This solution describes the usage of ProtonMail as secondary email provider, in addition to your existing email provider. See For a solution based entirely on ProtonMail.
As a proud Proton partner, we don’t just resell their services but intend to add value. One of those services we’ve developed is a secondary email solution, where ProtonMail complements your primary Email Service with Microsoft 365 or Google Workspace as a secure and potentially anonymous communications channel to your organization.
Why ProtonMail as a Tip Line Solution?
For organizations looking to handle anonymous tips — whether from investigative sources, whistleblowers, or external informants — using ProtonMail as tip line has distinct advantages. ProtonMail is seen as a quasi-standard in secure email communication, trusted by activists, journalists, and security-conscious users around the world. For instance, ProtonMail is used by over 70 million users globally, including organizations like Amnesty International, highlighting its reliability and adoption within privacy-focused circles. ProtonMail provides end-to-end encryption within its email network, ensuring that sensitive tips are encrypted at all stages, without placing an undue burden on the sender. This makes ProtonMail a natural choice for anyone looking to create an environment where anonymity, privacy, and data protection are non-negotiable.
ProtonMail provides end-to-end encryption within its email network, ensuring that sensitive tips are encrypted at all stages, without placing an undue burden on the sender.
Who Needs Whistleblower Solutions
Different legal frameworks have hard requirements on whistle blowing. Here’s a few directives along with their regional application.
SOX
(Sarbanes-Oxley Act) | EU Whistleblower Protection Directive (2019/1937) | ISO 37002 | |
Region | 🇺🇸 US | 🇪🇺 EU | 🌐 Global |
Mandatory | Yes, for public companies* | Yes, for organizations with 50+ staff | No, voluntary guideline |
Scope | Financial/accounting misconduct | Legal violations across various areas | General ethical and legal risks |
Protection for Whistleblowers | Retaliation protections | Strong protections, including anonymity | Encouraged |
*SOX Public companies must provide a mechanism (e.g., hotline) for employees to report financial misconduct anonymously (Section 301).
Commonly Used Solutions and their Downsides
Common solutions to a tip line are
Common Solution | Downsides |
Dedicated Email Address | Weak privacy guarantees due to lack of encryption.
Your email provider (Microsoft 365 / Google Workspace) and your IT staff both have access to the inbox. |
Secure Submission Website | Weak privacy guarantees.
Although the transfer of the information is secure, the hosting provider, website admin and IT staff have access to the uploaded documents. |
Public Key Based Encryption
(Over any communications channel) | Secure but hard to set up and use for non-technical users and the users still need to familiar with the technology.
In addition, the source of the public key needs to be trusted. |
Compare those to the ProtonMail based solution where ProtonMail only has theoretical access to incoming emails from external (i.e. non ProtonMail) sources. Emails from within the ProtonMail network are encrypted on the sender’s computer before even Proton gains access and they remain encrypted until your designated tip handling staff access them.
Protection Under Swiss Legal Framework
One of the key advantages of ProtonMail is the protection offered under the Swiss legal framework. Switzerland has some of the world's strongest privacy laws, ensuring that all data stored on ProtonMail's servers is protected from overly-broad surveillance requests.
This provides an additional level of security and reassurance for both tipsters and organizations, knowing that sensitive information is safeguarded by stringent data privacy regulations. Check out the link below on location advantages or inquire for additional details.
Advantages of Proton’s Location in SwitzerlandA Solution Tailored for Your Needs
At bitcreed, we understand that no two organizations have identical requirements when it comes to handling sensitive information. That's why our offer is built around your specific needs. We provide support in setting up ProtonMail, including detailed setup documentation, a clear and practical usage concept, and an end-user guide that’s ready for publication to ensure your tip line is easy to use for everyone involved.
Our approach involves more than just setting up the technical components. We help define how this tip line fits into your existing processes, keeping operations smooth while adding a vital new channel of secure communication.
Package Details
Our package options include
- Requirements engineering to discover your specific needs since additional variations of the described setup are possible.
- The actual tip line setup with ProtonMail and a subdomain of your choice
- A documentation package of the detailed setup with important information for for your IT department
- A usage and security concept ready for integration into your company’s IT security concept
- Training materials for your tip handling staff
- Depending on your needs:
- Training materials for your employee handbook (internal whistleblower hotline)
- Usage instructions for your website (public tips hotline)
While your IT department gets instructions on how the setup works, only your designated staff will have access to the inbox.
We are also able to offer in-person or remote training.
Interested in Setting Up Your Secure Tip Line?
If this solution fits your organization's needs or if you have questions, don’t hesitate to contact us today.
Contact usYour emails to info@bitcreed.us or any of our bitcreed.us email addresses will reach us through ProtonMail’s secure email service.
European Union