Privacy Policy
Last updated: March 2026
What We Collect
| Data Type | Collected? | Details |
|---|---|---|
| Report content | Yes | Category, description, location, date |
| Personal name | Never | Not requested or stored |
| Email (sign-in) | Optional | Stored as hash, isolated from report content |
| IP address | Never | Not logged on public pages |
| Cookies | Never | No cookies on public pages |
| Analytics | Never | No third-party analytics or tracking pixels |
Data Retention
| Data | Retention | Legal Basis |
|---|---|---|
| Active reports | Until resolution + 7 years | SOX, Dodd-Frank, SEC |
| Closed reports | 7 years after closure | Compliance & legal defense |
| Email hash | Until deletion request | Consent |
| Messages | Same as linked report | Audit & compliance |
| Dashboard access logs | 12 months | Security |
Your Rights
- Right to erasure: Request deletion of the link between your email and reports at any time.
- Anonymous content: Reports without personal identification cannot be subject to individual deletion requests.
- Data export: Data linked to your email can be exported upon request.
- Breach notification: In case of a data breach, notification within 72 hours per CCPA and GDPR requirements.
Compliance
WhistlePlace is designed to comply with:
Sarbanes-Oxley (SOX)
Whistleblower protections for publicly traded companies
Dodd-Frank Act
SEC Whistleblower Program & financial protections
CCPA
California Consumer Privacy Act compliance
GDPR Ready
Prepared for EU market expansion
Questions about privacy? Contact us at privacy@whistleplace.com