Whistleblowing data protection & security at NorthWhistle

How we keep your data safe

Whistleblower data protection in a nutshell

Fully encrypted

Communication between your devices and the NortWhistle servers as well as stored data is always encrypted

ISO Certified

Our hosting has certification for compliance with ISO/IEC 27001:2013, 27017:2015 & 27018:2019

GDPR by design

Having GDPR processes set in our organization is not enough. We want to raise the bar and have embedded these processes in our technology

Third-party audit

We regularly do security & integrity assessments to our whistleblowing app using industry leading third parties

Strict data policies

With automated processes no one can access your data, not even our developers

Secure whistleblowing

NorthWhistle is designed with anonymity, confidentiality, and security as top priorities. With our engineering background, we’ve raised the bar to guarantee total anonymity for the reporter resulting in a whistleblowing system we wouldn’t hesitate to use ourselves.

How do we ensure confidentiality? With both an interface that helps the reporter feel safe and in control and state of the art cloud security. Feel free to book a demo to see how it works.

A neutral middlehand

As a detached third party, NorthWhistle takes a neutral position to all other parties involved in a whistleblowing incident. This is a fundamental statement and helps us build trust towards a reporter holding on to compromising information that potentially would never see the daylight if that trust is not there. We’ve also built the platform to continuously guide and help the reporter to remain anonymous and to not share any personal or identifying information.

ISO 27001

The NorthWhistle platform and infrastructure are set up on Amazon Web Services (AWS) which practice the highest data security standards to its data centers. AWS is certified for ISO 27001 and we make sure no personal or sensitive data is leaving the European Union.


The platform is encrypted end-to-end with bank-grade security on both data in transit and at rest. This is to ensure both 100% confidentiality for the reporting part but also to secure the platform as a whole. This means NorthWhistle employers cannot access your data even if you asked us to do it. We’ve also applied our data minimisation approach to all channels and inputs from users to not have the platform collect anything other than the bare minimum for it to function properly. This does not just help us being GDPR compliant but it also simplifies the security process and keeps the valued information safe and compliant with the EU whistleblowing directive.

Anonymous endpoints

When reporting through NorthWhistle you will use specific anonymous endpoints that will guarantee your anonymity. These endpoints are removing anything that could be used to identify you or your geographical location. The result is a report with only the information you decided to share, nothing else. NorthWhistle logs all kinds of activity to an incident to allow easy follow-up for users who have access to this information and what changes have been made.

Our work has just started and we plan to raise the bar even further by earning that trust using our whistleblowers blog and adding more innovation to our technologies.


Read our privacy policy for full details on privacy or learn more about NorthWhistle.