Privacy Policy | lisnto.me

Privacy Policy

Last updated: February 21, 2026

1. Introduction

lisnto.me ("we", "our", or "us") operates a secure whistleblower management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

2. Information We Collect

We may collect the following types of information:

  • Account Information: Name, email address, organization name, and role when you register for our platform.
  • Report Data: Information submitted through whistleblower reports, which is encrypted end-to-end and accessible only to authorized personnel.
  • Usage Data: Browser type, IP address, pages visited, and interaction patterns collected automatically through cookies and analytics.
  • Communication Data: Records of correspondence when you contact our support team.

3. How We Use Your Information

  • To provide, operate, and maintain our whistleblower management platform.
  • To process and manage whistleblower reports in compliance with applicable regulations.
  • To communicate with you regarding your account, updates, and support requests.
  • To improve our services, analyze usage trends, and enhance user experience.
  • To comply with legal obligations, including the EU Whistleblower Protection Directive.

4. Data Security

We implement industry-leading security measures to protect your data, including end-to-end encryption for all whistleblower reports, AES-256 encryption at rest, TLS 1.3 for data in transit, and regular third-party security audits. Access to report data is strictly controlled through role-based permissions and multi-factor authentication.

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Whistleblower report data is retained in accordance with applicable regulatory requirements and your organization's configured retention policies.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your personal data, subject to legal retention requirements.
  • Object to or restrict the processing of your data.
  • Data portability — receive your data in a structured, machine-readable format.

7. Third-Party Services

We may use third-party service providers for hosting, analytics, and communication. These providers are contractually bound to protect your data and process it only as instructed by us. We do not sell your personal information to third parties.

8. International Data Transfers

If your data is transferred outside your jurisdiction, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms under applicable law.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date above.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@lisnto.me.