Is a whistleblower channel mandatory?

Yes. Spanish Law 2/2023 requires all companies with 50 or more employees to have an internal reporting system. Fines for non-compliance can reach 1,000,000 euros.

How long does it take to activate Whispr?

Less than 24 hours. Create your account, configure your portal and share the link with your team. No installations or technical development needed.

Can employees really report anonymously?

Yes. Whispr allows fully anonymous reports. All information is encrypted with AES-256-GCM and not even platform administrators can access content without the tenant's keys.

Does it work for restaurants with rotating or temporary staff?

Perfectly. They only need to access a URL or QR code. No registration or user account is required for the reporter.

What happens if I don't respond to a report on time?

Law 2/2023 sets a 7-day deadline for acknowledgment and 3 months for resolution. Whispr automatically tracks these deadlines and alerts you before they expire. Non-compliance can result in sanctions.

Can I customize the channel with my business branding?

Yes. Each company has its own subdomain and can customize colors, logo and welcome message so the channel integrates with their corporate identity.

A platform built to protect

Whispr is not just a reporting form. It's a complete internal communications management platform built from scratch to comply with the law, protect the reporter, and simplify management for your team.

Seguridad Cumplimiento Informante Panel

What is Whispr?

Whispr is a SaaS whistleblower channel platform designed specifically for the hospitality and restaurant industry. It allows employees to report irregularities securely, anonymously or confidentially, in full compliance with all applicable regulations.

Each organization has its own branded portal, accessible from any device. The reporter doesn't need to register or create an account: they just access a URL or scan a QR code.

Behind the portal, a complete management panel allows the compliance team to receive, investigate and resolve each case within legal deadlines, with full traceability and encrypted two-way communication.

The reporter's process

Designed to be simple, accessible and secure. Any employee can submit a report in under 3 minutes.

Access the portal

The employee accesses their organization's reporting portal through a direct URL or QR code. No registration or prior identification required.

Choose anonymity or confidentiality

The reporter decides whether to keep their identity completely anonymous or report confidentially (their identity is only known to authorized case managers).

Describe the situation

Fill in a clear form with subject, description, category and department. Files up to 50 MB can be attached as evidence.

Receive an access code

Upon submission, they receive a unique code that allows them to track the case, read responses from the management team and send additional messages through the encrypted chat.

Encrypted two-way communication

The reporter and management team can communicate securely without revealing identities. Every message is end-to-end encrypted.

Messages encrypted with AES-256-GCM
Reporter accesses with their unique code, no account or email needed
Manager responds from the panel without knowing the reporter's identity
Complete case history accessible to both parties

Complete management panel

Everything your compliance team needs to manage cases efficiently and meet legal deadlines.

Case overview

Dashboard with all cases organized by status: new, investigating, resolved and closed. Filters by category, department and severity.

Assignment and roles

Assign cases to specific investigators. Three differentiated roles: administrator, compliance and investigator, each with granular permissions.

Automatic deadline tracking

The law requires acknowledgment within 7 days and resolution within 3 months. Whispr tracks both deadlines and sends alerts before they expire.

Audit trail

Every action is logged: status changes, assignments, messages, access. Full traceability for inspections and audits.

Uncompromising security

Data protection and reporter identity are the fundamental pillars of Whispr. Every technical decision has been made prioritizing security.

AES-256-GCM encryption

All sensitive data (messages, descriptions, attachments) is encrypted with AES-256-GCM before storage. Each tenant has its own derived encryption keys, completely isolating data between organizations.

Real anonymity

When the reporter chooses anonymity, no identifying data is stored: no IP, no email, no tracking cookies. The system guarantees it is technically impossible to link an anonymous report to its author.

Multi-tenant isolation

Each organization operates in a completely isolated environment. Data from one tenant is never accessible from another. Encryption keys are unique per organization.

Robust authentication

Optional two-factor authentication (2FA) for all panel users. Sessions with automatic expiration. Brute force protection with rate limiting.

Secure infrastructure

Deployed on European infrastructure with SOC 2 certification. HTTPS connections with HSTS. Security headers: CSP, X-Frame-Options, X-Content-Type-Options. Database with encryption at rest.

Controlled data retention

Configurable retention policies per organization. Data is automatically deleted according to defined timelines, complying with GDPR's data minimization principle.

Regulatory compliance in detail

Whispr has been specifically designed to comply with the Spanish and European whistleblower protection regulatory framework.

Law 2/2023 — Whistleblower protection

Law 2/2023 transposes the European Directive and establishes the obligation to have an internal reporting system for companies with 50 or more employees. Non-compliance can result in fines of up to 1,000,000 euros.

Accessible, confidential channel that allows anonymous reports
Acknowledgment of receipt to the reporter within 7 calendar days
Resolution or response within a maximum of 3 months
Designation of a system manager (compliance officer)
Record of all communications received
Protection against retaliation for the reporter

Whispr natively meets all these requirements

EU Directive 2019/1937

The European Whistleblower Protection Directive establishes the framework that Law 2/2023 transposes. Whispr is aligned with the most demanding European standards.

GDPR & LOPDGDD

Whispr implements privacy by design: data minimization, encryption, informed consent, right to be forgotten and controlled retention. Data is hosted exclusively in the European Union.

Ready to protect your team?

Activate your whistleblower channel in less than 24 hours. No installations, no complications.