Capture, investigate, and resolve every ethics concern and disclosure in one secure system of record — built for compliance teams operating across borders.
Give employees secure, anonymous and named ways to raise concerns in 70+ languages, with protected two-way messaging that keeps the conversation going.
Collect structured, named disclosures through smart forms that route each submission automatically based on your org chart and policy rules.
Let frontline and deskless staff report by voice. Our AI transcribes and structures every call into a clean, actionable case.
Maintain a centralised, tamper-proof log of business gifts, travel and entertainment to stay audit-ready for anti-bribery reviews.
Give HR a fair, consistent path for handling grievances, with pulse surveys and culture signals that surface issues early.
Walk through every channel and workflow with our team on a tailored call.
Offer accessible, secure intake across web, mobile and voice in 70+ languages — anonymous or identified.
Once a report lands, Vondaly structures the case with configurable workflows and AI-assisted triage, so teams apply the same fair process every time.
Keep central oversight while letting regions configure locally, so you stay accountable in every jurisdiction.
Certified to ISO 27001 and SOC 2 Type II, with customer-managed encryption keys and regional data residency, Vondaly gives you a defensible, audit-ready foundation and full control of your data.
The engine for enterprise whistleblowing and case management. Triage reports, automate investigations, and drive consistent resolution across every entity.
A dedicated home for routine ethical declarations — conflicts of interest, gifts and hospitality logs, and custom filings through structured workflows.
A secure, AI-powered voice channel that turns spoken disclosures into structured cases, combining accessibility with strong anonymity protections.
Meet the EU Whistleblower Directive and GDPR while holding consistent standards in every region you run.
Stay fully self-managed: configure forms, routing and access rights on your own, with no vendor dependency.
ISO 27001, SOC 2 Type II, strong encryption and role-based access keep sensitive disclosures safe.
Let your global workforce speak up in 70+ languages through digital and AI voice channels that scale.
Roll out your ethics program fast with a flexible platform built for high adoption across business units.
Meet employees where they are. Available on the App Store and Google Play, the Vondaly app enables secure, anonymous reporting from anywhere, with real-time follow-up.
Transparent, organisation-wide pricing — never per-report or per-seat. Every plan includes unlimited reporters, the full case workflow, and certified security.
Move from fragmented reporting tools to a single, secure system of record built for complex, global compliance. Talk to our team to see how Vondaly supports whistleblowing, disclosures and enterprise governance at scale.
Vondaly Inc ("Vondaly", "we", "us", or "our") provides an ethics, disclosures and whistleblowing case-management platform (the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the rights you have over it. We act as a data controller for information about our own users and website visitors, and as a data processor for the reporter, case and disclosure data our customers store in the Service.
For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679) and the UK GDPR, the controller is Vondaly Inc, 442 Lytton Avenue, Palo Alto, CA 94301, USA, with an EU representative in Dublin, Ireland. You can reach our Data Protection Officer at privacy@vondaly.com.
When you book a demo, create an account, subscribe, or contact us, we collect details such as your name, work email, organisation, role, and any content you submit.
Our customers use Vondaly to receive reports and manage disclosures. Reporters may choose to remain anonymous; where they do, we deliberately avoid collecting IP addresses, device identifiers or other metadata that could identify them. We process all Customer Data solely on our customers' documented instructions under our Data Processing Addendum.
When you use our marketing website, we collect limited device and usage information using cookies and similar technologies (see Section 7). The anonymous reporting channels are intentionally excluded from this tracking.
We use personal data to operate, secure, and improve the Service; authenticate users; process subscriptions; respond to enquiries and support requests; send marketing communications where permitted (you can opt out at any time); produce aggregated, anonymised analytics; and meet our legal obligations.
| Purpose | Legal basis |
|---|---|
| Providing the Service to account holders | Performance of a contract |
| Processing Customer Data | Processed on the customer's instruction as processor |
| Security, fraud prevention, product improvement | Legitimate interests |
| Marketing emails | Consent, withdrawable at any time |
| Billing and statutory records | Legal obligation |
Vondaly's AI features assist with transcription of voice reports and triage of incoming cases. These are decision-support tools — trained investigators and compliance staff remain responsible for every case decision. We do not use Customer Data to train models shared across customers, and we never sell personal data. Customers can disable AI features from their workspace settings.
We do not sell personal data. We share it only with sub-processors who help us run the Service (for example cloud hosting, transcription, and email delivery), professional advisers where necessary, authorities where required by law, and a successor entity in connection with a merger or acquisition, subject to this Policy. A current list of sub-processors is available on request.
Customer Data is hosted in the region you select — the EU, North America, or Asia. Where data is transferred across borders, we rely on adequacy decisions or the Standard Contractual Clauses, with appropriate technical safeguards.
