All Docs
Security
VoiCase is built with security as a foundational requirement, not an afterthought. Protecting the confidentiality of whistleblower reports and investigation data is central to the platform's mission.
Encryption
- In transit — all data transmitted between clients and VoiCase servers is encrypted using TLS 1.3
- At rest — all stored data is encrypted using AES-256 encryption
- Report content — individual report contents receive additional application-layer encryption, ensuring that even database administrators cannot read report text without proper authorization
Compliance Certifications
- SOC 2 — VoiCase controls are architected to align with SOC 2 security, availability, and confidentiality trust service criteria
- ISO 27001 — hosted on ISO 27001-certified cloud infrastructure (AWS)
- GDPR ready — built-in workflows for data subject access requests, retention reviews, anonymization, and legal-hold actions
- Penetration testing — periodic third-party penetration testing with results available to enterprise customers upon request
Infrastructure
- Cloud infrastructure — hosted on enterprise-grade cloud infrastructure with 99.9% uptime SLA
- Data residency — choose your data storage region (EU or US) to comply with data sovereignty requirements
- Backup and recovery — automated daily backups with point-in-time recovery capability
- Access logging — all administrative and investigator access events are logged and auditable
- Incident response — documented incident response procedures with notification to affected customers within 72 hours
Need a Walkthrough?
Book a demo and our team will walk you through the platform live.