Security

Data is encrypted in transit

When a report is submitted, the data is encypted during transmission from the whistleblower's device to our servers using 128-bit Transport Layer Security (TSL) encryption. TSL encryption reduces the risk that confidential reports may be intercepted and read while in transit.

Data is encrypted on our servers

All data is encrypted at rest on our servers using AES 128-bit encryption as standard.

In addition, the data from Whistleblower reports is encrypted using AES 256-bit encryption. Report data can only be viewed with a unique decryption key that is only provided to individuals authorised by the customer organisation to access the reports.

Even if an attacker was able to access our servers, they would not be able to read the contents of the whistleblower reports.

Reports are secured by one-time decryption keys

Access to whistleblower reports is controlled through the use of one-time decryption keys. When a new report is made, these decryption keys are sent by email to the nominated Authorised Persons in the customer organisation .

These decryption keys are not stored on our servers, and our developers have no access to these encryption keys. We couldn't access whistleblower reports even if a customer asked us to.

This approach ensures that all information contained in whistleblower reports remains completely private to the customer's organisation and those individuals authorised to view the reports.