Security at NorthWhistle

How we keep your data safe

In a nutshell

Fully encrypted

Communication between your devices and the NortWhistle servers as well as stored data is always encrypted

ISO Certified

Our hosting has certification for compliance with ISO/IEC 27001:2013, 27017:2015 & 27018:2019

GDPR by design

Having GDPR processes set in our organization is not enough. We want to raise the bar and have embedded these processes in our technology

Third-party audit

We regularly do security & integrity assessments using industry leading third parties

Strict data policies

With automated processes no one can access your data, not even our developers

In the details

NorthWhistle is designed with anonymity, confidentiality, and security as top priorities. With our engineering background, we’ve raised the bar for how to guarantee total anonymity for the reporter resulting in a tool we wouldn’t hesitate to use ourselves.

How do we ensure confidentiality? With both an interface that helps the reporter feel safe and in control and state of the art cloud security.

A neutral middlehand

As a detached third party, NorthWhistle takes a neutral position to all other parties involved in an incident. This is a fundamental statement and helps us build trust towards a reporter holding on to compromising information that potentially would never see the daylight if that trust is not there. We’ve also built the platform to continuously guide and help the reporter to remain anonymous and too not share any personal or identifying information.

ISO 27001

The NorthWhistle platform and infrastructure are set up on Amazon Web Services (AWS) which practice the highest data security standards to its data centers. AWS is certified for ISO 27001 and we make sure no personal or sensitive data is leaving the European Union.


The platform is encrypted end-to-end with bank-grade security on both data in transit and at rest. This is to ensure both 100% confidentiality for the reporting part but also to secure the platform as a whole. This means NorthWhistle employers cannot access your data even if you asked us to do it. We’ve also applied our data minimisation approach to all channels and inputs from users to not have the platform collect anything other than the bare minimum for it to function properly. This does not just help us being GDPR compliant but it also simplifies the security process and keeps the valued information safe.

Anonymous endpoints

When reporting through NorthWhistle you will use specific anonymous endpoints that will guarantee your anonymity. These endpoints are removing anything that could be used to identify you or your geographical location. The result is a report with only the information you decided to share, nothing else. NorthWhistle logs all kinds of activity to an incident for easy follow-up who have had access to this information and what changes have been made.

Our work has just started and we plan to raise the bar even further by earning that trust and add more innovations to our technologies.


For more details on privacy, read our full privacy policy