Our cybersecurity guideline ensures data privacy and protection. Have a look on why Whaller is the most secure collaborative and social platform.
Create a free account
“ Cybersecurity must be an integral part of any SaaS or cloud services. At Whaller, cybersecurity is the key point of our strategy.
It ensures to our users a complete protection of their personal data. ”
Decide how and where your data's hosted.
By default, host your data on Whaller’s servers located in Roubaix, France (OVHcloud).
From the Standard offer
Benefit from a hybrid architecture by hosting your data on the servers of your choice, and accessing your networks via whaller.com.
From the Business offer
A physically dedicated platform hosted on OVHcloud's SecNumCloud qualified IaaS.
With the Enterprise offer
Install a standalone version of Whaller on your own servers to keep your service and data in house.
Exclusively for European institutional or industrial clients.
With the Enterprise offer
Whaller ensures the security of your information and the processing of your personal data in accordance with the provisions of the General Data Protection Regulation.
👉 Read our privacy policyAt Whaller, we strive to keep all our servers and software components used in our platform up to date.
We rely on the CyberWatch 🇫🇷 tool to ensure this permanent monitoring but also on services offered by the CERT-FR of the ANSSI.
The Whaller platform is updated more than 3 times a week.
Software and development rules are established and applied to all new developments, which are thoroughly checked and tested for adverse business or security effects.
Vulnerability tests are conducted automatically on a weekly basis.The correction of any detected issues is followed closely by the tech and cybersecurity teams.
Independent penetration test audits are performed on Whaller twice a year to identify and correct any vulnerabilities.
Each production server is equipped with an antivirus.The infrastructure is equipped with a web application firewall (WAF) and an intrusion detection system (IDS).ANSSI hardening guides are applied.
Whaller's architecture has been designed by applying the principles of Defense in Depth: filtering, dissociation of workflow/administration flows, VLAN/VXLAN segmentation, application of ANSSI recommendations.
Because hackers share information about their victims and attack techniques, we believe it is essential to do the same on the defense side. Whaller is therefore a pioneer in offering all its customers and partners an IoC sharing platform.
Whaller has an active bug bounty program since 2015. Are you an expert bug hunter? Contact us to get involved
Are you a hunter? Have you detected a vulnerability in our product?
👉 Go to our dedicated website
The concept of “Privacy by Design” implies protecting users' personal data from the very beginning of the creation of a platform, a website or a mobile app (code, practices, procedures). Have a look on some examples of “Privacy By Design” implementation in Whaller👇.
Spheres are “sealed”, clearly labeled, discussion spaces that provide contextualization. They prevent information from leaking out where it doesn’t belong.
Spheres in an organization are closed by default, but can be made invisible, open, or even public if the organization manager wishes.
An organization can choose to implement its own password and expiration policies.
An organization can choose to enable or disable the visibility of its members directory.
Members can create a different profile for each organization or sphere they belong to. This prevents the diffusion of personal or professional information outside of the concerned networks.
When a new sphere is created, its message history is disabled by default. If desired, it can be enabled by a sphere administrator to allow new members who join to view all public posts from the beginning.
Members can share private or group messages. Clearly labeled buttons avoid confusion and diffusion errors. All private messages are symbolized by a padlock and are automatically blurred in users’ feeds until scrolled over. This prevents curious colleagues from sneaking a peek! They also indicate which other members are involved in the conversation.
All data stays on Whaller and is never exploited.
Only members of a sphere can see its contents. If an organization manager wants to take over, they must enter in a visible manner (no “invisible” or “ghost” login).
When a member leaves a sphere, all of their messages are deleted except if the data legacy option has been enabled and they have given their consent.
Secure accounts by adding a second authentication factor (TOTP, Key Fido). Force your members to set up a second authentication factor.
From the Standard offer
Eliminate password fatigue and boost network security by implementing a Single Sign-On policy for members.
From the Business offer
Already have a directory and don’t want to create another? Synchronize the existing list of members with your Whaller network.
From the Business offer
Upgrade your network protection by putting an advanced password policy in place. Whaller propose a level of complexity in line with the requirements of the CNIL and the ANSSI. Length, complexity (minimum number of characters, numbers, uppercase, lowercase, special characters), expiration, number of connections before renewal, duration of the reset token (the length of time a password renewal request is valid)…
With the Enterprise offer
Monitor user network activity, identify any suspicious behaviors and take the necessary actions to remedy access issues within your organization.
With the Enterprise offer
All our employees regularly follow prevention modules organized by Cyril Bras, our Cybersecurity Director.
For example, all our employees have obtained the SecNumAcademy diploma issued by ANSSI.
Whaller has monitoring and alerting tools to detect potentially abnormal situations. The investigation and qualification of any incident that may affect the cyber security of the facilities is an essential and indispensable step. Whenever necessary and appropriate, Whaller reports attempted intrusions or malicious actions to the appropriate authorities.
Whaller is the first company to be awarded the “Sovereign Solution” label by the Privacy Tech association. The label, created in partnership with AFNOR certification, includes 5 categories and is aimed at French BtoB and BtoC software publishers.
On 19/11/2020, UBCOM announces that it has selected and labelled the solution developed by the French startup Whaller, leader in secure social and collaborative solutions. This decision was taken as part of UBCOM's research and selection process for cybersecurity offers.
Since 2019, Whaller has equipped the Ministry of the Armed Forces, and was awarded the label “Used by the French Armed Forces” in 2021. In 2020, during the first lockdowns, Whaller was chosen to equip the entire Ministry as a temporary teleworking solution.
Whaller is currently undergoing CSPN certification by the ANSSI. CSPN certification provides a first level of cybersecurity certification, recognized by the French government. This level of certification has not been awarded to any other social and collaborative platform.
The Pôle d’excellence Cyber was created by the Ministry of the Armed Forces and the Brittany Region in 2014.
Its objective is to develop the cybersecurity ecosystem at regional, national, European and especially international level.
Whaller, a company committed to cybersecurity, has joined forces with Hexatrust, a group of innovative companies that promotes good practice in the field of trusted clouds and cybersecurity while raising awareness of French and European regulations.
This programme is aimed at software publishers, as well as SaaS and PaaS solution providers. The ambition is to co-build an ecosystem of SaaS and PaaS services, hosted in the open, reversible and reliable OVHcloud. It will thus offer a common platform of competitive solutions.
Chaired by Jean-Marie Cavada, iDFRights is dedicated to the study, promotion and defense of digital human rights. The iDFRights is an initiative led by lawyers, academic researchers, NGOs, actors of the digital ecosystem and public figures.
