Data Protection & Privacy
Data Security on WhiteBox
Encryption
Your data is safeguarded in transit with TLS and at rest through RDS AES-256.
Regular Vulnerability Testing
We use automated vulnerability testing, and continuous monitoring technologies to test for and close any security gaps.
Secured with AWS
Our app utilises the servers of Amazon Web Services (AWS), which supports over 140 security standards and compliance certifications.
Pen-Tested & Certified Software Infrastructure
Our app runs on a SOC 2 Type II compliant software infrastructure service that conducts penetration tests annually (at minimum) following the comprehensive OWASP WSTG.
Protection by Design and Procedure
Data is shared with organisations participating on WhiteBox under strict rules. Likewise our own staff members are under strict confidentiality obligations, only have access to data when necessary, and access is logged and controlled.
Secure & Compliant Sub-Processors
We only share relevant data with sub-processors when it is necessary for the fulfilment of the assignment given to us, and under strict rules. We only use the services of reliable third parties (with compliant and adequate security practices).
Our Data Principles
We do the right thing with data.
Prioritising responsible data management as a cornerstone of continuous innovation, we uphold the value of personal data for our platform and users by meeting their expectations: ensuring data is handled with care, maintained accurately and completely, and securely destroyed when no longer needed. This commitment not only enhances our services but also builds and sustains user trust, setting us apart in the market.
We are committed to privacy & confidentiality.
WhiteBox embeds confidentiality and privacy into every aspect of our services. Protecting privacy is essential to building an effective and trusted grievance mechanism, from the initial report to resolution and beyond. We ensure that user expectations for confidentiality are met, forming the backbone of a secure and reliable grievance experience.
We only collect the data that we need.
We have a specific objective in mind when collecting, using, or handling personal data that is consistent with our objectives and values. We collect and use only the amount of personal data we need for approved and lawful purposes.
We are transparent about our data practices.
We are forthright about the personal data we collect and how we’re using and sharing it. Furthermore, we give users clear choices about their privacy and controls that are easy to use so that they can manage their data.
Privacy Policies
Communication Partners
Website Visitors
WhiteBox Users
Social Media & Other Platforms
Job Applicants
(Pre-)Contractual Partners