Our marketing website uses strictly necessary cookies plus optional analytics cookies. You can manage your preferences at any time through our cookie banner. Non-essential cookies are only set with your consent. Anonymous reporting channels do not use tracking cookies.
We retain account and billing data while your account is active and for up to seven years afterward where required by law. Customer Data is retained according to our customers' instructions; after an account closes, we make it available for export for 30 days and then delete it within 90 days, unless a longer period is legally required.
We protect personal data using encryption in transit and at rest, customer-managed key options, role-based access controls, continuous monitoring, and regular third-party penetration testing. Our infrastructure is ISO 27001 certified and SOC 2 Type II audited. We will notify affected users and regulators of any qualifying breach without undue delay.
Depending on your location, you may have the right to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, email privacy@vondaly.com. You may also complain to a supervisory authority.
The Service is intended for business use and is not directed at anyone under 16. We do not knowingly collect personal data from children.
We may update this Policy from time to time. If we make material changes, we will notify account holders by email or in-app notice before they take effect. The "Last updated" date above reflects the latest revision.
Questions about this Policy or your data? Write to our Data Protection Officer at privacy@vondaly.com, or by post to Vondaly Inc, 442 Lytton Avenue, Palo Alto, CA 94301, USA.
These Terms of Use ("Terms") are a binding agreement between you ("Customer", "you") and Vondaly Inc ("Vondaly", "we", "us"), a Delaware corporation with offices at 442 Lytton Avenue, Palo Alto, CA 94301. They govern your access to and use of the Vondaly ethics and disclosures platform, websites, and related services (the "Service"). By booking a demo, creating an account, signing an order form, or using the Service, you agree to these Terms. If you accept on behalf of an organisation, you confirm you have authority to bind it.
Vondaly provides a cloud-based platform for whistleblowing, case management, ethical disclosures, and related AI features, delivered on a subscription basis. We may update or improve features over time and will not materially reduce the core functionality of a paid plan during your term without notice.
You must provide accurate account information and keep it current. You are responsible for safeguarding your credentials and for activity under your account. You must be at least 18 and use the Service only for lawful business purposes. Report any unauthorised use to security@vondaly.com.
The Service is provided under the plan and fees set out in your order form. Fees are payable in advance and non-refundable except where required by law. Subscriptions renew for successive terms unless cancelled before renewal. We may suspend access for overdue payment after reasonable notice. Fees are exclusive of applicable taxes.
You retain all rights to the data you and your reporters submit ("Customer Data"). You grant us a limited licence to host and process it solely to provide and support the Service, as described in our Privacy Policy and Data Processing Addendum. You are responsible for having a lawful basis to process the personal data handled through your programs.
You agree not to use the Service to store unlawful or infringing content; attempt unauthorised access; reverse-engineer, resell, or sublicense it except as permitted in writing; misuse reporting channels to harass or defame; or disrupt the integrity or performance of the Service.
Transcription and triage features are decision-support tools. Outputs may be incomplete or inaccurate, and you remain responsible for all case and compliance decisions. You agree to use AI outputs consistently with applicable anti-retaliation, anti-discrimination and employment laws.
The Service, including all software, designs, and trademarks, is owned by Vondaly and its licensors. Except for the rights expressly granted, no rights are transferred. Feedback you provide may be used by us without restriction.
Each party will protect the other's confidential information with reasonable care and use it only to perform under these Terms. This does not apply to information that is public, independently developed, or lawfully obtained from a third party.
We aim to keep the Service available and provide support appropriate to your plan. Enterprise plans may include an uptime SLA in a separate agreement. Planned maintenance will be communicated in advance where practicable.
We warrant that the Service will perform materially in line with its documentation. Except as expressly stated, the Service is provided "as is" and "as available", and we disclaim all other warranties to the fullest extent permitted by law.
To the maximum extent permitted by law, neither party will be liable for indirect, incidental, or consequential damages, or lost profits or data. Each party's total aggregate liability under these Terms will not exceed the fees paid by you in the 12 months preceding the claim. Nothing limits liability that cannot be limited by law.
These Terms apply for as long as you use the Service. Either party may terminate for material breach not cured within 30 days of notice. On termination, your right to use the Service ends, and we will make Customer Data available for export for 30 days before deletion, as described in our Privacy Policy.
We may update these Terms from time to time. If we make material changes, we will notify account holders before they take effect. Continued use after changes take effect constitutes acceptance.
These Terms are governed by the laws of the State of California, USA, without regard to conflict-of-laws principles, and the state and federal courts located in Santa Clara County, California have jurisdiction, subject to any mandatory local protections.
Questions about these Terms? Write to legal@vondaly.com or Vondaly Inc, 442 Lytton Avenue, Palo Alto, CA 94301, USA.