• What types of actions should I report on the #NotMe app?

    You can safely report any misconduct through the #NotMe app – whether it’s happened to you or something you’ve witnessed first hand. Some examples include acts of:

    • Discrimination (age, disability, race, sexuality, religion, etc.)
    • Racism
    • Harassment (hostile work environment)
    • Bullying
    • Financial crimes
    • Health & Safety violations
    • Retaliation
    • Any other types of behavior you find to be inappropriate or that violate your Organization’s policies or code of conduct.

    Don’t wait. Report microaggressions early to help prevent things from escalating.

  • Can #NotMe respond promptly and appropriately if a data subject gives notice that they wish to exercise their rights at any time?

    Yes. Accounts can be deleted by the users themselves.

    #NotMe has streamlined the process for users to exercise their rights. Requests for collection or deletion of data are automatically handled by the #NotMe system. More specific requests are promptly handled by #NotMe’s Customer Service department. You can send them a ticket by going here.

  • Who will have access to the data?

    The following have access to the data:

    Designated persons from Organizations (typically HR, Legal, Compliance, etc) will have access to the information and data contained in a reporter’s report including their names (unless reports are submitted anonymously) and the details of allegations or issues reported.

    #NotMe collects some personal information for authentication and monitoring purposes only.

    Reports submitted through the app may also contain personal data entered by the user-Reporter.

  • During signup, why do you ask for my personal email address when my company is a subscriber?

    We do this for a couple of reasons.

    1. #NotMe is an employee platform. It is your tool and you, as the employee, own your account. Your employer does not own your #NotMe app.
    2. If you leave your current company and need to report for a new subscribing customer or as an individual, you won’t miss out on updates to a non-active email.
    3. Truly Anonymous Reporting – This is one more level to protect your anonymity by not having any updates provided through your company email. All of your chat and status updates will be sent to your personal email address.

    After you’ve created your account, then you will link your company to your account to create and send your reports to your employer.

  • How personal data is used?

    In the US, personal data is used in the App to identify, investigate and resolve specific issues raised by reporters.

    #NotMe uses “web beacons” and “web logs” to allow servers to automatically record information that Your browser sends whenever You visit the App. This information includes the time and date, Your Internet Protocol address, your geographic location (zip code, area code and/or time zone), Your browser type and version, the App and/or the Services that You use, and when and how long You use them. We use this information to monitor and analyze how Users use the App and Our Services, to provide customer service and to maintain and improve the Services.

    #NotMe stores and processes information about Reporters for the following:

    • to permit Organizations to receive and process Report(s);
    • to enable Reporters to access and use the App;
    • to enable Reporters to communicate about any Report(s) with their Organizations;
    • to provide Organizations alerts and notifications about Reports that have been submitted;
    • to enable Organizations to communicate about any Report(s) with their Reporters;
    • to operate, protect, improve and optimize the App, Our business, and Our Users’ experience, such as to perform analytics, conduct research, personalize or otherwise customize our clients experience, and to provide customer service;
    • to help create and maintain a trusted and safer environment on the App and with Our Services, such as detection and prevention of actual and potential fraud and other harmful activity, conducting investigations and risk assessments, enforcing our Terms and policies, for fraud detection and prevention, and for risk assessment and harm prevention purposes;
    • to send service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by Organizations or their employees/members.

    In Europe, Canada and Australia, Personal Data is collected when you request a demonstration from #NotMe and when you contact #NotMe via the IT ChatBot.

    When completing entry fields on a form, the mandatory nature of a response is indicated by using an asterisk (*) at the end of the question. The lack of response to a question identified by an asterisk prevents the processing of your request.

    When you choose to spontaneously send your Personal Data to #NotMe, without the latter having requested it, you expressly consent to the collection of Personal Data and you undertake to assume full responsibility for the Personal Data transmitted.

    1. The data necessary to request a demonstration of the Application

    #NotMe collects and processes the first name, last name, email, telephone number and name of the User’s company requesting demonstration on the Website or the Application.

    The purpose of this Processing is to manage User requests. It allows #NotMe to receive demonstration requests and to establish a history of requests and responses.

    #NotMe retains your Personal Data for the time necessary to accomplish the purposes pursued, subject to legal archiving possibilities, obligations to retain certain Personal Data and/or anonymisation.

