Features ======== User Features ------------- - Multi-user system with customizable user roles (whistleblower, recipient, administrator) - Entirely manageable from a web administration interface - Support for `more than 90 languages `_ with support for Right-to-Left (RTL) - Let whistleblowers decide if and when to confidentially declare their identity - Exchange multimedia files with whistleblower - Chat with Whistleblower to discuss the report - Unique 16-digit receipt for the whistleblower to log back in anonymously - Simple recipient interface for receiving and analyzing reports - Support for the categorization of the reports with labels - Support for the user search of reports - Support for assigning and creating case management statuses - Customizable look and feel (logo, colour, styles, font, text) - Define multiple reporting channels/contexts (e.g. per-topic, per-department) - Manage multiple whistleblowing sites from a single dashboard - Advanced questionnaire builder - Whistleblowing system statistics Legal Features -------------- - Ready-made questionnaires for compliance law - Bidirectional anonymous communication (comments/messages) - Customizable case management workflow (statuses/sub-statuses) - Whistleblower identity conditional reporting workflow - Manage conflict of interest in the reporting workflow - Custodian functionality to authorize access to whistleblower identity - Designed in adherence with `ISO 37002 `_ and `EU Directive 2019/1937 `_ - GDPR privacy by design - GDPR configurable data retention policies - GDPR compliant subscriber module for new users of SaaS services - No logs of IP addresses - Integratable with existing enterprise case management platform - Free Software OSI Approved `AGPL 3.0 License `_ Security Features ----------------- - Full data encryption of whistleblower reports and recipient communication - Digital anonymity support with `Tor `_ integration - Built-in HTTPS support with `TLS 1.3 `_ standard (`SSLabs A+ `_ rating) - Automatic free digital certificate enrollment (`Let’s Encrypt `_) - Multiple penetration tests with full public reports - Conform to industry standards and best practices for application security (`OWASP `_) - Two-Factor authentication (2FA) support compliant with standard `TOTP RFC 6238 `_ - Integrated network sandboxing with iptables - Integrated application sandboxing with `AppArmor `_ - Complete protection against automated submissions (spam prevention) - Subject to continuous peer-review and periodic security audits - PGP support for encrypted email notifications - Does not leave traces in browser cache Technical Features ------------------ - Multi-site support enabling to run multiple virtual site on the same setup - Responsive UX made with `Boostrap `_ CSS Framework - Built-in Accessibility Support with `WAI-ARIA `_ compliance - Automated Software Quality Measurement and Continuous Integration Testing - Long-Term Support plan (LTS) - Built with lightweight framework technologies (`AngularJS `_ and `Python Twisted `_) - Embedded database - SQLite (optional support for other databases) - Automatic setup of `Tor Onion Services Version 3 `_ - Integrated backup support - Support for self-service signup for whistleblowing SaaS service setup - Support for Linux operating system (`Debian `_/`Ubuntu `_) - Deb Packaging with repository for update/upgrades - Fully self-contained application - Easy integration of the platform with existing websites - `HTTP/2 `_ support - Rest API