Ownware

Confida – Self-Hosted Whistleblowing Portal

Self-hosted whistleblowing channel that tracks the EU Directive's 7-day and 3-month clocks.

Confida – Self-Hosted Whistleblowing Portal preview banner

The problem it solves

The EU Whistleblowing Directive requires organisations of 50+ staff to run a secure internal reporting channel that acknowledges a report within 7 days and gives feedback within 3 months. A shared "ethics@company.com" inbox is none of those things — it isn't anonymous, it doesn't track deadlines, and it leaves no audit trail.

  • No real anonymity in a shared inbox
  • No tracking against the 7-day / 3-month statutory clocks
  • No audit trail of what happened and when

What you get

Genuine anonymity

No name, email, phone, or IP is ever asked for or stored; a reporter gets a case code and sets a passphrase as the only way back in.

SLA deadline tracking

The dashboard counts acknowledge-overdue, feedback-overdue, and due-within-7-days cases using exact calendar-month math.

Two-way anonymous messaging

A handler posts a message on a case; the reporter reads and replies using their code and passphrase, still anonymous.

Self-hosted, no vendor in the loop

Reports live on your own PHP + MySQL/SQLite server — no API keys, no external service, no data-processing agreement to negotiate.

Configurable acknowledgment window

Set the acknowledgment window in Settings to match your jurisdiction's transposition of the Directive.

Handler console with audit trail

A console that tracks every case against its clock, with an append-only audit trail on every change.

Pricing — one-time, yours forever

single license
$99.00
Version 1.0.0 · instant download · license key included
Available soon

Available soon — get notified

Checkout isn't open yet. Leave your email and we'll send one note the moment Confida – Self-Hosted Whistleblowing Portal can be purchased — nothing else.

Screenshots

Honest limitations

  • Single organisation per install (not multi-tenant)
  • No SSO, no e-discovery, no supervisory-authority e-filing
  • Optional handler email notifications carry no report content
  • Anonymity is an application guarantee, not a network/hosting guarantee — HTTPS and sane server logging are on you
  • Aligns with the Directive's timers and workflow; it is not legal advice
  • Public holidays aren't auto-counted in the deadline math

2-minute installer, plain PHP 8.1+ with MySQL or SQLite, no Composer or Node — includes a 74-assertion offline test suite and Dockerfile.

Frequently asked questions

What exactly is stored about a reporter?

A category, subject line, the details they typed, case status/dates, the message thread, and a hash of their chosen passphrase — no identity fields exist, and the passphrase hash is never exported.

Is it really anonymous?

At the application level, yes — no name, email, phone, or IP is collected or stored, and follow-up is by case code + passphrase only, kept as a one-way hash that's never shown or exported.

A reporter lost their case code or passphrase — can we recover it?

No — there's no account and no email, so there's no reset; that's the trade-off for genuine anonymity, and it's stated clearly on the "save these" screen.

Can the handler and reporter actually communicate?

Yes, via a two-way message thread on each case — the handler posts, the reporter reads and replies with their code and passphrase, still anonymous.

MySQL or SQLite?

Either — SQLite for a zero-config single-file setup or a quick trial, MySQL/MariaDB for production on shared hosting.

See it running before you buy

The live demo is being prepared — check back shortly.

Demo — coming soon

More from this store

Ownware Business tools you own.
Catalog · Your purchases Powered by Deliora (self-hosted)