    The Personal Data collected when requesting a demonstration of the Application is retained for a period of three (3) years from its collection.

    1. Data relating to the IT ChatBot

    #NotMe may collect personal data that is sent by the User when using the IT ChatBot. Such data concerns the first name, last name, email and name of the user’s company.

    The purpose of such Processing is to receive requests from Users and to manage the answers to be provided.

    The Personal Data collected when requesting a demonstration of the IT ChatBot is retained for a period of three (3) years from its collection.

    • Connection data

    #NotMe automatically collects User login data. These data include date, time of login and/or browsing, browser type, hardware used, entry and exit page, URL, number of clicks, pages viewed and their order, time spent on specific pages, browser language, IP address.

    The purpose of this Processing is the analytical management of #NotMe’s business.

    The connection data collected by #NotMe is kept for twelve (12) months from collection.

    • What is the nature of the Personal Data processed by the Customer via the Application, what are the Purposes of Processing and the retention period of Personal Data?
    1. Processing 1: When you create an account on the Application, Personal Identification Data is collected and processed, namely your full name, phone number, email address, function and name of the employer.

    This Personal Data is necessary for the proper functioning of the Application and the provision of this service.

    The purpose of this collection is based on User account management.

    The Customer retains your Personal Data for the time you have access to the Application, i.e., for the period you are employees of the Customer.

    1. Processing 2: When you make a report on the Application, in accordance with the Terms and Conditions of Use of the Application, you must ensure that you only communicate the relevant Personal Data necessary for the processing of the report, in accordance with the principle of minimisation imposed by the Regulations.

    We invite you to be particularly vigilant regarding the transmission, via the Application, of Sensitive Data.

    In processing reports made through the Application, the Customer may be required to process:

    • Personal Data about you (full name, position and possibly other Personal Data communicated, including Sensitive Data); and
    • Personal Data relating to the person who is the subject of a report (full name, function and possibly other Personal Data communicated, including Sensitive Data).

    The Customer undertakes not to process Personal Data transmitted in a report when it is not relevant and necessary.

    The collection of such Personal Data is optional.

    The purpose of such Processing is based on the processing of the reports made.

    The Customer retains the Personal Data relating to a report as follows:

    • The Personal Data that does not fall within the scope of the Application’s system and in particular Sensitive Data that does not allow the establishment, exercise or defence of a legal claim is deleted immediately;
    • The Personal Data is deleted two (2) months after verification if no further action is taken;
    • The Personal Data shall be retained until the end of the investigation in the event that action is taken with regard to the report.
  • Is there a process in place to ensure the complete deletion of any personal data held at the end of that retention period?

    Yes, mechanisms are in place to delete data at the end of the retention period. We also provide the #NotMe users an automated way to delete their personal data at their convenience.

  • Does the personal data used in this service have a defined retention period?

    Yes, a policy is in place to set data retention periods. This data is only kept while still relevant.

  • Is there an easy and well signposted mechanism for an individual to notify #NotMe that they wish to exercise their rights as a data subject?

    Yes, users can request a copy or deletion of their data from the App.

  • What personal data is collected?

    In order to use the #NotMe App (the “App”) the following personal data must be processed:

    • Name;
    • Email address;
    • Organization (if yours is a subscriber);
    • Telephone number;
    • IP address;
    • Metadata, such as the number of clicks and navigation around the app

    Reporters (people using the App to submit a report) must set up an account on the App in order to use it. They can however decide to submit a report anonymously so their personal data is not available to their employer when they submit reports anonymously. Use of the App on an anonymous basis is therefore possible. The App allows two way communication with an anonymous Reporter through the #NotMe secured messaging system.

  • How will I know if my submitted report has had any action taken?

    There are three stages that a report goes through when submitted. As your report moves into each new stage, you will receive an email notification from #NotMe to your personal email account (NOT your work email account) about the progression of your report.

    These notifications are coming through our #NotMe system and although your organization is determining the stage or status of your report,  it does NOT know your personal email address or who you are if you have reported anonymously.

    1. Submitted – A report has been submitted by you and is available for a #NotMe team member or your organization (if they are a #NotMe subscriber) to read and evaluate.
    2. Under Review – Your report has been assigned to someone who is taking action to look into the content of your report and its allegations.
    3. Resolved – The organization has taken steps to ensure that the reported behaviors/persons, have been addressed, or a #NotMe team member has assisted the reporter with the next steps.
  • How will you protect my privacy?

