Security & Transparency

How we protect your data and ensure anonymity

1. HTTPS Encryption

All communication between your browser and our servers is encrypted using HTTPS (TLS 1.2 or higher).

• Data in Transit: When you submit a report or check status, all data is encrypted before transmission.
• Certificate Validation: Our SSL/TLS certificates are validated and up-to-date.
• Secure Headers: We implement security headers (HSTS, CSP, X-Frame-Options) to prevent attacks.

You can verify HTTPS is active by checking for the padlock icon (🔒) in your browser's address bar.

2. Secure Authentication

HR Dashboard access is protected by secure authentication:

• Django Admin Authentication: Uses Django's built-in secure authentication system.
• Password Security: Passwords are hashed using industry-standard algorithms (PBKDF2).
• Session Security: Sessions are protected with secure, HTTP-only cookies.
• CSRF Protection: All forms are protected against Cross-Site Request Forgery (CSRF) attacks.
• Staff-Only Access: Only users with staff-level permissions can access the HR Dashboard.

3. Role-Based Access Control

Access to submissions is strictly controlled:

3.1. Employee Access (Public)

• Can submit anonymous reports (requires company access code)
• Can check submission status using receipt code
• Cannot: View other submissions, access HR Dashboard, or see any identifying data

3.2. HR Staff Access

• Must authenticate with username and password
• Must have staff-level permissions
• Can view all submissions in the HR Dashboard
• Can respond to submissions
• Can update submission status
• Cannot: See IP addresses, browser information, or any identifying data about submitters

3.3. Superuser Access

• Same as HR Staff, plus ability to manage user accounts
• Can create/edit/delete HR staff accounts
• Still cannot: See identifying information about submitters

4. Data Protection Measures

4.1. No IP Address Logging

We do not log or store IP addresses. This means:

• Your location cannot be determined from server logs
• Your device cannot be identified
• Multiple submissions from the same IP cannot be linked

4.2. No Cookies or Tracking

We do not use cookies, tracking pixels, or any tracking technology. The Platform:

• Does not set any cookies (except session cookies for HR Dashboard authentication)
• Does not use third-party analytics or tracking services
• Does not fingerprint your browser or device

4.3. Rate Limiting

To prevent abuse, we limit submissions to 5 submissions per IP address per hour. This:

• Prevents spam and automated attacks
• Protects system resources
• Does not store IP addresses permanently (only temporarily for rate limiting)

4.4. Input Sanitization

All user input is sanitized to prevent:

• XSS Attacks: HTML and JavaScript are escaped
• SQL Injection: Database queries use parameterized statements
• Length Limits: Input is limited to prevent buffer overflow attacks

5. Database Security

Submissions are stored securely:

• Encrypted Storage: Database connections use encryption
• Restricted Access: Only the application server can access the database
• No Direct Access: HR personnel cannot directly access the database
• Backups: Regular encrypted backups are maintained

6. Security Headers

We implement the following security headers:

• X-Frame-Options: Prevents clickjacking attacks
• X-Content-Type-Options: Prevents MIME-type sniffing
• X-XSS-Protection: Enables browser XSS filtering
• Strict-Transport-Security (HSTS): Forces HTTPS connections
• Content-Security-Policy: Restricts resource loading to prevent XSS

7. What We Don't Collect

To protect your anonymity, we explicitly do NOT collect:

• IP addresses (except temporarily for rate limiting)
• Email addresses
• Names or employee IDs
• Department or location information
• Browser or device information
• Referrer information
• Cookies (except session cookies for HR Dashboard)
• Any other identifying data

8. Receipt Code Security

Your receipt code is your key to accessing your submission:

• Receipt codes are randomly generated (10 digits)
• They cannot be guessed or brute-forced
• Only someone with your receipt code can view your submission
• Keep your receipt code secure and private

9. Compliance

This Platform is designed to comply with:

• General Data Protection Regulation (GDPR) principles
• Industry best practices for anonymous reporting systems
• Company privacy and data protection policies

10. Security Updates

We regularly update the Platform to:

• Patch security vulnerabilities
• Update dependencies
• Improve security measures
• Stay current with security best practices

11. Reporting Security Issues

If you discover a security vulnerability, please:

1. Do not exploit the vulnerability
2. Report it directly to HR or IT Security
3. Provide details about the issue
4. Allow time for the issue to be fixed before disclosing publicly

12. Transparency

We believe in transparency about our security practices. This page explains:

• How data is protected
• Who can access what
• What security measures are in place
• What we don't collect

If you have questions about security or want more details, please contact HR.

Remember: While we implement strong security measures, you play a role in protecting your anonymity. Don't include identifying information in your submissions, and keep your receipt code secure.