Terms of Service

1. Acceptance of Terms

By accessing or using the Whistla platform ("Platform"), you ("User", "Company", or "you") agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, you may not access or use the Platform.

These Terms constitute a legally binding agreement between you and ICM AS ("ICM", "Whistla", "we", "us", or "our"), a Norwegian company registered in Oslo, Norway (Org. No. 995 372 304). The Whistla platform is owned and developed by SAAZLY FZCO (Dubai, UAE) and distributed by ICM AS in Europe.

2. Service Description

2.1 Platform Overview

Whistla provides a comprehensive whistleblowing and compliance management platform with the following key features:

• Whistleblowing System: GDPR-compliant whistleblowing case management
• Policy Management: Tools for creating and managing compliance policies
• AI-Powered Case Assistant: Intelligent case analysis and management support
• External Investigators Marketplace: Access to verified external investigators for conflict-of-interest situations
• Compliance Tools: ISO 37002 and EU Directive 2019/1937 compliance features

2.2 External Investigators Marketplace

The Platform includes a marketplace ("Marketplace") connecting companies with external legal investigators ("External Investigators") for handling whistleblowing cases where conflicts of interest arise.

Key Marketplace Features:

• Search and selection of verified external investigators
• Secure case transfer and management
• Time tracking and billing tools
• GDPR-compliant data handling
• Payment processing and protection

3. User Accounts

3.1 Account Creation

To use the Platform, you must:

• Be a legal entity or authorized representative thereof
• Provide accurate and complete registration information
• Maintain the security of your account credentials
• Be at least 18 years of age
• Have authority to bind your organization to these Terms

3.2 Account Security

You are responsible for:

• All activities that occur under your account
• Maintaining the confidentiality of passwords
• Notifying us immediately of any unauthorized access
• Ensuring all users comply with these Terms

3.3 Account Suspension

We reserve the right to suspend or terminate accounts that:

• Violate these Terms
• Engage in fraudulent activity
• Fail to pay subscription fees
• Pose security risks to the Platform

4. Subscription Fees and Payment

4.1 Subscription Plans

Whistla offers the following annual subscription plans (prices in SEK):

All prices exclude VAT (25% for Swedish customers).

4.2 Payment Terms

• Subscriptions are billed annually in advance
• Payment is due within 30 days of invoice date
• We accept payments via Stripe (card, bank transfer)
• All fees are non-refundable except as required by law

4.3 Platform Fee for External Investigators

When using External Investigators through the Marketplace:

• A 10% platform fee applies to all case assignments
• Fee is automatically calculated and collected
• Fee covers payment processing, case management, GDPR tools, and support
• Organizations are not charged the platform fee (included in subscription)

4.4 Late Payment

Failure to pay subscription fees may result in:

• Suspension of Platform access
• Termination of account
• Collection action under Norwegian law
• Interest on overdue amounts (8% per annum)

4.5 Price Changes

We reserve the right to change subscription prices with:

• 60 days' advance written notice
• No change to existing annual subscriptions until renewal
• Right to cancel before price change takes effect

5. Platform Usage

5.1 Permitted Use

You may use the Platform to:

• Manage whistleblowing reports and investigations
• Create and maintain compliance policies
• Access External Investigators for legitimate business needs
• Store and process whistleblowing data in compliance with GDPR
• Generate reports and analytics

5.2 Data Storage and Retention

• All data is stored in EU-based servers (Supabase)
• We comply with GDPR Article 5 (storage limitation)
• Case data is retained according to your organization's policy
• Deleted data is permanently removed within 30 days
• Backups are maintained for disaster recovery (90 days)

5.3 User Responsibilities

You agree to:

• Use the Platform in compliance with all applicable laws
• Maintain accurate and current information
• Not use the Platform for illegal purposes
• Respect the confidentiality of whistleblowers
• Follow ISO 37002 best practices

6. Prohibited Activities

You may not:

6.1 Technical Prohibitions

• Attempt to gain unauthorized access to the Platform
• Use automated tools to scrape or download content
• Reverse engineer or decompile the Platform
• Interfere with Platform security features
• Introduce viruses, malware, or harmful code

6.2 Business Prohibitions

• Resell or redistribute Platform access
• Use the Platform to compete with Whistla
• Circumvent the External Investigators Marketplace
• Contact External Investigators directly to avoid platform fees
• Share account credentials with unauthorized parties

6.3 Legal Prohibitions

• Violate GDPR or other data protection laws
• Infringe intellectual property rights
• Engage in fraudulent activity
• Violate export control laws
• Use the Platform for money laundering or terrorism financing

7. Intellectual Property Rights

7.1 Whistla's Rights

All intellectual property in the Platform, including:

• Software code and algorithms
• User interface design
• Trademarks and logos ("Whistla")
• Documentation and training materials
• AI models and prompts

...are owned by SAAZLY FZCO and licensed to ICM AS, protected by international intellectual property laws.

7.2 User Data

You retain all rights to:

• Data you upload to the Platform
• Case reports and investigations
• Policies and documents you create
• Communications and messages

We do not claim ownership of your data.

7.3 License to Whistla

You grant Whistla a limited, non-exclusive license to:

• Host and process your data
• Display your data back to you
• Use anonymized, aggregated data for Platform improvements
• Share data with sub-processors (see Data Processing Agreement)

7.4 Feedback

Any feedback, suggestions, or ideas you provide about the Platform may be used by Whistla without compensation or attribution.