    Once you download the app, we will ask only for your name, email and phone number. These are required for authentication to ensure each user only has one account.

    Please note that information is not shared with anyone (including third parties). If you decide to report anonymously to the organization (by clicking on the “Report Anonymously” button of the App) they will only know your report by a randomly assigned number/code.

    To learn more, you can read through our (i) US Privacy Policy and Terms of Use if you are in the US, or (ii) our EU, Australia, Canadian Privacy Policy and Terms of Use, if you are in the EU, Australia or Canada.

  • What happens once I submit a report if the organization I linked is a #NotMe subscriber?

    When the organization is a #NotMe subscriber, an email will be sent to the account admins (HR/ER/Ethics & Compliance people generally), notifying them a report has been submitted for review. From there, your report will be reviewed by the organization and you will be notified as the report progresses and/or if the chat feature is used by the person reviewing your report. If your organization does not reach out within the first week of submitting your report or has not provided an update within the last month, fill out a ticket and let us know so we may contact them.

  • Will my identity be revealed to the organization linked to my account?

    If you choose to report anonymously, your identity will NOT be revealed. The organization will only know the details that you share in the report you submit. To assist you with communication, a chat window is available for you to speak further, anonymously if you choose, so you can safely share more details or concerns about the situation. It will be your choice if you want to let them know your name or any other information that you may deem appropriate. You are in control of what you share.

  • What if the action I’d like to report has been carried out by someone outside of my organization?

    A vendor coming into your office to perform any type of work or make a delivery is accountable for their actions while working. You should bring any issue of concern that happens at work or is in any way related to people you come into contact with because of work to your organization’s attention. Your employer’s sexual harassment policy should cover acts of vendors and therefore should be reported through the #NotMe app in order to seek resolution.

  • Is #NotMe free to individual users?

    Yes. Creating and submitting a report does not cost an individual anything. Our team is here to offer resolution-seeking (non-legal) support in order to help make your situation safer – even if the organization/employer is not a #NotMe subscriber.

  • What security measures are offered within the #NotMe app?

    At #NotMe, we are equipped and committed to safely handle your sensitive and private data. We provide two additional security measures when you log into the #NotMe app.

    1. Two Factor Authentication – You will receive a text message on the phone number you entered to verify your identity.
    2. Passcode – You have the option of using facial or fingerprint recognition.

    Note that your personal information such as your name, phone number, and email address will not be shared with other parties without your consent (you have the option, within a report, to report anonymously or not.)

  • What if someone submits a false report?

    A false report, as defined by #NotMe, is a report submitted with malice and intent to spread false rumors or things that, at the time of submission, were known by the reporter to be untrue.

    Knowingly making false accusations could undermine the safety of all and have consequences for the person making false reports. The results of our investigations may be shared with the false reporter’s organization and other relevant federal, state, and local authorities.

  • What happens once I submit a report if my employer is not a #NotMe subscriber?

    When your employer is not a subscriber, an email will be sent to a trained member of the #NotMe team. From there, we will be in contact through the chat feature within the #NotMe app to help you with the next steps. Please make sure you keep your notifications from #NotMe “On” so that we can communicate with you.

  • What if my employer does not subscribe to #NotMe? Will my report be handled?

    Even if your employer is not a #NotMe subscriber, every report is looked into and taken seriously by a #NotMe trained team member who will be in touch to discuss the next steps.

  • Can I access my data?

    Yes, if you ever need a file of your information and what you’ve shared through our app, please go the Settings>My data section of the app and click on request download.

    It may take up to 48 hours for you to receive this file.

  • Where can I download the #NotMe app?

    Easy – You can find us in the App Store, Play Store or on the web at You can find more information about the webapp by going here.

  • Organizations

  • We have employees or members in various countries in Europe, is #NotMe GDPR compliant?

    Yes, it is!

    #NotMe complies with most privacy laws across the world.

  • We have employees or members in multiple countries. Do you offer multiple languages?

    Yes. When you speak with a sales team member, let them know what languages you will need.

  • Do you work with conferences/festivals who want to give their attendees a safe place to speak up?

    Yes, we can set up #NotMe for your 1 or multiple day(s) conference/festival. Fill out our Request a Demo form to learn more.

