Security at Whaller

Our cybersecurity guideline ensures data privacy and protection. Have a look on why Whaller is the most secure collaborative and social platform.

label privacy tech

Whaller et Smart Formation lancent une formation de sensibilisation à la cybersécurité.

Assurée par Cyril Bras, Directeur Cybersécurité de Whaller, cette formation a pour but d'armer les collaborateurs de votre entreprise ou administration avec les meilleures pratiques pour garantir la sécurité de vos infrastructures.

Tailor-made data hosting

At Whaller, data sovereignty is just as fundamental as cyber security. We offer several hosting methods depending on your security needs. Data is stored on a French host, ensuring that it does not leave European territory and is not subject to extraterritorial laws.



Whaller offers by default to host your data on its servers located in France (OVHcloud).

From the Standard offer


Data On-Premises

Benefit from a hybrid architecture by hosting your data on the servers of your choice, and accessing your networks via

From the Business offer


All On-Premises

Install a standalone version of Whaller on your own servers to keep your service and data in house.

Exclusively for European institutional or industrial clients.

With the Enterprise offer

Schedule a demo

OVHcloud Hosted Private Cloud compliance and certifications

rgpd logo

GDPR compliance

Whaller ensures the security of your information and the processing of your personal data in accordance with the provisions of the General Data Protection Regulation.

👉 Read our privacy policy

Cybersecurity best practices

Maintenance of safe conditions

At Whaller, we strive to keep all our servers and software components used in our platform up to date.
We rely on the CyberWatch 🇫🇷 tool to ensure this permanent monitoring but also on services offered by the CERT-FR of the ANSSI.

Maintenance of safe conditions

Development best practices

The Whaller platform is updated more than 3 times a week.
Software and development rules are established and applied to all new developments, which are thoroughly checked and tested for adverse business or security effects.

Development best practices

Dynamic vulnerability analysis

Vulnerability tests are conducted automatically on a weekly basis.The correction of any detected issues is followed closely by the tech and cybersecurity teams.

Dynamic vulnerability analysis

Penetration tests

Independent penetration test audits are performed on Whaller twice a year to identify and correct any vulnerabilities.

Penetration tests

Incident prevention

Each production server is equipped with an antivirus.The infrastructure is equipped with a web application firewall (WAF) and an intrusion detection system (IDS).ANSSI hardening guides are applied.

Incident prevention

Defense in Depth

Whaller's architecture has been designed by applying the principles of Defense in Depth: filtering, dissociation of workflow/administration flows, VLAN/VXLAN segmentation, application of ANSSI recommendations.

Defense in Depth

Indicator of compromise (IoC)

Because hackers share information about their victims and attack techniques, we believe it is essential to do the same on the defense side. Whaller is therefore a pioneer in offering all its customers and partners an IoC sharing platform.

Indicator of compromise (IoC)

Quality control

Because it is better for our weaknesses to be detected by White Hats than by Black Hats, Whaller is part of a Bug Bounty approach.

Are you a hunter? Have you detected a vulnerability in our product?

👉 Go to our dedicated website

Protect your data from scratch

The concept of “Privacy by Design” implies protecting users' personal data from the very beginning of the creation of a platform, a website or a mobile app (code, practices, procedures). Have a look on some examples of “Privacy By Design” implementation in Whaller👇.


Secure and dedicated discussion space

Spheres are “sealed”, clearly labeled, discussion spaces that provide contextualization. They prevent information from leaking out where it doesn’t belong.

Spheres in an organization are closed by default, but can be made invisible, open, or even public if the organization manager wishes.


Password policy

An organization can choose to implement its own password and expiration policies.


Members directories

An organization can choose to enable or disable the visibility of its members directory.


Specific profiles

Members can create a different profile for each organization or sphere they belong to. This prevents the diffusion of personal or professional information outside of the concerned networks.


History management

When a new sphere is created, its message history is disabled by default. If desired, it can be enabled by a sphere administrator to allow new members who join to view all public posts from the beginning.