8. Confidentiality and Data Protection

8.1 Confidential Information

Both parties agree to keep confidential:

• Whistleblower identities (if disclosed)
• Investigation details
• Business terms and pricing
• Technical information about the Platform

8.2 GDPR Compliance

Whistla processes personal data as a Data Processor under GDPR Article 28. See our separate Data Processing Agreement for details.

8.3 Security Measures

We implement:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Role-based access control (RBAC)
• Regular security audits
• Incident response procedures
• Employee security training

9. Limitation of Liability

9.1 Service Disclaimer

THE PLATFORM IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO:

• Merchantability
• Fitness for a particular purpose
• Non-infringement
• Uninterrupted or error-free operation

9.2 Liability Cap

TO THE MAXIMUM EXTENT PERMITTED BY NORWEGIAN LAW, ICM AS'S TOTAL LIABILITY FOR ANY CLAIM ARISING FROM THESE TERMS SHALL NOT EXCEED THE FEES PAID BY YOU IN THE 12 MONTHS PRECEDING THE CLAIM.

9.3 Excluded Damages

WHISTLA SHALL NOT BE LIABLE FOR:

• Indirect, incidental, or consequential damages
• Loss of profits, revenue, or business opportunities
• Loss of data (except as caused by our gross negligence)
• Reputational harm
• Third-party claims

9.4 External Investigators

Whistla acts as an intermediary for the External Investigators Marketplace. We are NOT responsible for:

• Quality or competence of External Investigators
• Outcomes of investigations
• Professional conduct of External Investigators
• Disputes between companies and External Investigators

Companies must perform their own due diligence when selecting External Investigators.

9.5 Force Majeure

We are not liable for delays or failures caused by events beyond our reasonable control, including:

• Natural disasters
• Acts of war or terrorism
• Government actions
• Internet or telecommunications failures
• Third-party service outages (Stripe, Supabase, Resend, OpenAI)

10. Indemnification

You agree to indemnify and hold harmless ICM AS and SAAZLY FZCO, their officers, directors, employees, and agents from any claims, damages, losses, or expenses (including legal fees) arising from:

• Your use of the Platform
• Your violation of these Terms
• Your violation of any third-party rights
• Your violation of applicable laws
• Investigations conducted using Platform data

11. Termination

11.1 Termination by You

You may terminate your subscription:

• By providing 30 days' written notice
• Effective at the end of your current subscription period
• No refund for unused subscription time

11.2 Termination by Whistla

We may terminate your account immediately if:

• You breach these Terms
• You fail to pay subscription fees
• Your use poses security risks
• Required by law or regulatory authority

11.3 Effect of Termination

Upon termination:

• Your access to the Platform will cease
• You must cease all use of Whistla trademarks
• We will retain your data for 30 days for recovery
• After 30 days, all data will be permanently deleted
• Outstanding fees remain due and payable

11.4 Survival

The following sections survive termination:

• Intellectual Property Rights (Section 7)
• Limitation of Liability (Section 9)
• Indemnification (Section 10)
• Dispute Resolution (Section 12)
• Governing Law (Section 13)

12. Dispute Resolution

12.1 Negotiation

Before initiating formal proceedings, parties agree to attempt to resolve disputes through good-faith negotiation for 30 days.

12.2 Mediation

If negotiation fails, parties agree to attempt mediation through a mutually agreed mediator in Stockholm, Sweden.

12.3 Arbitration (Optional)

For disputes over 100,000 NOK, parties may elect binding arbitration under the rules of the Oslo Chamber of Commerce Arbitration Institute.

12.4 Litigation

If mediation and arbitration fail, disputes shall be resolved in Norwegian courts as specified in Section 13.

13. Governing Law and Jurisdiction

13.1 Governing Law

These Terms are governed by the laws of Norway, without regard to conflict of law principles.

13.2 Jurisdiction

Any legal action relating to these Terms must be brought in the courts of Oslo, Norway.

13.3 Language

The official language of these Terms is English. Swedish translations are provided for convenience but the English version prevails in case of conflict.

14. General Provisions

14.1 Entire Agreement

These Terms, together with our Privacy Policy and Data Processing Agreement, constitute the entire agreement between you and Whistla.

14.2 Amendments

We may update these Terms by:

• Posting updated Terms on the Platform
• Notifying you via email 30 days in advance
• Requiring acceptance for material changes

Continued use after changes constitutes acceptance.

14.3 Severability

If any provision of these Terms is found invalid or unenforceable, the remaining provisions remain in full effect.

14.4 Waiver

Failure to enforce any provision does not waive our right to enforce it later.

14.5 Assignment

You may not assign these Terms without our written consent. We may assign these Terms in connection with a merger, acquisition, or sale of assets.

14.6 Third-Party Beneficiaries

These Terms do not create rights for third parties.

14.7 Notices

All notices must be sent to:

Notices are effective when received.

15. Contact Information

For questions about these Terms:

16. Acceptance

By clicking "I Accept" during registration or by using the Platform, you acknowledge that:

• You have read and understood these Terms
• You agree to be bound by these Terms
• You have authority to bind your organization
• You consent to electronic communications

Version History