  • I don’t want to reinvent the wheel. What materials can I expect for rollout?

    Not only do we provide live training with your dashboard users/admins (the people within your organization who are looking at reports that are submitted) but we provide you with the following materials.

    • Training guide for onboarding future dashboard users
    • Training guide for onboarding employees or other people
    • #NotMe poster – Electronic version with your logo, instructions on how to set up #NotMe and your PIN to print and post or email to your employees/attendees/members of your organization
    • #NotMe badges – Electronic #NotMe certified culture badges to print and post or email to employees/attendees/members of your organization
    • The #NotMe Guide on conducting investigations with #NotMe.

  • How long does it take to roll out #NotMe?

    If you have a couple hours, you can go from launch call to ready to roll out. It’s that simple and requires no IT resources.

  • What kind of impact can I expect #NotMe to have on my organization?

    Right out of the gate – simply by implementing #NotMe – you’ve replaced lip service with action that shows you want to hear from your employees/attendees by making it as easy as possible for them to speak up.

    This sends a strong message and begins to (re)build trust. How well you then address the issues and concerns they bring to your attention when they report determines the rest.

    If your team listens, shows empathy and respect, and follows up in a timely manner, you’ll win the trust of your employees/attendees and #NotMe will up-level your organization’s culture in powerful ways.

    In short, you should reduce:

    • Legal costs
    • Employee turnover
    • Employee absences

    While increasing:

    • Employee productivity
    • Talent retention
    • Overall brand loyalty

    Your conferences, schools, campuses, events or festival will be safer for all with #NotMe.

  • How do I become a certified #NotMe Organization?


    Make the commitment to say #NotMe to misconduct and silencing issues that matter to your employees/attendees/students, and watch your organization’s compliance, culture, and productivity rise.


    #NotMe accommodates customizations to meet your industry and organization’s particular needs. When you subscribe, we make it easy for you to tailor your organization’s #NotMe app to authentically speak to your employees/attendees/students in a way that’s in line with your values, code of conduct, policies, and culture. Our app also provides a channel for you to share relevant news and internal communications.


    #NotMe’s mere presence is a deterrent to bad behavior. Everyone has a reporting option in their pocket. It sends a strong message that you care by providing a safe place to easily share their concerns and issues as they arise. With #NotMe, they have your attention, and you are listening.

  • I’m an organization and want a demo. Where should I start?


    Please fill out our Request a Demo form and one of our team members will be in touch with you once your form is received. We look forward to hearing from you.

  • What if someone submits a false report and my organization is a #NotMe Subscriber?

    A false report, as defined by #NotMe, is a report submitted with malice and intent to spread false rumors or things that, at the time of submission, were known by the reporter to be untrue.

    Knowingly making false accusations could undermine the safety of all and have consequences for the person making false reports. The results of our investigations may be shared with the false reporter’s organization and other relevant federal, state, and local authorities.

  • About #NotMe

  • Where is #NotMe located?

    US Headquarters

    1415 N. Cahuenga Boulevard
    Los Angeles, CA 90028

    EU Headquarters

    18 rueBoissière
    75116, Paris, France

    Australian Headquarters

    c/o MindTribes
    700 Bourke Street, NAB Village,
    Docklands, Melbourne, Australia

  • How about data retention and deletion?

    By default, all data is kept for 3 years except for metadata such as connection data (1 year). In case of legal action, personal data is kept until the end of the proceedings. Organizations are expected to notify #NotMe as soon as possible so that #NotMe can delete the data.

    Personal data will be deleted after 2 months following their verification if no further action is taken.

    Accounts can be deleted by the users themselves or by their organizations after they have left the company.

  • Can you comply with the EU Data Handling Procedures (the ‘Rules’)?

    Yes, #NotMe has set up technical and organizational measures to comply with data handling procedures in the EU. These measures include data access control, pseudonymization, anonymization, and encryption both at rest and in transit.

  • What are the risks to data subjects and how are they mitigated?

    #NotMe understands the risks that come with data collection and processing. #NotMe’s solution’s development process was created to focus on security and privacy at all times. Our #NotMe’s team always takes the necessary steps to mitigate the risks and took into account the best practices throughout the whole development of #NotMe. Contractual requirements are agreed between #NotMe and our clients to address security and confidentiality expectations.