Accessibility of messages

Members can share private or group messages. Clearly labeled buttons avoid confusion and diffusion errors. All private messages are symbolized by a padlock and are automatically blurred in users’ feeds until scrolled over. This prevents curious colleagues from sneaking a peek! They also indicate which other members are involved in the conversation.


Data protection

All data stays on Whaller and is never exploited.


Network access management

Only members of a sphere can see its contents. If an organization manager wants to take over, they must enter in a visible manner (no “invisible” or “ghost” login).


Deletion of messages

When a member leaves a sphere, all of their messages are deleted except if the data legacy option has been enabled and they have given their consent.

Advanced data security


Two-Factor Authentication (2FA)

Secure accounts by adding a second authentication factor (TOTP, Key Fido). Force your members to set up a second authentication factor.

From the Standard offer


Single Sign-On (SSO)

Eliminate password fatigue and boost network security by implementing a Single Sign-On policy for members.

From the Business offer


LDAP synchronization

Already have a directory and don’t want to create another? Synchronize the existing list of members with your Whaller network.

From the Business offer


Password policy

Upgrade your network protection by putting an advanced password policy in place. Whaller propose a level of complexity in line with the requirements of the CNIL and the ANSSI. Length, complexity (minimum number of characters, numbers, uppercase, lowercase, special characters), expiration, number of connections before renewal, duration of the reset token (the length of time a password renewal request is valid)…

With the Enterprise offer


Audit logs

Monitor user network activity, identify any suspicious behaviors and take the necessary actions to remedy access issues within your organization.

With the Enterprise offer

Whaller commits to cybersecurity awareness

Raising awareness of cybersecurity issues

All our employees regularly follow prevention modules organized by Cyril Bras, our Cybersecurity Director.

For example, all our employees have obtained the SecNumAcademy diploma issued by ANSSI.

Cyber-attack analysis

Whaller has monitoring and alerting tools to detect potentially abnormal situations. The investigation and qualification of any incident that may affect the cyber security of the facilities is an essential and indispensable step. Whenever necessary and appropriate, Whaller reports attempted intrusions or malicious actions to the appropriate authorities.

Labels and certificates

Privacy Tech

Whaller is the first company to be awarded the “Sovereign Solution” label by the Privacy Tech association. The label, created in partnership with AFNOR certification, includes 5 categories and is aimed at French BtoB and BtoC software publishers.

Privacy Tech


On 19/11/2020, UBCOM announces that it has selected and labelled the solution developed by the French startup Whaller, leader in secure social and collaborative solutions. This decision was taken as part of UBCOM's research and selection process for cybersecurity offers.


Used by the French armies

Since 2019, Whaller has equipped the Ministry of the Armed Forces, and was awarded the label “Used by the French Armed Forces” in 2021. In 2020, during the first lockdowns, Whaller was chosen to equip the entire Ministry as a temporary teleworking solution.

Used by the French armies

CSPN certification by ANSSI

Whaller is currently undergoing CSPN certification by the ANSSI. CSPN certification provides a first level of cybersecurity certification, recognized by the French government. This level of certification has not been awarded to any other social and collaborative platform.

CSPN certification by ANSSI


Pôle d’excellence Cyber

The Pôle d’excellence Cyber was created by the French Ministry of the Armed Forces and the Brittany Region in 2014.
Its objective is to develop the cybersecurity ecosystem at regional, national, European and especially international level.

Pôle d’excellence Cyber


Whaller, a company committed to cybersecurity, has joined forces with Hexatrust, a group of innovative companies that promotes good practice in the field of trusted clouds and cybersecurity while raising awareness of French and European regulations.


Open Trusted Cloud by OVHcloud

This programme is aimed at software publishers, as well as SaaS and PaaS solution providers. The ambition is to co-build an ecosystem of SaaS and PaaS services, hosted in the open, reversible and reliable OVHcloud. It will thus offer a common platform of competitive solutions.

Open Trusted Cloud by OVHcloud

Institute for Digital Fundamental Rights

Chaired by Jean-Marie Cavada, iDFRights is dedicated to the study, promotion and defense of digital human rights. The iDFRights is an initiative led by lawyers, academic researchers, NGOs, actors of the digital ecosystem and public figures.

Institute for Digital Fundamental Rights