No channel — or just a forgotten inbox
A generic email address guarantees no confidentiality, no acknowledgement of receipt and no deadlines. The Directive asks for a system, not an improvised mailbox.
If your company has to run an internal reporting channel under the EU Whistleblowing Directive 2019/1937 and you don't want to pay for yet another SaaS, here's the short version: this native module puts a fully compliant anonymous whistleblowing channel inside the Odoo you already run.

Try the whistleblowing channel inside a real Odoo 19, no sign-up. User demo / flexigodemo.
The EU Whistleblowing Directive 2019/1937 requires most companies with 50 or more employees (and other cases) to run an internal reporting channel. This isn't a nice-to-have feature — it's a requirement that can lead to fines if it doesn't exist or doesn't actually work.
A generic email address guarantees no confidentiality, no acknowledgement of receipt and no deadlines. The Directive asks for a system, not an improvised mailbox.
Standing up a separate whistleblowing platform means a monthly fee and one more panel to maintain — with your reports sitting outside your direct control.
If an inspection or a complaint lands on your desk, you have to show when a report came in, who handled it and within what deadlines. No log, no defence.
No smoke and mirrors. The module covers the building blocks the Directive expects from an internal reporting channel, and it does it with the native logic of Odoo 17, 18 and 19.
A public or internal page where anyone can file a report, with structured fields, categories and attachments. Anonymous whistleblowers stay anonymous behind a tracking code.
The system records the intake date, marks acknowledgement of receipt and helps you stay on top of the response deadlines the Directive sets (7 days to acknowledge, 3 months to respond).
Only the channel manager and the people you authorise can see the content of a case. The rest of your Odoo users have no access to it whatsoever.
Every report becomes a case with its own statuses, internal notes and full history — so the person in charge always knows where each investigation stands.
Every action is written to a hash-chained register: if anyone tampers with an entry, the chain gives it away. Sensitive content is encrypted at rest, so even a database dump doesn't expose reports in plain text.
The whistleblower checks the status and exchanges further information using only their tracking code — a secure back-and-forth that never reveals who they are.
1) An employee or third party opens the report form and files a concern, identified or anonymous, and gets a tracking code. 2) Odoo logs the intake, sends the acknowledgement and starts the deadline clock. 3) The channel manager works the case privately — statuses, internal notes, requests for more information through the code. 4) The case is resolved and closed, with every step preserved in the hash-chained log.
Let's be straight: no module makes you 'legally compliant' by magic. It covers the technical requirements of the channel — confidentiality, intake, deadlines and the audit log — but full compliance also depends on your internal policy, the case manager you appoint and how you process personal data. That's exactly what we walk through with you at onboarding: no empty promises, no fake urgency.
A whistleblowing SaaS bills you every single month, forever. This is a native Odoo module you buy once — the maths tips in your favour after the first year.
No subscription. No per-user fee. No middleware.
Here's how this page connects to the rest of what we build, so you don't lose your way.
It's built around the technical requirements the Directive expects from an internal reporting channel: confidential intake, acknowledgement of receipt, response deadlines and a full action log. Full compliance also depends on your internal policy, the case manager you appoint and how you handle personal data, so we go through the setup with you during onboarding.
Yes. The intake form accepts both identified and fully anonymous reports. Anonymous whistleblowers receive a tracking code they can use later to follow the case and add information without ever revealing their identity.
Yes. The module runs on both Odoo Community and Enterprise, for versions 17, 18 and 19. It uses native Odoo logic — models, access rights and the website form — so there's no separate platform to install alongside it.
No. The channel lives inside your own Odoo. Reports and their history stay in your own database, not on an external platform — so there's no monthly SaaS fee and no second panel for someone to keep an eye on.
It's a one-time payment of 49 EUR through the Odoo App Store, with the full source code included and no recurring fees. You get the module for Odoo 17, 18 and 19. Optional paid onboarding, flow customisation and support are available if you want them, but they're never mandatory.
Both. You can buy the module license on the Odoo App Store and, if you need it, ask us to handle installation, flow adjustments, legal text wording and direct start-up support.
You can pay for an external SaaS every month, or keep it inside the Odoo you already run — data under your control, source code in your hands, direct support from the developer. Let's talk, no strings attached.