The Security tab provides two advanced tools for organizations that need deeper oversight: a full log of security-relevant events, and control over how the encryption key that protects your case data is stored.
Only administrators, system technician and user-defined users with access to security settings can view and edit this page.
Security logs are available only on the Advanced plan.
Security Logs
In Settings > Security, scroll to the Security logs section. The log table records security-relevant system events and shows the log name, IP address, and timestamp for each event.
Common log entries include:
LOGIN_SUCCEEDED: A user successfully signed in.
LOGOUT_SUCCEEDED: A user signed out.
LOGIN_TOKEN_REFRESHED: A user's session was renewed.
ACCESS_CONFIGURATION_UPDATED: A change was made to access settings.
The log shows the 5 most recent entries by default. Click Details on any entry to view the full log information, including the event type, IP address, browser and device details, timestamp, login method used, and the user associated with the event.
Use Next to page through the full history. You can also click Export logs to download a full copy for compliance reporting or internal review.
The system retains detailed logs continuously. These logs are tied to the case encryption system, meaning that if a case's encryption key is deleted after the retention period, associated sensitive log entries for that case are also permanently removed.
System Encryption
In the System encryption section you choose who controls the encryption key used to decrypt cases. There are two options:
Managed storage of the encryption key (recommended for most organizations) Whistleblower Software stores and manages the encryption key for you. This is the simpler option and means your team doesn't need to handle key management. You remain fully protected by the platform's end-to-end encryption.
Full end-to-end encryption You store the encryption key yourself. The key must be entered at every login.
If you chose the full end-to-end encryption and the encryption key is lost, it will not be possible to restore or decrypt any case data.
The current encryption key is shown as masked dots in the Encryption key field. Do not share this key, and store it securely outside the platform if using the full end-to-end option.
💡Whistleblower Software uses a custom end-to-end encryption pattern built on AES-256-bit encryption, RSA 4096-bit keys, and PBKDF2 hashing with 400,000 iterations. All case data is encrypted client-side before it reaches the server.
We’re here to support you. If you have questions reach out to us directly via the Messenger icon in the bottom right corner of your screen, or send us an email at support@whistleblowersoftware.com.