Privacy Policy

WhisTrust ("we," "us," or "our") operates a secure whistleblowing platform that enables anonymous reporting of misconduct, fraud, and policy violations within organizations. This Privacy Policy explains how we collect, use, protect, and disclose personal information in compliance with Saudi Arabian law.

By using WhisTrust, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

WhisTrust acts as the data controller for personal information processed through our platform. For inquiries regarding your personal data:

In accordance with data protection principles, we process personal data only for specified, explicit, and legitimate purposes:

• To facilitate anonymous reporting and case management
• To enable secure communication between reporters and administrators
• To maintain audit logs for compliance and security purposes
• To improve our services and user experience
• To comply with legal obligations under applicable law
• To prevent fraud and ensure platform security
• To provide technical support when requested

In compliance with data protection regulations:

We implement comprehensive security measures in accordance with industry best practices and cybersecurity standards:

• End-to-end encryption for all messages and file uploads
• AES-256 encryption for data at rest
• TLS 1.3 for data in transit
• Automatic metadata removal from uploaded files
• Role-based access control (RBAC) with audit logging
• Regular security assessments and penetration testing
• Multi-factor authentication for admin users
• Incident response and breach notification procedures

Under applicable data protection laws, you have the following rights:

To exercise these rights, contact us at info@aisar.sa

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by applicable law:

• Case reports: Retained for 7 years after case closure (or as required by applicable regulations)
• Admin account data: Retained during employment + 2 years
• Audit logs: Retained for 5 years for compliance purposes
• Anonymous tracking codes: Retained for 1 year after case closure

In the event of a data breach affecting personal data, we will:

• Notify relevant Data Protection Authorities as required by law
• Notify affected individuals without undue delay if the breach poses a high risk
• Implement immediate remediation measures
• Document all breach incidents and response actions

We do not sell personal data. We may share information only in the following circumstances:

• With your organization's authorized administrators (for case management)
• With cloud infrastructure providers (under data processing agreements)
• When required by applicable law or court order
• To protect our rights, safety, or property

All third parties are contractually obligated to protect your data in accordance with applicable data protection laws.

We use essential cookies to ensure platform functionality. We do not use advertising or third-party tracking cookies. You can control cookie settings through your browser.

WhisTrust is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If you become aware that a child has provided us with personal data, please contact us immediately.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of WhisTrust after changes constitutes acceptance of the revised policy.

For questions about this Privacy Policy or our data practices: