Zoffara | Privacy Policy

Our Privacy Commitment

The principles that guide everything we do

Zoffara exists to enable anonymous whistleblowing in Tunisia. We understand that exposing corruption can put you at risk. That's why we've built our platform with privacy by design � not as an afterthought, but as the core principle.

Anonymity First: We never require registration, email, or any identifying information
Minimal Data: We collect only what's absolutely necessary for the platform to function
No Monetization: Your data is never sold, shared, or used for advertising
Transparency: We openly explain our practices � no hidden clauses

What We DON'T Collect

Data we deliberately avoid storing

To protect your identity, we've designed our systems to avoid collecting information that could be used to identify you:

IP Addresses: We never log your IP address � not in server logs, not in error logs, nowhere
Browser Fingerprints: We don't track your browser type, screen resolution, installed plugins, or fonts
User Agents: We don't store what browser or operating system you use
Cookies for Tracking: No analytics cookies, no third-party tracking, no advertising pixels
Location Data: We don't use geolocation APIs or infer location from any source
Device Identifiers: No device fingerprinting, no hardware identifiers

Server Configuration

Our web server is configured to NOT log client IP addresses. Even if we were compelled to provide logs, they would contain no identifying information about submitters.

What We DO Collect

Only what's necessary for the platform to work

We collect the minimum data required for the platform to function:

Data	Purpose	Stored
Report Title	Displayed publicly to identify the report	Yes
Category	Helps users filter and find relevant reports	Yes
Report Details	The core content you choose to share	Yes
Uploaded Files	Evidence you choose to attach (metadata stripped)	Yes
Submission Timestamp	Shows when the report was submitted	Yes
Report ID	Random code for you to track your report	Yes

Important Reminder

Be careful not to include personally identifying information in your report text or attached files. While we strip technical metadata, we cannot remove personal details you write in the content itself.

File Upload Protection

How we handle and protect your attachments

Files you upload undergo automatic processing to protect your identity:

Metadata Stripping: All EXIF data, author info, GPS coordinates, and hidden data is removed using ExifTool
Random Filenames: Original filenames are discarded and replaced with random 32-character strings
No Direct Access: Files are stored in a protected directory and served only through authenticated endpoints
Size Limits: Maximum 10MB per file, 50MB total per submission

Extra Precaution

For maximum safety, we recommend running ExifTool on your files before uploading. Command: exiftool -all= yourfile.jpg

Data Retention

How long we keep information

Report Status	Retention Period
Pending Reports	Kept until moderation decision (typically within 48 hours)
Approved Reports	Kept indefinitely as part of the public record
Rejected Reports	Deleted within 30 days along with all attachments

Note: Once a report is approved and published, it becomes part of the public record of corruption in Tunisia. Published reports are not deleted to maintain the integrity of the archive.

Your Rights

What control you have over your submissions

Track Your Report: Use your Report ID to check the status of your submission at any time
Anonymous by Default: We cannot identify you, which means we cannot link multiple reports to you
No Account Deletion Needed: Since we don't require accounts, there's nothing to delete

Limitation

Because we don't collect identifying information, we cannot verify ownership of a report after submission. This means we cannot modify or delete a specific report on request � we simply have no way to confirm you're the original submitter.

Safety Recommendations

How to maximize your protection

While we take every precaution on our end, your safety also depends on how you access the platform:

Use Tor Browser: Download from torproject.org � it routes your traffic through multiple servers, making you virtually untraceable
Avoid Home/Work WiFi: Your ISP and employer can see which websites you visit. Use public WiFi instead
Use a Different Device: If possible, submit from a device that isn't linked to your identity
Strip Metadata First: Run ExifTool on files before uploading for extra assurance
Redact Faces & Names: Black out identifying information in images before uploading
Watch Your Writing: Don't include information in the report text that could identify you
Don't Tell Anyone: The fewer people who know you submitted a report, the safer you are

Maximum Protection Setup

Tor Browser + Public WiFi + ExifTool on your files = The safest possible way to submit a report. This combination makes tracing virtually impossible.

Third-Party Services

External services and data sharing

No Analytics: We don't use Google Analytics, Matomo, or any tracking service
No CDN Tracking: We use Font Awesome from CDN for icons only � no tracking involved
No Advertising: We don't display ads or use ad networks
No Data Sales: We never sell, rent, or share data with third parties

Zoffara operates independently and does not integrate with social media platforms, authentication providers, or data brokers.

Legal Requests

How we respond to government or legal demands

In the event of legal demands for user information:

We Can't Identify You: Since we don't collect identifying data, we have nothing to hand over
No IP Logs: Our server configuration prevents IP address logging
Minimal Records: We can only provide what we have � report content and timestamps

By Design

This isn't a policy choice � it's a technical reality. Our systems are architected so that identifying submitters is impossible, even for us.

Privacy Policy