Procurement #
This page summarizes the procurement and due-diligence materials available for EthicsPortal.
Last updated: April 22, 2026.
Public due-diligence documents #
The following materials are published publicly:
- Vendor information
- Data Processing Agreement
- Subprocessors
- Security
- Incident register
- SLA
- Privacy policy
- Terms of service
Standard procurement position #
- Contracting party: Yaroslav Shmarov, sole proprietor registered in Poland
- Customer relationship: In the standard subscription model, the customer is the controller and EthicsPortal acts as processor for customer report data
- Primary hosting region: Nuremberg, Germany (EU)
- International transfers: Core whistleblower report data is hosted in the EU. Limited marketing-site and admin-side processing may involve specific published subprocessors outside the EU/EEA, currently Cloudflare and Honeybadger, as described in the DPA and subprocessors pages
- Current assurance status: EthicsPortal does not currently claim ISO 27001, SOC 2, or equivalent certification on this site
Available on request during procurement #
Customers can request procurement materials such as:
- Signed DPA
- Registry extract or equivalent registry evidence
- NIP / tax proof
- Completed security questionnaire
- Written answers on backup and restore procedures
- Written answers on privileged production access
- Written answers on incident-response handling
- Business continuity and exit / export responses
Some of these materials are shared during procurement review rather than published on the open web because they are more useful in controlled disclosure than as general marketing content.
Contact #
To request procurement materials, email support@ethicsportal.eu.
For security-review questions, email security@ethicsportal.eu.
Last updated: