Security & privacy

At Whaller, data protection, security and respect are fundamental. The platform is built on the basis of Privacy by Design and gives users total control of their data.

Labels and certificates

Secure networks

Communicate with confidence thanks to Whaller’s unique system of sealed spheres, where members can collaborate and exchange as a group or via private messages.

From the Standard offer

Secure networks Image

Privacy by Design


Spheres are “sealed”, clearly labeled, discussion spaces that provide contextualization. They prevent information from leaking out where it doesn’t belong.

Spheres in an organization are closed by default, but can be made invisible, open, or even public if the organization manager wishes.

organisation de sphère


An organization can choose to implement its own password and expiration policies.

mot de passe


An organization can choose to enable or disable the visibility of its members directory.

annuaires des membres


Members can create a different profile for each organization or sphere they belong to. This prevents the diffusion of personal or professional information outside of the concerned networks.

créer plusieurs comptes


When a new sphere is created, its message history is disabled by default.If desired, it can be enabled by a sphere administrator to allow new members who join to view all public posts from the beginning.



Members can share private or group messages. Clearly labeled buttons avoid confusion and diffusion errors.All private messages are symbolized by a padlock and are automatically blurred in users’ feeds until scrolled over. This prevents curious colleagues from sneaking a peek! They also indicate which other members are involved in the conversation.

messages privés ou publiques


All data stays on Whaller and is never exploited.

données par whaller


Only members of a sphere can see its contents. If an organization manager wants to take over, they must enter in a visible manner (no “invisible” or “ghost” login).

accès messages


When a member leaves a sphere, all of their messages are deleted except if the data legacy option has been enabled and they have given their consent.

messages détruits
rgpd logo

GDPR compliance

Whaller ensures the security of your information and the processing of your personal data in accordance with the provisions of the General Data Protection Regulation.

Learn more

Platform architecture & security practices

Dynamic vulnerability analysis

Vulnerability tests are conducted automatically on a weekly basis.The correction of any detected issues is followed closely by the tech and cybersecurity teams.

Incident prevention

Each production server is equipped with an antivirus.The infrastructure is equipped with a web application firewall (WAF) and an intrusion detection system (IDS).ANSSI hardening guides are applied.

Penetration tests

Independent penetration test audits are performed on Whaller twice a year to identify and correct any vulnerabilities.

Development best practices

The Whaller platform is updated more than 3 times a week.
Software and development rules are established and applied to all new developments, which are thoroughly checked and tested for adverse business or security effects.
Discover Whaller’s roadmap and release notes

Defense in Depth

Whaller's architecture has been designed by applying the principles of Defense in Depth: filtering, dissociation of workflow/administration flows, VLAN/VXLAN segmentation, application of ANSSI recommendations.

Tailor-made data hosting

Decide how and where your data's hosted.



By default, host your data on Whaller’s servers located in Roubaix, France (OVHcloud).

From the Standard offer



Secure your data on OVHcloud’s SecNumCloud-certified Hosted Private Cloud.

From the Business offer(optional)


Data On-Premises

Benefit from a hybrid architecture by hosting your data on the servers of your choice, and accessing your networks via

From the Business offer(optional)


All On-Premises

Install a standalone version of Whaller on your own servers to keep your service and data in house.

With the Enterprise offer(optional)

OVHcloud Hosted Private Cloud compliance and certifications

Two-Factor Authentication (2FA)

Add an extra layer of protection to account authentication by linking a hardware security key (FIDO).

From the Standard offer

Two-Factor Authentication (2FA) Image

Single Sign-On (SSO)

Eliminate password fatigue and boost network security by implementing a Single Sign-On policy for members.

From the Business offer

Single Sign-On (SSO) Image

LDAP synchronization

Already have a directory and don’t want to create another? Synchronize the existing list of members with your Whaller network.

From the Business offer

LDAP synchronization Image

Password policies

Upgrade your network protection by putting an advanced password policy in place:

  • Length
  • Complexity (minimum number of characters, numbers, uppercase, lowercase, special characters)
  • Expiration
  • Number of connections before renewal
  • Duration of the reset token (the length of time a password renewal request is valid)

With the Enterprise offer

Password policies Image

Audit logs

Monitor user network activity, identify any suspicious behaviors and take the necessary actions to remedy access issues within your organization.

With the Enterprise offer

Audit logs Image