How We Protect Your Data

Encryption

1. Data Encryption: All data, both in transit and at rest, is encrypted. This includes reports, attachments, communication, and any stored data within the system.

2. End-to-End Encryption: Implemented end-to-end encryption for communications between whistleblowers and investigators to prevent unauthorized access to the content.

Access Control

1. Role-Based Access: Implemented role-based access control to restrict system access based on users' roles and responsibilities.

2. Authentication: Strong authentication methods for accessing the system, such as two-factor authentication (2FA), to prevent unauthorized access.

Secured Storage

1. High Availability: We uses properly provisioned, redundant servers (e.g., load balancers, web servers, replica databases) in the case of failure.

2. Business Continuity: We keeps daily encrypted backups of data in multiple zones on AWS platform.

3. Disaster Recovery: In the event of a region-wide outage, We will bring up a duplicate environment in a different AWS Platform region.

Security Testing And Auditing

1. We conduct regular security assessments, vulnerability scans, and penetration testing to identify and address potential security weaknesses.

2. We perform independent security audits to ensure the system meets or exceeds industry standards and regulations.

Legal Compliance

1. We ensure compliance with applicable data protection laws and regulations, such as GDPR (General Data Protection Regulation) in Europe and relevant privacy laws in other regions.

Employee Training

1. Our employees undergo background checks before employment and are trained on security practices during company onboarding and on an annual basis.

2. Authentication: Strong authentication methods for accessing the system, such as two-factor authentication (2FA), to prevent unauthorized access.

Print