Privacy Policy for ReportIssue.org
Effective Date:22-04-2026
At reportissue.org, your privacy is not just a legal compliance requirement; it is the entire foundation of our platform. We operate under a strict Zero-Knowledge Architecture. Our systems are explicitly engineered to ensure that we cannot identify you, track you, or surrender your identity to your employer, corporate HR, or external authorities.
This policy explains exactly how our cryptographic safeguards work and how we handle the minimal data that passes through our servers.
1. The Zero-Knowledge Guarantee (What We DO NOT Collect)
To protect you from corporate retaliation and digital surveillance, we actively refuse to collect identifying metadata. When you visit or submit a report on reportissue.org, we DO NOT log or store:
- Your IP Address: Network logging is disabled on our servers.
- Device Fingerprints: We do not track your IMEI, MAC address, or Advertising IDs.
- Location Data: We do not request or record GPS or localized network data.
2. Information We Process (And How We Protect It)
To ensure the integrity of the platform and prevent false reports, we require two pieces of data during the submission process. Here is exactly how they are handled mathematically:
- Your Corporate Email (For Verification Only): * Why we need it: To verify that you are an actual employee of the company you are reporting.
- How we protect it: Your email is processed through a cryptographic hashing algorithm the moment you submit the form. We extract the domain (e.g.,
@company.com) to categorize the report, and the actual email address is instantly and permanently destroyed. We do not store your plaintext email address. We only store an irreversible mathematical hash.
- How we protect it: Your email is processed through a cryptographic hashing algorithm the moment you submit the form. We extract the domain (e.g.,
- Your Incident Report:
- Why we need it: To allow our independent vetting team to identify patterns of harassment, discrimination, or systemic abuse.
- How we protect it: Your report description is secured using End-to-End Encryption (E2EE) directly on your device before it is sent to our servers. Our database only stores ciphertext (locked data). Our servers do not hold the private decryption keys required to read your report.
3. How Your Data is Used
The encrypted reports and domain data are used strictly for the following purposes:
- To allow our offline, independent legal and vetting teams to decrypt and review the incident details locally.
- To identify and aggregate verified patterns of systemic abuse at specific corporate branches or companies.
- To publish fully anonymized, aggregated statistics (e.g., “15 verified reports of unresolved harassment at Company X”) for public advocacy and institutional accountability.
4. Third-Party Tracking and Cookies
We do not use them. reportissue.org contains absolutely no third-party tracking scripts, advertising pixels, or analytics engines (such as Google Analytics or Meta Pixel). We use only strictly necessary, temporary session tokens that expire when you close your browser, ensuring no cross-site tracking occurs.
5. Legal Requests and Subpoenas (Our Stance on Disclosure)
Because reportissue.org does not store your IP address, device data, or plaintext email address, we cannot surrender your identity, even under legal compulsion. If our servers are subpoenaed or physically seized by corporate entities or law enforcement, the only data available will be irreversible email hashes and mathematically locked text blocks. We cannot hand over what we do not possess.
6. Your Rights
Under standard privacy laws (like the DPDP Act 2023 or GDPR), users have the right to access, modify, or delete their personal data. However, because our architecture strips away your identity to protect you, we cannot link your submitted report back to you once it is processed. Therefore, we cannot fulfill individual data deletion requests, as we have no technical way of knowing which anonymous report belongs to you.
7. Contact Us
If you have questions about our cryptographic architecture, security protocols, or this privacy policy, please contact our administration team securely.
Email: privacy@reportissue.org (For maximum security, we recommend contacting us using a secure provider like ProtonMail or via our public PGP key available on our Contact page).
Disclaimer: As the platform administrator, you should have this draft reviewed by a legal professional specializing in Indian cyber law (specifically the IT Act, 2000 and the Digital Personal Data Protection Act, 2023) to ensure total compliance before taking the site live.