Privacy Policy

Data Privacy Statement for IntegrityAlert.ai Corporate Integrity Solution
Effective Date: 3 April 2026  |  Last Updated: 3 April 2026
Regulatory Alignment Our Role Data We Collect Platform Data Handling Purpose of Processing Data Sharing Data Security Storage & Transfers Data Retention Auditing User Rights Anonymity Marketing & Website Portability & Exit Updates Contact

Integrity Alert ("we", "our", "us"), operated by Aventude Pte Ltd, is a secure whistleblowing and case management platform designed to promote ethical behaviour, transparency, and accountability within organizations.

Our platform enables organizations to report, investigate, and resolve concerns related to ethics, compliance, fraud, harassment, discrimination, and other misconduct, while protecting the confidentiality and anonymity of individuals.

This Privacy Policy explains how we collect, use, process, and protect personal data across:

  • Reporters (individuals submitting concerns)
  • Case Handlers / Compliance Teams
  • Client Organizations
  • Website visitors and marketing users

1. Regulatory Alignment and Principles

Integrity Alert is designed with privacy and compliance at its core and aligns with:

  • EU Whistleblowing Directive (EU) 2019/1937
  • ISO 37002:2021 – Whistleblowing Management Systems
Key principles
  • Confidentiality and anonymity by design
  • Data minimization and purpose limitation
  • Security-first architecture (assumed breach model)
  • Human-first decision making (AI-assisted, not autonomous)

2. Our Role in Data Processing

  • Client Organizations act as Data Controllers for whistleblowing and case-related data.
  • Integrity Alert (Aventude Pte Ltd) acts as a Data Processor, processing data on behalf of clients.
  • For website and marketing data, Aventude Pte Ltd is the Data Controller.

3. Data We Collect

3.1 Reporter (Whistleblower) Data
  • Report content, supporting documents, and evidence
  • Anonymous or identified communication with case handlers
  • Language preference (English, Sinhala, Tamil)
  • Technical metadata (timestamps, browser/device information)

Reporters may choose to remain anonymous. We do not attempt to identify anonymous users.

3.2 Case Handler Data
  • Name, role, and contact details
  • Login credentials and authentication data
  • Case activity logs and audit trails
  • Internal notes and investigation records
3.3 Client Organization Data
  • Organization and workspace details
  • User and administrator account information
  • Configuration settings (reporting modes, AI preferences, categories)
  • Platform usage data and analytics
3.4 Website & Marketing Data
  • Contact details (name, email, company, job title)
  • Website usage data (IP address, browser/device info)
  • Marketing engagement data (email opens, clicks, ad interactions)

4. Platform Data Handling

Integrity Alert consists of:

  • Reporting Portal
  • Case Handler Portal
  • Onboarding / Administration Portal
Data Security
  • Browser-level encryption before transmission
  • Unique Data Encryption Key (DEK) per case
  • RSA 4096 certificates for key management
  • Encrypted storage and geo-redundant backups
AI Processing
  • AI assists in classification, summarization, translation, and recommendations
  • Outputs are encrypted and stored securely
  • AI features configurable by workspace admins
  • No customer data is used to train AI models

5. Purpose of Data Processing

Data is processed to:

  • Provide and operate the Integrity Alert platform
  • Enable secure, anonymous reporting
  • Facilitate communication between reporters and case handlers
  • Support case investigation and resolution
  • Maintain audit logs and accountability
  • Provide analytics and reporting features
  • Ensure platform security and prevent misuse
  • Improve functionality and user experience
  • Comply with legal and regulatory obligations

6. Data Sharing and Disclosure

We do not sell or monetize personal data.

Data may be shared:

  • With Client Organizations: Authorized personnel for case management
  • With Service Providers: Cloud, analytics, security (under strict data protection agreements)
  • For Legal Compliance: As required by law or valid legal requests

7. Data Security

Network Security
  • Firewalls, VPNs, encrypted communication
  • Network segmentation and strict access controls
Application Security
  • Secure coding practices and regular testing
  • Vulnerability scanning and patch management
  • Containerized, resilient deployment
Data Security
  • Encryption in transit and at rest
  • Key-per-case encryption strategy
  • Pseudonymization and anonymization techniques
Security Architecture
  • Assumed breach model
  • Dedicated cryptographic module
  • Certificate lifecycle management
  • Geo-distributed backups

8. Data Storage and International Transfers

  • Secure cloud infrastructure with geo-redundant backups
  • International transfers are safeguarded per regulatory requirements

9. Data Retention

Retention periods are determined by the Client organization.

Data is retained only as necessary for operational, legal, and compliance purposes.

Typical retention:

  • Case and audit data: client-determined
  • Authentication/activity logs: up to 1 year
  • System logs: 90 days

10. Auditing and Accountability

  • All case actions logged and immutable
  • Case journals cannot be altered or deleted
  • System-level operations and automation are logged
  • Certificate and key usage are auditable
  • Clients may request audit data

11. User Rights

Users may, where applicable:

  • Access their personal data
  • Correct inaccurate data
  • Request deletion
  • Restrict or object to processing

Whistleblowing data requests typically go to the Client organization (Data Controller).

12. Anonymity and Confidentiality

  • Anonymous reporting fully supported
  • Secure, two-way communication
  • Translation features prevent unintended data exposure

13. Marketing and Website Data

We may collect personal information when you interact with our website, request demos, or engage with marketing content. This may include your name, email address, job title, company, IP address, browser type, and website usage information.

Purpose

To communicate with you, provide services, improve website and marketing efforts, and deliver relevant content.

Sharing

Shared only with trusted service providers under strict agreements.

Opt-Out

You can opt out of marketing communications at any time by contacting us at privacy@integrityalert.ai. Requests are processed promptly.

Retention

Retained only as necessary or until you opt out.

14. Data Portability and Exit

Client organizations may:

  • Request export of data, including AI enrichments
  • Receive encrypted datasets with encryption keys
  • Access audit records

15. Updates to This Policy

  • Periodic updates may occur
  • Significant changes will be communicated via appropriate channels

16. Contact Information

Aventude Pte Ltd
160, Robinson Road
#14-04, Singapore BFC
Singapore

Email: privacy@integrityalert.ai

For inquiries about platform, AI processing, encryption, or privacy, contact privacy@integrityalert.ai.