Product · Ley 2/2023 + GDPR

Canal de Denuncias

A multi-tenant whistleblowing channel that lets your company comply with Ley 2/2023 and GDPR out of the box — anonymous reporting, deadline tracking, full audit trail, and AI-assisted triage. White-labeled, ready in minutes, defensible in an inspection.

Request a demo →Sign up

Anonymous

No email or login required to file or follow up

7d / 3m

Legal deadlines tracked and reminded automatically

ES + EN

Bilingual reporter and admin experience end-to-end

GDPR

Reporter rights — access, rectification, erasure, portability

Capabilities

Everything a compliant channel needs

Built around the reporter experience, the admin workflow, and the audit trail your legal team will be asked for.

Anonymous reporting

Reporters submit via a per-company branded link and receive a CD-XXXX-XXXX tracking code. No email, no account, no identity disclosure.

Two-way confidential messaging

Reporters and admins exchange messages via the tracking code, with optional verbal-channel and in-person meeting requests.

Built-in legal deadlines

Automatic 7-day acknowledgment and 3-month resolution timers, with cron-driven email reminders for the responsible admins.

AI-assisted triage

Per-complaint summaries, risk scoring, category insights, and aggregate dashboards — with on-demand translation.

Immutable audit trail

Every state change, message, and admin action is logged — retained beyond complaint deletion per legal record-keeping requirements.

GDPR reporter rights

Access, rectification, erasure (PII strip + scheduled deletion), and portability — surfaced directly inside the tracker UI.

Per-tenant retention

Configurable retention windows with automated PII stripping and scheduled deletion — defaults aligned to Spanish guidance.

Print-ready dossiers

Paginated case files for offline review, internal committees, or regulator handoff — formatted for archiving.

Built-in artificial intelligence

It's not a mailbox. It's an analyst that never sleeps.

Every report arrives as raw text. In seconds, our AI turns it into an actionable case file — what happened, how much risk there is, what to do now, and whether it resembles something you've seen before. Six capabilities, in Spanish and English.

Case analysis

A 2–3 sentence summary, a justified risk level (low/medium/high/critical), 3–5 concrete next steps, automatic tags, and sentiment analysis.

Saves hours of reading per case

Legal deadline advisor

The AI knows Law 2/2023: it flags the 7-day acknowledgment and 3-month resolution deadlines, marks what is overdue, and guides the next formal steps.

Cuts the risk of fines

Similar-case detection

Semantically compares against your history to flag related reports — spotting recurring patterns (same harasser, same department) that would otherwise go unnoticed.

Surfaces systemic problems

Aggregate intelligence

An executive dashboard with recurring themes, anomaly alerts, top risk areas, channel health, deadline-compliance rate, and average resolution time.

Boardroom view, not just case view

Instant translation

Translate reports and messages between Spanish and English in one click. Handle cases from an international workforce without hiring translators.

Multilingual teams & workforces

Draft response

Drafts a formal, professional, and empathetic reply for the reporter. The manager reviews, tweaks, and sends — flawless communication in a fraction of the time.

Consistent, polished replies

Privacy by design: the AI analyses the content of the report, never the reporter's identifying data. The anonymity and confidentiality the law requires stay fully intact.

Compliance fit

Ley 2/2023 + GDPR, delivered end-to-end

Every requirement of the Spanish whistleblowing law has a corresponding capability in the product.

What the law requires

How Canal de Denuncias delivers it

Internal channel for companies with 50+ employees

White-labeled per-tenant reporting portal, ready in minutes.

Anonymous reporting, even without identifying the reporter

Identity-free submission with CD-XXXX-XXXX tracking code and anonymous two-way messaging.

Acknowledgment within 7 days, resolution within 3 months

Automatic timers with email reminders for the assigned admins, surfaced in the dashboard.

GDPR-aligned data protection and reporter rights

Postgres RLS isolation, configurable retention, PII stripping, plus access/rectification/erasure/portability flows.

Auditable record of every action

Immutable audit log retained beyond complaint deletion, with print-ready dossiers for inspection.

Security posture

Defensible by design

Hardened authentication, isolated data, and a paper trail your CISO can hand to a regulator without flinching.

Mandatory TOTP MFA

Bcrypt (12 rounds) hashes and required time-based one-time passwords for every admin — no exceptions.

Tenant isolation

Postgres Row-Level Security ensures each company sees only its own data, enforced at the database layer.

Safe attachments

Up to 5 MB × 5 files. EXIF stripped, UUID-renamed, served via short-lived signed URLs.

Public form protection

Cloudflare Turnstile and Upstash rate limiting on every public form to block abuse and automated submissions.

Two-tier admin model

Company admins (per tenant) and platform operators are separated by auth, routes, and permissions.

Scheduled deletion

Per-tenant retention windows automate PII stripping and full deletion when the legal window closes.

Who it's for

Built for the teams legally on the hook

Spanish companies (50+ employees)

Legally required to operate an internal reporting channel under Ley 2/2023 — and looking for a turnkey, defensible option rather than a homemade form.

Consultancies and law firms

Compliance partners who manage Ley 2/2023 for multiple clients — multi-tenant from day one, branded per client, with a unified operator view.

How it works

Live in minutes, defensible from day one

Request access

Fill in the public signup form — basic company details and the responsible admin.

Get approved & configure

Our platform operators approve the tenant; you set branding, language, retention, and admin MFA.

Share the reporter link

Publish your branded reporting URL internally. Reporters file anonymously and receive a tracking code.

Triage and resolve

Use AI summaries and risk scoring to handle cases inside the legal deadlines, with everything logged for inspection.

FAQ

Questions we get most

Can a reporter file completely anonymously?

Yes. No email, login, or identifying field is required. Reporters get a CD-XXXX-XXXX tracking code that they can use to follow up and exchange messages without ever revealing their identity.

How is data isolated between client companies?

Each tenant's data is segregated by Postgres Row-Level Security, enforced at the database layer. Combined with separate admin authentication and routes, no tenant can see another tenant's complaints.

Is MFA required for admins?

Yes. TOTP is mandatory for every company admin and platform operator. Passwords are stored with bcrypt at 12 rounds, and rate-limited public forms are protected by Cloudflare Turnstile.

What about data retention and reporter rights?

Retention windows are configurable per tenant, with automated PII stripping and scheduled deletion. Reporters can exercise GDPR access, rectification, erasure, and portability rights directly inside the tracker UI.

Which languages are supported?

The reporter and admin experiences are bilingual Spanish and English end-to-end. AI translation is available on demand for messages and summaries.

Comply with Ley 2/2023 without building it yourself.

Spin up your own branded whistleblowing channel — anonymous, deadline-tracked, audit-logged, ready for inspection.

Request a demo →Sign up