    Data held by our clients should be held securely in accordance with the EU Data Handling Rules (or similar national rules) including access control, storage and security requirements and applicable retention rules.

  • Where is the data stored?

    Amazon Web Services (‘AWS’) is used to store the data.

    Reporters will have access to the data they have submitted within the App.

    Storage of the personal data:

    – #NotMe

    – AWS

    – Backups

    Users/Reporters will always have access to their own data. Otherwise, access is limited and only provided to a few, essential and vetted #NotMe employees.

    All #NotMe data is hosted in data centers maintained by industry-leading cloud platform, AWSs. All data handled by #NotMe, its employees and sub-processors will be kept within Europe (for our EU clients) at all times and in the US for our clients in Canada, Australia, New Zealand and APAC. Backups will be stored exclusively in Europe in AWS for our clients with EU operations and in the US for others.

    The app uses the device’s local storage to keep data necessary for the performance of the app such as authentication data.

    Information submitted by the user to #NotMe is stored in resilient databases on AWS. Our databases are firewalled, communicate through SSL and are fully encrypted at rest. Backups are also fully encrypted and stored in a secure and private environment.

  • What is #NotMe?

    #NotMe is the safest and easiest way to speak up and report misconduct right from your phone – anonymously if you choose – whether you’ve experienced it yourself or witnessed it first-hand. #NotMe is a next gen end-to-end speak up/whistleblowing & investigation software.

  • Can I join #NotMe?

    We’re always on the lookout for talented and dedicated people to join our growing team. Contact us at [email protected]

  • Why We’re the Experts?

    #NotMe is the only misconduct reporting app led by an expert employment lawyer and organizational culture expert with a decade and a half of experience representing both organizations and victims of misconduct.

    Our deep experience in this space has led us to understand that misconduct is not an HR problem; it is a people problem. People often are frozen in fear of speaking up and seeking help from their organizations; thus perpetuating unchecked repeat offenses, reducing workplace productivity, and ultimately causing high turnover and high legal costs that often go hand-in-hand with unpleasant media headlines.

    #NotMe intimately understands the issues both organizations and their people face and is here to offer a supportive and actionable communications and feedback loop to make things safer. For everyone.

  • Why #NotMe?

    The spirit of our name is #NotMe, meaning I’m not going to have something happen to me and not report it, I’m not going to be an organization that sweeps misconduct under the rug, and I’m not going to witness something and silently stand by. We invite you to join us.

  • EU Whistleblowing Directive

  • Who is affected by the Directive?

    Companies with more than 50 employees, public sector institutions, authorities as well as municipalities with 10,000 or more inhabitants are obliged to set up suitable internal reporting channels.

  • What are they protected from?

    Retaliation! Whistleblowers are protected from termination, demotion and other forms of discrimination etc.

  • What are the key requirements?

    • Establish reporting channels (internally and/or externally) to receive reports in writing and orally. For private sector organizations, this applies only to organizations with 50 or more workers though member States may extend this requirement to organizations with fewer than 50 workers.
    • An impartial person/department should be professionally trained and have responsibility for handling reports.
    • Reports should be acknowledged within 7 days and feedback/follow-up provided in 3 months (this may be extended to 6 months e.g., in complex cases).
    • Whistleblowers should be protected from retaliation (examples include removing workplace duties, negative performance reviews, blacklisting or psychiatric/medical referrals).
  • What is the timeline?

    As of December 17, 2021 companies with 250 or more employees must comply with the Directive and companies with employees between 50 and 250 still have until December 17, 2023 to comply.

  • What is “whistleblowing” in that context?

    It’s limited to reporting breaches of certain EU laws, including those relating to financial services, food and product standards, public health, public procurement and consumer protection. Some Member States (e.g., Denmark) are going further and extending this to serious wrongdoing and violations of national law whereas others (e.g., Germany) are being criticized for their plans to apply the minimum approach only.

    The whistleblower/reporter can choose whether to report a concern internally within the company or directly to the competent supervisory authority. They can also go directly to the public (under certain circumstances).

  • Who is protected?

    Employees who speak up and report their concerns, but it’s broader than employees and workers. Self-employed contractors, workers, volunteers, non-executive directors, shareholders, suppliers and contractors are all covered.

Request a Demo

Request a Demo