Hintbox IT Security & Data Protection

We have implemented an ISMS in accordance with the requirements of ISO 27001 to comprehensively ensure the protection of your data. The scope of our ISMS is defined as follows:

"In-house development, deployment and operation of software solutions as a service for use by end customers."

Through our end-to-end encryption, all sensitive information and data, such as trade secrets, are encrypted in our whistleblower system.

This means that the data arrives on our servers already encrypted, so that neither we nor other third parties can read the information at any time.

The Hintbox is regularly audited positively by external companies. An IT security company performs penetration tests to verify the IT security of the Hintbox. This ensures that the Hintbox and your data are secure.

Download Pentest Summary

By using the highest and most modern encryption technologies and an audit-proof indexing of data entries and their changes, we also ensure data integrity in the Hintbox.

The Hintbox our digital whistleblower system offers you an availability of 99.9% per year.

This ensures the availability of your data and information at all times.

The Hintbox technically ensures the anonymity of a whistleblower in case of an anonymous report. No IP or MAC addresses, location data or other information that allows conclusions to be drawn about a data subject are stored.

Our Hintbox complies with the rules for processing personal data and thus complies with the General Data Protection Regulation. We process the personal data exclusively according to documented instructions and on your behalf as a processor.

All data of our whistleblower system is hosted in Germany in an ISO/IEC 27001 certified data center. There is no data hosting and no data transfer to countries outside the EU.

All personal data in Hintbox can be deleted in accordance with the requirements of the General Data Protection Regulation and the EU Whistleblower Directive. This enables you to actually implement deletion requests and also deletion concepts in a legally compliant manner.

Our Hintbox enables the implementation of an authorization concept. Only individual authorized persons are given access to the messages in the whistleblower system. In this way, you meet the requirements of data protection and ensure the necessary confidentiality.

We offer secure 2-factor authentication to every Hintbox user.

Each customer receives its own separate Hintbox instance, ensuring stringent separation and processing of data.

Of course, our customer support will assist you with all IT security and data protection concerns. We support you in the processing of data protection rights of data subjects. We also provide support, for example, in carrying out a data protection impact assessment, and much more.