A whistleblowing platform is built from seven cooperating components: an intake layer that accepts reports over web, Tor, hotline, voice, and mobile channels; a triage and routing engine that classifies and assigns each case; a case management subsystem that owns the investigation lifecycle; an investigator workspace where authorised staff decrypt evidence and write findings; a two-way messaging channel that lets the platform talk back to anonymous reporters via a 16-digit receipt; an audit trail and reporting subsystem that records every action; and an admin and configuration plane that controls retention, encryption, and access policies. The reference architecture used here is grounded in publicly available application-security documentation from mature open-source whistleblowing software (verified April 2026) and the four lifecycle stages defined in ISO 37002:2021. The data flow is intake into encrypted submission storage, then routing to a recipient or audit committee, then case work over the receipt channel, then closure with a structured outcome and an audit trail that survives the reporting record after retention deletion.