Security at NorthWhistle
How we keep your data safe
In a nutshell

Fully encrypted
Communication between your devices and the NortWhistle servers as well as stored data is always encrypted

ISO Certified
Our hosting has certification for compliance with ISO/IEC 27001:2013, 27017:2015 & 27018:2019

GDPR by design
Having GDPR processes set in our organization is not enough. We want to raise the bar and have embedded these processes in our technology

Third-party audit
We regularly do security & integrity assessments using industry leading third parties

Strict data policies
With automated processes no one can access your data, not even our developers
In the details
NorthWhistle is designed with anonymity, confidentiality, and security as top priorities. With our engineering background, we’ve raised the bar for how to guarantee total anonymity for the reporter resulting in a tool we wouldn’t hesitate to use ourselves.
How do we ensure confidentiality? With both an interface that helps the reporter feel safe and in control and state of the art cloud security.
A neutral middlehand
As a detached third party, NorthWhistle takes a neutral position to all other parties involved in an incident. This is a fundamental statement and helps us build trust towards a reporter holding on to compromising information that potentially would never see the daylight if that trust is not there. We’ve also built the platform to continuously guide and help the reporter to remain anonymous and too not share any personal or identifying information.
ISO 27001
The NorthWhistle platform and infrastructure are set up on Amazon Web Services (AWS) which practice the highest data security standards to its data centers. AWS is certified for ISO 27001 and we make sure no personal or sensitive data is leaving the European Union.
Encryption
The platform is encrypted end-to-end with bank-grade security on both data in transit and at rest. This is to ensure both 100% confidentiality for the reporting part but also to secure the platform as a whole. This means NorthWhistle employers cannot access your data even if you asked us to do it. We’ve also applied our data minimisation approach to all channels and inputs from users to not have the platform collect anything other than the bare minimum for it to function properly. This does not just help us being GDPR compliant but it also simplifies the security process and keeps the valued information safe.
Anonymous endpoints
When reporting through NorthWhistle you will use specific anonymous endpoints that will guarantee your anonymity. These endpoints are removing anything that could be used to identify you or your geographical location. The result is a report with only the information you decided to share, nothing else. NorthWhistle logs all kinds of activity to an incident for easy follow-up who have had access to this information and what changes have been made.
Our work has just started and we plan to raise the bar even further by earning that trust and add more innovations to our technologies.
For more details on privacy, read our full privacy policy