Free & Open Source · No server required

Workplace concerns,
heard and recorded.

TrueRecord is a self-contained grievance reporting portal for HR teams. Download one file. Open it in a browser. Done — no backend, no login, no data leaves your device.

Submit a Report Download & Self-host

MIT licensed · Works in any modern browser · No npm · No build tools

truerecord / index.html
Submit a Grievance
All data stored locally · Nothing sent to any server
Incident Type
Harassment
Department
Engineering
Priority Level
⬤ High
Date of Incident
Mar 14, 2026
On March 14th, during the all-hands meeting, I experienced repeated interruptions and dismissive comments…
🔒 Confidential
👁 Anonymous
Submit Report
Cryptographic Commitment
A3F7C2E1 · Block #4821 · CONFIRMED
1 File
The entire app. One HTML file.
0 Setup
No npm, no server, no config.
0 KB Sent
Data never leaves the device.
4 Tabs
Report · Track · Admin · Analytics
What's inside

Everything a real HR team needs.
Nothing it doesn't.

Structured Submission
Incident type, department, date, location, priority, tags, and file attachments — everything needed for a complete HR record from day one.
True Anonymity Option
One toggle removes all identity fields. Name and email are disabled at the UI level and excluded from storage entirely — no leakage, no workarounds.
Blockchain-Backed Commitment
Each submission generates a cryptographic hash and nonce — a tamper-evident fingerprint of exactly what was reported and when.
Immutable Audit Chain
Every status change appends a new log entry with a hash, actor, and timestamp. Nothing is overwritten. Full chain of custody for every case.
Admin Inbox & Triage
Filter by status and priority, update cases inline, search across all fields, and export filtered results to CSV in one click.
Analytics Dashboard
Breakdowns by status, priority, and incident type. Plus resolution rate, anonymity rate, and open case count at a glance.
How it works

Simple by design.
Secure by architecture.

1
For Reporters
Fill out the report form
Select incident type, department, date, location, and priority. Write a description (30+ characters). Optionally add tags and file attachments. Choose whether to submit confidentially, anonymously, or both.
2
Submission
Your report is cryptographically committed
On submit, the app generates a unique hash of your report content combined with a random nonce. This creates a tamper-evident fingerprint — if the report is ever altered, the hash won't match. The hash and block entry are shown on screen and stored with your record.
// Generated at submission time — shown to reporter once
Report ID: A7F3C2E1
Hash:     3B9D4F2A  // one-way hash of content + nonce
Salt:     X7KQ2M9P4R  // random nonce, shown once
Block:    #4821 · CONFIRMED
3
For Reporters
Track your report under My Reports
After submitting you're taken to My Reports where you can see the live status of every case you've filed in this browser. Save your Report ID as a reference number. Each status change is visible in real time.
4
For HR / Admins
Triage in the Admin inbox
The Admin tab shows all incoming reports. Filter by status or priority, search across all fields, and update cases inline. Every update appends a new entry to that case's audit chain — nothing is overwritten, ever.
5
Optional
Export, integrate, or customize
Export any filtered view to CSV with one click. Or connect TrueRecord to your existing case management system by replacing three async functions in the source. No framework knowledge required — it's all plain JavaScript inside a single HTML file.
Privacy Architecture

Built to protect
the people who speak up.

🔗
Cryptographic Commitments
Each report generates a one-way hash of submission content combined with a random salt — a verifiable, tamper-evident proof consistent with blockchain-based audit trail principles. The hash cannot be reversed to reconstruct the original content.
👤
True Anonymity
When anonymous mode is on, name and email fields are disabled at the UI level and excluded from the stored record entirely. No hidden metadata. Anonymous reports contain zero identity fields.
💾
Local Storage Only
In the default configuration, all data is stored in your browser's localStorage. Nothing is sent to any server, third-party service, or analytics platform. Your data stays on the device where it was entered.
🔒
Confidentiality Controls
The confidentiality toggle is a first-class flag on every record, designed to be enforced by backend access control logic. In production it restricts which HR roles can view the full record content.
📋
Immutable Audit Log
Every status update appends a new entry to the case's audit chain — never overwrites. Each entry carries a hash, actor, and timestamp: a full inspectable history of every action taken on a case.
Zero Retaliation by Design
Anonymous submissions make retaliation structurally impossible where identity isn't required. Every policy acknowledgment is captured and logged with the record at submission time.
Get started in 60 seconds

Download once.
Works forever.

No account. No subscription. No backend to maintain. One HTML file is the entire application.

1
Download
Grab index.html from GitHub or the button below
2
Open
Double-click it or drag into Chrome, Firefox, Edge, or Safari
3
Use it
Submit reports, manage cases, export data — all working immediately
4
Host it
Drop on GitHub Pages or Netlify for shared team access (optional)
Download index.html View on GitHub
MIT License · Free to use, modify, and deploy · Works offline · No internet required after first load
FAQ

Common questions

In the default self-hosted version, data is stored in your browser's localStorage — not on a public blockchain. The "blockchain-backed commitment" refers to the cryptographic approach: each report is hashed with a random nonce, creating a tamper-evident fingerprint consistent with blockchain audit trail principles. The hash and nonce are stored with the record so the commitment can be independently verified at any time.
In the default configuration, your report is stored only in the localStorage of the browser where it was submitted — nothing is transmitted anywhere. In a deployed team setup, whoever controls the hosted device has Admin tab access, so your organization should establish its own access control policies. For full anonymity, the anonymous toggle prevents name and email from being stored at all.
No. Data is saved to localStorage which persists between sessions. Your reports will still be there when you reopen the file — as long as you use the same browser on the same device and haven't cleared browser data. For production use, connecting TrueRecord to a real backend database is recommended so data isn't device-dependent.
Yes — if you host the file on a shared URL (GitHub Pages, Netlify, your intranet), multiple people can access and submit reports from their own browsers. Each person's localStorage is separate, so reporters only see their own submissions in My Reports. The Admin tab on any device only shows reports submitted from that same device unless you connect a shared backend.
Open index.html in any text editor and find three async functions near the top of the script: apiCreate, apiUpdate, and apiDelete. Replace the localStorage logic inside each with a fetch() call to your backend endpoint. The rest of the UI stays exactly the same. The data shape is a simple JSON object — no framework knowledge required.
Yes — everything is configurable at the top of the script block. You'll find arrays for INCIDENT_TYPES, DEPTS, STATUSES, and PRIORITIES. Change the values and the UI updates automatically. Colors, fonts, and copy can all be modified in the same file.
Once the page has loaded once (which pulls React and fonts from a CDN), all core functionality works offline. For guaranteed offline support from the very first load, you can download the CDN dependencies and serve them locally alongside the HTML file — instructions are in the GitHub README.