enabling the operation of multiple virtual sites on the same setup
Responsive user interfaces created with Bootstrap CSS framework
Automated software quality measurement and continuous integration testing
Long-Term Support (LTS) plan
Built with lightweight framework technologies (Angular and Python Twisted)
Integrated SQLite database
Automatic setup for Tor Onion Services Version 3
Supports self-service signup for whistleblowing SaaS setup
Debian packaging with a repository for updates/upgrades
Fully self-contained application
Easy integration with existing websites
Built and packaged with reproducibility in mind
REST API
IPv6 Ready