Privacy Policy

What we collect

Report content (text, optional contact email, evidence links/text), account data for donors/moderators/admins (email, password hash, roles), and technical metadata such as IP address, timestamps, device/browser info for security and rate limiting.

How we use data

To run the platform, contact reporters who opt in, prevent abuse, process donations via Stripe, and produce aggregate statistics without identifying individuals. We avoid exposing sensitive details to donors or the public.

Legal bases and retention

Consent for optional contact, contract for accounts and donations, legitimate interest for security and anti-abuse controls. Default retention is up to 5 years or longer when required for investigations; data may be anonymised sooner when legally allowed.

Storage and security

Transport encryption (TLS), restricted role-based access, audit logging for sensitive views, and private storage for attachments when enabled. We aim to store data in the EU/EEA or another adequate region whenever possible.

Sharing and transfers

Shared only with vetted moderators/admins, essential processors (Stripe, hosting, email), or when legally required. We do not sell data or use it for advertising. Cross-border transfers follow appropriate safeguards such as SCCs when applicable.

Your rights

You may request access, rectification, erasure, restriction, portability, or objection where permitted by law. Contact privacy@clearwhistle.example; you can also complain to your data protection authority. We may decline a request if it would expose a whistleblower or violate law.

Contact

Privacy requests: privacy@clearwhistle.example. Include your tracking code only if it is safe to do so.