Frequently asked questions
For compliance officers and decision makers
Does EthicsPortal comply with EU Directive 2019/1937?
Yes. EthicsPortal is built specifically to meet the requirements of the EU Whistleblower Protection Directive. This includes secure reporting channels, anonymous two-way communication, deadline tracking (7-day acknowledgment, 3-month feedback), access controls, data retention policies, and a complete audit trail. See the compliance page for an article-by-article breakdown.
Which countries is EthicsPortal compliant in?
EthicsPortal covers the requirements of EU Directive 2019/1937, which has been transposed into national law across EU member states. The platform is designed to meet the Directive’s baseline requirements, which apply across the EU. If your country has additional national requirements (e.g., France’s Sapin II), check our country-specific guides or contact us.
Where is my data stored?
All data is stored on Hetzner servers in Nuremberg, Germany. No data leaves the EU. Hetzner is a German hosting provider subject to EU data protection law.
Is the reporting truly anonymous?
Yes, if the reporter chooses it. Providing a name or contact information is optional. EthicsPortal does not log IP addresses, strips file metadata (EXIF, GPS, author info) from uploads, and the secure message thread never reveals the case handler’s identity to the reporter. There is no technical mechanism to trace an anonymous report back to a person.
How does the 7-day and 3-month deadline tracking work?
When a report is submitted, EthicsPortal automatically starts two timers based on the Directive’s requirements:
- 7 days to acknowledge receipt of the report.
- 3 months to provide substantive feedback to the reporter.
Overdue reports are flagged in the dashboard, and handlers receive notifications as deadlines approach.
Do you offer a Data Processing Agreement (DPA)?
Yes. A signed DPA is available on request. Email support@ethicsportal.eu and we’ll send it over.
What certifications do you have?
EthicsPortal does not currently hold ISO 27001 or SOC 2 certification. We implement industry-standard security practices — encryption at rest, metadata stripping, no IP logging, EU-only hosting — and document our security posture transparently on our security page.
Can I export case data for auditors?
Yes. Every report can be exported to PDF, including the full message history, timeline, and audit trail. This is designed for sharing with legal counsel, auditors, or regulators.
For employees and reporters
Do I need to create an account to submit a report?
No. You do not need an account, an email address, or any personal information. You visit the portal link, fill in the report, and receive an access code. That’s it.
Can my employer find out who I am?
Not through EthicsPortal. If you choose to submit anonymously (without providing your name or contact details), there is no way for your employer to identify you through the platform. EthicsPortal does not log your IP address and strips identifying metadata from any files you upload.
That said, be mindful of what you write — if your report contains details that only you could know, that’s outside the platform’s control.
What is an access code?
After you submit a report, you receive a unique code in the format WB-XXXX-XXXX. This is your key to check back on your report. You can return to the portal anytime, enter the code, and see the current status or exchange messages with the case handler. Keep it somewhere safe — it’s the only way to access your report.
Can I attach files to my report?
Yes. You can upload images, PDFs, video, and audio files up to 25 MB each. All file metadata (location data, author info, camera details) is automatically stripped before storage to protect your identity.
Can I communicate with the case handler anonymously?
Yes. The built-in message thread is fully anonymous. You see “Case handler” — never a real name. The handler sees your messages but has no way to identify you unless you choose to share that information yourself.
What happens after I submit a report?
Your report is received by the organization’s designated case handler. Under EU law, they must acknowledge receipt within 7 days and provide substantive feedback within 3 months. You can check the status at any time using your access code.
For IT and technical teams
What encryption do you use?
All sensitive report data is encrypted at rest in the database. All connections use TLS (HTTPS). File uploads are stored encrypted on EU-hosted infrastructure.
Do you strip file metadata?
Yes. EXIF data, GPS coordinates, author information, and other metadata are automatically removed from all uploaded files before storage. This prevents accidental identity disclosure through file properties.
Do you scan uploaded files for viruses?
Yes. All uploaded files are scanned for malware using ClamAV, an open-source antivirus engine. Scanning happens server-side — no file data is sent to external services. Infected files are removed automatically before case handlers can access them.
Do you log IP addresses?
No. EthicsPortal does not store the reporter’s IP address in application logs or the database. This is a deliberate design decision to protect whistleblower anonymity.
What third-party services do you use?
- Hetzner (Germany) — server hosting
- Stripe — payment processing
- Postmark — transactional email delivery
No analytics trackers, no ad networks, no third-party cookies on the reporting portal.
Do you have an API?
Not currently available. Contact us if API access is a requirement for your organization.
Do you support custom domains?
Not currently available. All portals are served under the EthicsPortal domain.
Do you support SSO?
Not currently available. Users sign in via magic link (passwordless email authentication) or Google OAuth.
Billing
How much does EthicsPortal cost?
€49/month, flat. One plan, everything included. No per-user fees, no per-report fees, no feature tiers.
Is there a free trial?
No — create your account, pick a plan, and your portal is live in under 10 minutes. €49/month or €490/year. Cancel anytime.
Can I cancel anytime?
Yes. Cancel from your account settings at any time. No contracts, no cancellation fees, no phone call required.
What payment methods do you accept?
Credit and debit cards via Stripe. If you need to pay by invoice or bank transfer, email support@ethicsportal.eu.
Still have a question?
Email support@ethicsportal.eu. You’ll hear back within one business day.