Whistleblowing, private.
Air-gapped reporting with local AI. EU Directive compliant. Self-hosted. Open-source.
The compliance gap
EU Directive 2019/1937 requires organizations with 50+ employees to provide secure, anonymous reporting channels. Most solutions force a choice: pay enterprise prices for cloud platforms you don't control, or struggle with open-source tools that weren't built for production.
Reporters need to trust the system with their identity. That trust shouldn't depend on a third-party cloud.
Reporting that stays where you put it
DARC runs on your infrastructure — a server room, a Raspberry Pi, or a secure VM. Reports are encrypted at rest. AI runs locally through Ollama, anonymizing personally identifiable information without data ever leaving your network.
No cloud accounts. No external dependencies. No data exposure.
System architecture
DARC runs as a single Docker container. The browser client communicates with an Express server over REST. The service layer handles business logic, encryption, and database operations.
All data is encrypted using AES-256-CBC before reaching the SQLite database. Local AI through Ollama provides PII anonymization without any external network calls.
The entire system operates air-gapped. No external API calls. No telemetry. No cloud dependencies.
In practice
What DARC includes
Everything you need for compliant, private whistleblowing.
Air-gapped deployment
Runs fully offline. No internet connection required after setup.
Local AI (Ollama)
PII anonymization, report categorization, and triage — all on-device.
AES-256-CBC encryption
Reports encrypted at rest and in transit.
Anonymous communication
Reporters and handlers communicate securely without revealing identity.
Case management
Track, assign, and resolve reports with full audit trail.
EU Directive compliance
Satisfies EU Directive 2019/1937 requirements out of the box.
Docker deployment
Single command deployment. Runs anywhere Docker runs.
Raspberry Pi ready
Deploy on a $50 device. Full functionality, minimal footprint.
PWA and mobile responsive
Accessible from any device, no app store required.
Audit trail
Every action logged. Compliance documentation built in.
How DARC compares
A clear comparison with existing whistleblowing platforms.
| DARC | Whistlelink | GlobaLeaks | SecureDrop | |
|---|---|---|---|---|
| Self-hosted | true | false | true | true |
| Air-gapped option | true | false | Partial | Partial (Tor) |
| Local AI | Yes (Ollama) | false | false | false |
| PII anonymization | Automatic | Manual/None | Manual | Manual |
| EU Directive compliant | true | true | Partial | false |
| Setup complexity | Low (Docker) | Low (SaaS) | High | High |
| Price | Free (open-source) | ~5,000/yr | Free | Free |
| Vendor lock-in | None | Yes | None | None |
| Mobile support | PWA | Native app | Web | Tor browser |
Deploy in minutes
Self-hosted whistleblowing with local AI, running on your hardware.
# Pull and run DARC
docker pull formray/darc:latest
# Start with default configuration
docker compose up -d
# DARC is running at https://localhost:3000
# Reporter portal: /report
# Case handler: /adminPricing
DARC Core is free and always will be. Support tiers for organizations that need it.
Community
Free
NGOs, small orgs
Starter
Contact us
10-50 employees
Professional
Contact us
50-250 employees
Enterprise
Contact us
250+ employees
All prices per organization, not per user. Annual billing.
Open-source, open trust
DARC Core is licensed under AGPL-3.0. The complete whistleblowing platform — reporting, encryption, local AI, case management, compliance — is free and open-source.
Enterprise add-ons (SSO/SAML, HRIS integrations, custom branding, API access) are available under a proprietary license for organizations that need deeper integration.
Core features stay in Core. Security patches are always open.
Ready to deploy?
DARC is open source and ready to deploy. Your infrastructure, your terms.
