A fully compliant reporting channel, operational in minutes
EthicsPortal provides a fully configured whistleblower reporting channel that meets EU Directive 2019/1937 out of the box. No implementation project, no IT department required.
Set up in 3 steps
1. Configure your portal (2 minutes)
Create your account, then customize:
- Organization name and brand color — your portal, your identity
- Report categories — fraud, harassment, safety, or define your own
- Welcome text — reassure reporters before they submit (a sensible default is pre-filled)
- Data retention period — 12, 24, 36, or 60 months, then auto-deleted
Your portal is live instantly at a unique URL. No deployment, no waiting.
2. Share the link (1 minute)
Every portal gets a shareable link and a QR code. Put the QR code in break rooms, bathroom stalls, the employee handbook, onboarding packs. Employees access the portal from any browser — no app, no account, no company network required.
3. Start managing cases
When a report comes in, you get an email notification. From the dashboard:
- Read the full report — description, category, and uploaded files
- Acknowledge receipt — the Directive requires this within 7 days. EthicsPortal tracks the deadline and flags overdue cases automatically
- Communicate with the reporter — secure two-way messaging via access code. The reporter stays anonymous, your handler names are never revealed
- Provide feedback — the Directive requires this within 3 months. Tracked automatically
- Assign, triage, add internal notes — route cases to the right handler, add notes invisible to the reporter
- Export to PDF — generate a complete case file for legal review, auditors, or compliance documentation
- Log external reports — received a report by phone, email, or in person? Create it manually so everything lives in one place
What reporters experience
The reporter’s experience matters because it determines whether people actually use the channel.
- No account, no app, no login. Just a browser on any device — including a personal phone on mobile data
- Fully anonymous by default. No IP logging. File metadata (EXIF, GPS, author) stripped automatically before storage
- Optional identity disclosure. Reporters can share their name if they choose to — it’s never required
- Access code for follow-up. After submitting, the reporter gets a code (
WB-XXXX-XXXX) to check back for updates and respond to handler messages - Handler names are never shown. The reporter sees “Case handler” — nothing more
What’s under the hood
Every technical decision serves one purpose: keeping you compliant and your reporters protected.
- Encrypted at rest. All report data is encrypted in the database
- Virus scanning. All uploaded files are scanned for malware server-side. Infected files are removed automatically
- Immutable audit trail. Every action is logged and cannot be edited or deleted. Auditors get who did what, when
- Automatic deadline tracking. 7-day acknowledgment and 3-month feedback deadlines with overdue notifications
- EU-hosted. Hetzner servers in Nuremberg, Germany. No data leaves the EU
- No tracking. No IP logging, no analytics cookies, no third-party scripts on the reporting portal
Deploy your reporting channel
Set up your reporting channel in minutes. All features included in a single plan.