...
The data-at-rest is encrypted with the industry-recognized AES-256 algorithm and stored securely in the backend storage on the Jira Forge platform. The encryption is performed with a key that is unique to each organization. The backend storage is not directly accessible to your organization. Whistle Willow decrypts the report content on the go only when rendering reports to Compliance group users.
Is there a public site for submitting reports to my organization?
...
If your organization has JSM, open the Help Center and click on the “Submit anonymous whistleblowing report” button.
For organizations without JSM, we created https://whistle-eu.suprchrgd.com/ - the External Portal which can be used to submit a tip to your organization without Jira or Confluence access. The organizations that enabled public submissions share their unique org PIN or a link to the customer-branded page in their whistleblowing policy or instruction. Use it on the public submissions site for sending your anonymous and protected tip.⠀
...
We intentionally did not enable such functionality in the product - as with submitting evidence, it is quite easy to leave the digital traces that could lead back to the reporter's true identity. If a reporter is completely certain the files can't be traced back to reveal their identity, we recommend using open-source Whistle-blowing file hosting platforms, such as SecureDrop. Then, a reporter would include a link to the drop in the report submitted through Whistle Willow.
...