Data Protection & Privacy

Data Security on WhiteBox

Our web-application WhiteBox is built with meticulous attention to data protection and privacy. Every development step was carefully evaluated and adapted to keep data secure and private. Our application runs on a state-of-the-art software infrastructure solution. Beyond deploying technical as well as procedural measures to protect data, WhiteBox is compliant with all applicable data protection regulations such as the EU GDPR. Find out more by reading the section below.
Privacy Policy

Encryption

Your data is safeguarded in transit with TLS and at rest through RDS AES-256.

Regular Vulnerability Testing

We use automated vulnerability testing, and continuous monitoring technologies to test for and close any security gaps.

Secured with AWS

Our app utilises the servers of Amazon Web Services (AWS), which supports over 140 security standards and compliance certifications.

Pen-Tested & Certified Software Infrastructure

Our app runs on a SOC 2 Type II compliant software infrastructure service that conducts penetration tests annually (at minimum) following the comprehensive OWASP WSTG.

Protection by Design and Procedure

Data is shared with organisations participating on WhiteBox under strict rules. Likewise our own staff members are under strict confidentiality obligations, only have access to data when necessary, and access is logged and controlled.

Secure & Compliant Sub-Processors

We only share relevant data with sub-processors when it is necessary for the fulfilment of the assignment given to us, and under strict rules. We only use the services of reliable third parties (with compliant and adequate security practices).

Our Data Principles

We do the right thing with data.

Prioritising responsible data management as a cornerstone of continuous innovation, we uphold the value of personal data for our platform and users by meeting their expectations: ensuring data is handled with care, maintained accurately and completely, and securely destroyed when no longer needed. This commitment not only enhances our services but also builds and sustains user trust, setting us apart in the market.

We are committed to privacy & confidentiality.

WhiteBox embeds confidentiality and privacy into every aspect of our services. Protecting privacy is essential to building an effective and trusted grievance mechanism, from the initial report to resolution and beyond. We ensure that user expectations for confidentiality are met, forming the backbone of a secure and reliable grievance experience.

We only collect the data that we need.

We have a specific objective in mind when collecting, using, or handling personal data that is consistent with our objectives and values. We collect and use only the amount of personal data we need for approved and lawful purposes.

We are transparent about our data practices.

We are forthright about the personal data we collect and how we’re using and sharing it. Furthermore, we give users clear choices about their privacy and controls that are easy to use so that they can manage their data.

March 2, 2025

Privacy Policy

Here you can find all the information regarding our practices regarding the handling of your personal data. Your personal data's protection and your privacy rights are paramount to us. It is very important to us that you feel safe during your visit to our website, while using our services, and over the course of all other interactions and transactions with us. Should you have any inquiries or doubts regarding this policy or how we handle your personal data, please get in touch at [email protected] . This main document is complemented by service or region specific addendums which you can access through the main document as well as through the below section.

Quick Information

  • Cookie Policy

  • [rcb-consent type="change" tag="a" text="Cookie settings"]

  • [rcb-consent type="history" tag="a" text="Cookie settings history"]

  • [rcb-consent type="revoke" tag="a" text="Revoke consents for cookies" successmessage="You have successfully revoked consent for services with its cookies and personal data processing. The page will be reloaded now!"]

Addendums

March 3, 2025

Privacy Policy Addendum for Communications & Newsletters

March 3, 2025

Privacy Policy Addendum for Social Media & Similar Platforms

March 3, 2025

Privacy Policy Addendum for Visitors of Informational Websites