VoiCase Favicon

Hance Consulting FZE

United Arab Emirates

Email: info@hanceconsulting.com | hello@voicase.me

Website: www.hanceconsulting.com | www.voicase.me

Hance Consulting

VoiCase Security Policy

Effective Date: 01 January 2026

Version: 1.0

1. Purpose

This Security Policy describes the measures implemented by VoiCase to protect the confidentiality, integrity, and availability of client data processed through the VoiCase platform.

This document is for informational purposes only and does not create contractual obligations beyond those agreed in applicable service agreements.

2. Security Governance

VoiCase maintains security practices appropriate to the nature of its whistleblowing and case management platform.

Security controls are periodically reviewed and updated based on:

  • Legal and regulatory requirements
  • Industry practices
  • Operational risk assessments

3. Infrastructure Security

3.1 Cloud Hosting

  • Infrastructure Provider: Amazon Web Services (AWS)
  • Hosting Region: GCC region
  • Data residency: GCC

VoiCase leverages AWS security architecture, physical security controls, and infrastructure-level safeguards.

4. Data Protection Measures

4.1 Encryption

  • Data is encrypted in transit using TLS/HTTPS.
  • Data is encrypted at rest within the hosting environment.

4.2 Access Controls

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA) for administrative access
  • Principle of least privilege applied internally
  • Logical separation of client environments

4.3 Authentication

Administrative access requires strong authentication mechanisms and restricted access rights.

5. Application Security

VoiCase implements reasonable application-level safeguards including:

  • Authentication and authorization controls
  • Session management controls
  • Audit logging
  • Controlled access to administrative interfaces

Security testing and updates are conducted periodically as appropriate to the service.

6. Data Retention and Deletion

  • Default retention period: 30 days unless configured otherwise by the client.
  • Clients may manage retention settings within the platform.
  • Upon contract termination and written request, data will be deleted or returned, subject to backup retention policies.
  • Secure backups are maintained in accordance with operational continuity requirements.

7. Monitoring and Incident Response

VoiCase maintains monitoring mechanisms to detect potential security incidents.

In the event of a confirmed personal data breach affecting client data:

  • Clients will be notified without undue delay.
  • Where feasible, notification will occur within 72 hours of confirmation.
  • Notification may be provided in phases as additional information becomes available.

Clients remain responsible for regulatory notifications unless otherwise agreed.

8. Personnel Security

Access to client data is restricted to authorized personnel on a need-to-know basis.

Personnel with system access are subject to:

  • Confidentiality obligations
  • Access control policies

9. Sub-Processors

VoiCase may engage infrastructure and technical service providers necessary to operate the platform.

Such providers are contractually bound to maintain appropriate data protection and security safeguards.

10. Client Responsibilities

Clients are responsible for:

  • Determining lawful basis for data processed through the platform
  • Configuring retention settings appropriately
  • Managing user access within their organization
  • Protecting their own credentials

11. Continuous Improvement

Security practices are periodically reviewed and may evolve in response to:

  • Regulatory developments
  • Infrastructure updates
  • Operational risk assessments

The most current version of this Security Policy will be available on the VoiCase website.

Voicase Whistleblowing & Case Management is a Product of Hance Consulting FZE