Secure Connect - Encrypted System For Whistleblowers

  • Made & hosted in Germany
  • End-to-end encrypted
  • Anonymous contact form & encrypted email
  • Perfect for SMEs & Ombudspersons
  • Become legally compliant quickly with our guide

Best value for your legal security

Choose the most secure solution on the market: The built-in end-to-end encryption and the possibility for anonymous whistleblowing make the solution legally secure. We offer the best price-performance ratio for internal implementation in the company and for ombudspersons.

For SMEs & Ombudspersons

Easy implementation, ready to use within half an hour

  • Best price-performance ratio

  • Accepts tips in a legally secure and anonymous way

  • Can be customized with your company's branding

  • Available in 30 languages

  • Unlimited number of notices

  • Unlimited number of administrators

  • End-to-end encryption for maximum security

  • No complicated case management, but simple folder structure

For Whistleblowers

Easy to use, low-threshold reporting mechanism

  • Accessible via website or intranet

  • Anonymous reporting of violations

  • Easy, intuitive to use: works like email communication via anonymous address & password

  • Check received feedback at any time by simply logging in

  • See here a sample implementation of Secure Connect in dark theme

Secure Connect: The Encrypted Whistleblowing System

Whistleblowing System Features
100% compliance with EU Whistleblower Directive and GDPR
Confidential reporting mechanism with anonymous communication channel
Available in 30 languages
Customization of texts & branding
End-to-end encryption
Two-factor authentication
Encrypted, ISO 27001 certified data storage in Germany
Support via email

Register your Pro account now and set up Secure Connect in 30 minutes - for only 32,40 euros per month!

Secure Connect's ease of use combined with its unique level of security results in a fast and organized workflow. The built-in end-to-end encryption guarantees absolute confidentiality and anonymity. Thus, Secure Connect already meets the legal requirements of tomorrow.
Whistleblower System: An encrypted and anonymous message is sent with Secure Connect.

How to add Secure Connect to your website.

It only takes 30 minutes to set up the whistleblower system Secure Connect. Do it now!

  • First register a Tutanota Pro Account.

  • Set up a subdomain with your domain provider and direct it to Tutanota.

  • Customize Tutanota for your company. A detailed instruction can be found on our FAQ.

  • Create the encrypted contact form within Tutanota with this instruction.

  • Then you can place Secure Connect on your subdomain.

  • For more information, please get in touch.

Schools and NPOs can get Tutanota Pro plus Secure Connect at half price. Please check here for details.

Why use a digital whistleblower system like Secure Connect?

Secure Connect is the optimal tool for compliance with the Whistleblower Protection Act: It automatically encrypts all data and thus guarantees absolute confidentiality. In addition, anonymous whistleblowing is possible.

Anonymous reporting offers further advantages for the company or organization:

  1. Most employees prefer whistleblowing anonymously, which leads to faster detection of breaches of the law.

  2. If the violation was reported anonymously, there is no risk of reprisals against the whistleblower - since the whistleblower is not even known to the company.

Secure Connect is therefore ideal for small and medium-sized companies as well as large corporations. Reports received via the encrypted contact form can be processed directly within the company or by an ombudsperson.

Sven Taylor, Restore Privacy
"Secure Connect is a great feature that more websites should be utilizing. It easily enables an encrypted two-way communication and document sharing."
Claudio Guarnieri, Security Without Borders
"Secure Connect is, to begin with, a very simple way to set up a contact form on your website. It took me just a few minutes to add Tutanota Secure Connect to my website."
Jürgen Klute, Europa Blog
"I have been using Tutanota a long time already, and Tutanota has been proven secure. That's why Secure Connect is a great tool which offers what I need for my blog."

Current State on the Whistleblower Protection Act (EU Directive 2019/1937)

When will the Whistleblower Protection Act be passed in Germany?

The Whistleblower Directive (EU) 2019/1937 and the German Whistleblower Protection Act (HinSchG) will in future oblige all public and private companies with a size of 50 or more employees to set up legally compliant whistleblower systems.

What companies need to know about the Whistleblower Protection Act.

  • The German Whistleblower Protection Act (HinSchG) was expected to be confirmed by the Bundesrat on February 10, 2023, but the Bundesrat voted against it.

  • Now the German government wants to adapt the law in such a way that approval from the Bundesrat is not required.

  • The law will then be signed by the Federal President and published. The HinSchG is expected to come into force in April 2023.

  • Companies with 50 or more employees must implement secure whistleblower systems after the law is passed.

  • Companies with 50-249 employees have a transition period until December 17, 2023.

  • Failure to comply with the regulations could result in fines of up to 100,000 euros.

  • Companies must designate an "impartial person or department" (for SMEs, an externally acting ombudsperson is also possible here) responsible for handling whistleblower reports.

  • If a whistleblower submits a report, the internal reporting office must confirm this to the whistleblower within seven days; unless the report was submitted anonymously.

  • Companies must respond to whistleblower reports with "proper follow-up".

  • Within three months, the company must inform the whistleblower of what action has been taken, such as initiating internal compliance investigations or forwarding a report to a competent authority, such as a law enforcement agency.

