User Features
- Multi-user system with customizable user roles (whistleblower, recipient, administrator)
- Fully manageable via a web administration interface
- Allows whistleblowers to decide if and when to confidentially declare their identity
- Facilitates multimedia file exchanges with whistleblowers
- Secure management of file access and visualization
- Enables chat with whistleblowers to discuss reports
- Provides a unique 16-digit receipt for anonymous whistleblower login
- Simple recipient interface for receiving and analyzing reports
- Supports report categorization with labels
- Includes user search functionality for reports
- Supports the creation and assignment of case management statuses
- Customizable appearance (logo, color, styles, font, text)
- Allows defining multiple reporting channels (e.g., by topic, department)
- Enables creation and management of multiple whistleblowing sites (e.g., for subsidiaries or third-party clients)
- Advanced questionnaire builder
- Provides whistleblowing system statistics
- Support for over 90 languages and Right-to-Left (RTL) languages
Technical Features
- Designed in adherence to Directive (EU) 2019/882, Directive (EU) 2016/2102, ETSI EN 301 549, W3C WCAG 2.2, and WAI-ARIA 2.2 recommendations for accessibility compliance
- Multi-site support enabling the operation of multiple virtual sites on the same setup
- Responsive user interfaces created with Bootstrap CSS framework
- Automated software quality measurement and continuous integration testing
- Long-Term Support (LTS) plan
- Built with lightweight framework technologies (Angular and Python Twisted)
- Integrated SQLite database
- Automatic setup for Tor Onion Services Version 3
- Supports self-service signup for whistleblowing SaaS setup
- Compatible with Linux operating systems (Debian / Ubuntu)
- Debian packaging with a repository for updates/upgrades
- Fully self-contained application
- Easy integration with existing websites
- Built and packaged with reproducibility in mind
- REST API
Legal Features
- Designed in adherence to ISO 37002:2021 and EU Directive 2019/1937 recommendations for whistleblowing compliance
- Supports bidirectional anonymous communication (comments/messages)
- Customizable case management workflow (statuses/sub-statuses)
- Conditional reporting workflow based on whistleblower identity
- Manages conflicts of interest in the reporting workflow
- Custodian functionality to authorize access to whistleblower identity
- GDPR privacy by design and by default
- Configurable GDPR data retention policies
- GDPR-compliant subscriber module for new SaaS users
- No IP address logging
- Includes an audit log
- Integrates with existing enterprise case management platforms
- Free Software OSI Approved AGPL 3.0 License
Security Features
- Designed in adherence to ISO 27001:2022, CSA STAR, and OWASP recommendations for security compliance
- Full data encryption for whistleblower reports and recipient communications
- Supports digital anonymity through Tor integration
- Built-in HTTPS support with TLS 1.3 standard and SSLabs A+ rating
- Automatic enrollment for free digital certificates with Let’s Encrypt
- Multiple penetration tests with publicly available reports
- Two-Factor Authentication (2FA) compliant with TOTP RFC 6238
- Integrated network sandboxing with iptables
- Application sandboxing with AppArmor
- Complete protection against automated submissions (spam prevention)
- Continuous peer review and periodic security audits
- PGP support for encrypted email notifications and file downloads
- Leaves no traces in browser cache