Security Information & Best Practices

Our Security Commitment

This reporting system is built with enterprise-grade security to protect your information and ensure safe, confidential reporting.

End-to-End Encryption

All data encrypted from submission to storage

Anonymous Protection

Complete identity protection for anonymous reports

Secure Infrastructure

Enterprise-grade hosting and security monitoring

Technical Security Features
Data Encryption
  • Transport Layer Security (TLS): 256-bit SSL encryption for all web traffic
  • Database Encryption: AES-256 encryption for all stored data
  • File Encryption: Individual file encryption for attachments
  • Communication Encryption: End-to-end encrypted messaging
  • Backup Encryption: All backups encrypted with separate keys
Access Controls
  • Multi-Factor Authentication: Required for all staff accounts
  • Role-Based Access: Permissions based on job function
  • Principle of Least Privilege: Minimum necessary access only
  • Session Management: Automatic timeouts and secure sessions
  • Regular Access Reviews: Quarterly permission audits
Infrastructure Security
  • Secure Cloud Hosting: Enterprise-grade data centers
  • Network Security: Advanced firewall and intrusion detection
  • DDoS Protection: Protection against distributed attacks
  • Vulnerability Scanning: Regular automated security scans
  • Security Monitoring: 24/7 security operations center
Anonymous Reporting Security
What We Don't Collect:
  • IP Addresses: No logging of source IP addresses
  • Browser Fingerprinting: No device or browser identification
  • Location Data: No geolocation tracking
  • User Agent Strings: No browser/OS information stored
  • Session Cookies: No persistent tracking cookies
  • Referrer Data: No tracking of how you found this site
  • Time Zone Information: No location inference
How Anonymity is Protected:
  • Token-Based Access: Random, unguessable access tokens
  • No Identity Linking: No connection to personal information
  • Secure Deletion: No logs that could identify you
  • Staff Training: Personnel trained in anonymity protection
  • System Design: Technical impossibility of identification
  • Audit Compliance: Regular anonymity protection audits
Technical Note:

Even system administrators cannot identify anonymous reporters. The system is architecturally designed to prevent this, ensuring your anonymity is technically guaranteed, not just policy-based.

Security Best Practices for You
Recommended Practices:

  • Use Personal Devices: Avoid company computers when possible
  • Private Networks: Use personal mobile data or home wifi
  • Updated Browsers: Keep your browser updated for security
  • Private Browsing: Use incognito/private mode
  • Clear Data: Delete history and cookies after use

  • Avoid Public WiFi: Don't use public networks for sensitive reporting
  • Use VPN: Consider a VPN for additional privacy
  • Secure Connections: Always look for the lock icon in your browser
  • Verify URL: Ensure you're on the correct website

  • Save Securely: Write down Case ID and access tokens offline
  • Don't Email: Never email credentials to yourself
  • Multiple Copies: Store credentials in multiple secure locations
  • Privacy First: Keep credentials private and secure
What to Avoid:
High-Risk Activities:
  • Work Computers: Avoid using company-owned devices
  • Work Network: Don't use company internet connections
  • Shared Devices: Never use public or shared computers
  • Unsecured WiFi: Avoid open or public wireless networks
  • Saving Passwords: Don't save credentials in browsers
  • Screenshots on Work Devices: Don't save evidence on company devices
Moderate-Risk Activities:
  • Public Computers: Libraries/internet cafes (clear data afterward)
  • Home Computers: Shared family devices (use private browsing)
  • Mobile Data: Generally safe but consider data limits
Remember: The goal is to maintain your privacy while ensuring secure access to the reporting system.
File & Evidence Security
Secure File Upload:
  • Automatic Encryption: All files encrypted immediately upon upload
  • Virus Scanning: All files scanned for malware before storage
  • File Type Validation: Only approved file types accepted
  • Size Limits: File size restrictions for security
  • Metadata Removal: Personal metadata stripped from files
Supported File Types:
  • Documents: PDF, DOC, DOCX, TXT
  • Images: JPG, PNG, GIF
  • Audio: MP3, WAV, M4A
  • Video: MP4, MOV, AVI
File Security Tips:
  • Remove Personal Info: Check documents for your name before uploading
  • File Names: Use generic names, avoid identifying information
  • Clean Metadata: System automatically removes metadata
  • Multiple Formats: Save important evidence in multiple formats
  • Backup Copies: Keep secure copies of important evidence
File Access:
  • Only authorized investigators can access uploaded files
  • All file access is logged and audited
  • Files are permanently deleted when cases are closed
  • No backup copies are retained after deletion
Security Incident Response
What We Monitor For:
  • Unauthorized Access Attempts: Failed login attempts and suspicious activity
  • Data Breach Attempts: Attempts to access or extract data inappropriately
  • System Vulnerabilities: Security weaknesses or configuration issues
  • Malware/Virus Activity: Malicious software or infected files
  • Privacy Violations: Attempts to identify anonymous reporters
Our Response Process:
  1. Immediate Detection: Automated alerts for security events
  2. Rapid Response: Security team investigates within 1 hour
  3. Containment: Isolate and prevent further damage
  4. Investigation: Determine scope and impact of incident
  5. Notification: Inform affected users if necessary
  6. Recovery: Restore systems and implement improvements
Report Security Concerns

If you notice any security concerns:

  • Suspicious website behavior
  • Unusual access requests
  • Potential privacy breaches
  • Technical security issues
Report Security Issue
Security Standards & Compliance
Security Standards We Follow:
  • ISO 27001: International information security management standard
  • SOC 2 Type II: Security, availability, and confidentiality controls
  • GDPR: European data protection regulation compliance
  • NIST Cybersecurity Framework: U.S. cybersecurity best practices
  • Industry Best Practices: Latest security recommendations
Regular Security Activities:
  • Security Audits: Quarterly comprehensive security reviews
  • Penetration Testing: Annual external security testing
  • Vulnerability Assessments: Monthly security scans
  • Staff Training: Regular security awareness training
  • Policy Updates: Continuous security policy improvements
Security Commitment:

We are committed to maintaining the highest level of security for all users of this reporting system. Your safety and privacy are our top priorities, and we continuously invest in security improvements to protect your information.