  • Whistleblowers can also report violations of the law in a company via external reporting offices, e.g. the Federal Office of Justice (BfJ). The federal states can also set up their own reporting offices.

  • Whistleblowers are free to choose whether to submit a report to their company's internal reporting office or to use the external reporting office.

  • It must be possible to submit the report orally or in writing and, if desired, in person.

  • Background information on the legislation can be found on the Bundestag website.

Our tips for SMEs

Significance for companies

The Whistleblower Protection Act obliges all companies and organizations with 50 or more employees to provide an internal reporting office. This must enable the reporting of violations via written, verbal and personal reporting channels and represent a low-threshold offer for employees.

The Whistleblower Protection Act will come into force three months after promulgation and thus no later than April 2023.

  1. Don't wait too long: It is essential to prepare and organize the installation and operation of internal whistleblowing units in good time, otherwise there is a risk of fines. Companies with at least 250 employees must look for solutions immediately, as the law will apply to them when it comes into force in April.

  2. Pay attention to details of the law: The HR department must take special care if personnel measures are to be taken that could be in connection with a whistleblowing. Due to the reversal of proof, the employer must prove that any disadvantages, e.g. a failure to consider an employee for promotion or a dismissal, are not related to a whistleblowing by the employee concerned.

Otherwise, the whistleblower has a claim for damages and the company may be subject to fines.

This is why the option of an anonymous reporting channel, such as Secure Connect, is strongly recommended. If the employee reports a possible violation anonymously, there can be no suspicion that any personnel measure is a "reprisal" based on the violation report.

  1. Information and communication are important: The whistleblower system must be easy to find for all employees, for example on the website or intranet. The introduction of the system must be well communicated through internal channels via clear and easily accessible information.

  2. Best practice: Digital whistleblowing systems. More and more companies and organizations are turning to digital whistleblowing systems - simply because they are a low-threshold offering. After all, companies should incentivize whistleblowers to use internal reporting channels most often.

  3. Well suited for SMEs, without high costs: Digital whistleblower systems such as Secure Connect offer a cost-effective solution, especially for small and medium-sized companies. It can also be combined with an ombudsperson, so that the company only has to take care of the implementation of the system.

Register your Pro account now and set up Secure Connect in 30 minutes - for only 32,40 euros per month!

What is the Whistleblower Protection Act (HinschG)?

The Whistleblower Protection Act regulates the protection of natural persons (whistleblowers) who have become aware of violations in their company and pass these on to a reporting office.

The Whistleblower Protection Act comprises two pillars to ensure whistleblower protection:

  1. Whistleblowers should have an easy way to report violations, both through internal reporting mechanism and through a government external reporting mechanism.

  2. Whistleblowers are protected by the law from possible reprisals by the employer with the help of the "reversal of the burden of proof". For example, if a whistleblower is terminated, the company must prove that this did not occur in connection of the person being a whistleblower.

Entry into force of the Whistleblower Protection Directive (HinSchG)

From the entry into force of the HinSchG in the 2nd quarter of 2023, employers with 250 or more employees must set up an internal reporting office, employers with 50 or more employees are subject to the HinSchG starting on December 17th 2023.

In Germany, the Federal Council has voted against the HinSchG on 10th of February 2023. Now the Federal government wants to change the law in such a way that the approval of the Federal Council is not required. Then the Federal President must sign the law before it is published in the Official Gazette, after which companies with more than 250 employees must be compliant right away. Companies with more than 49, but less than 250 employees must comply with the new law by December 17th 2023.

In Austria, the majority of the National Council voted in favor of the law beginning of February. The next step for the law is to pass the Federal Council. It enters into force on the day following its promulgation. After this, companies larger than 250 employees must comply with the law within six months. Companies with more than 49, but less than 250 employees need to comply with the law by December 17th 2023.

What is a whistleblower system?

A whistleblowing system is a way for employees to report violations of the law in the company without having to expect reprisals. This system can be operated directly within the company or, in the case of SMEs with up to 250 employees, it can be delegated to an "ombuds office" (also known as "ombudsperson").

What is the purpose of a whistleblower system?

The purpose of a whistleblower system is to ensure that criminal acts and cases of corruption within the company can be uncovered and remedied as quickly as possible.

To whom does the Whistleblower Protection Directive apply and who must set up a whistleblower system?

European companies and organizations with more than 50 employees or an annual turnover of more than 10 million euros are obliged to set up an internal reporting office in accordance with the EU Whistleblower Protection Act.

Ombudsperson - does a company need one?

Companies and organizations with up to 250 employees can decide whether to receive reports internally or to commission an external ombudsperson. The external ombudsperson receives reports of legal and regulatory violations confidentially and handles the processing, classification and communication with the whistleblowers.

What kind of information is covered by the Whistleblowing Directive?

The whistleblower system is intended to be used to report serious legal or regulatory violations by members of the company or organization. Violations such as corruption, fraud, bribery or food safety violations are included.

What is a whistleblower?

A whistleblower is a person who knows information about violations and reports them. In the case of the Whistleblower Directive, these are violations within a company or organization that are reported by the whistleblower to an internal or external reporting office.