How Honestli Works
Honestli makes it simple to collect anonymous, high-quality feedback—from friends, teams, or the whole world—without exposing private conversations.
No accounts for respondents. No public exposure of feedback. You’re always in control.
The Flow in 4 Simple Steps
Sign up & set basics
Create your account with secure sign-in. Add a few details so people know it’s you (or your company).
Create a Profile & Topics
Each Profile (personal or enterprise) can include one Primary Topic — an optional, general space for open feedback about you or your organization — as well as any number of specific Topics focused on areas like “Presentation style” or “Product policies.”
Choose how to share
Make a Topic Public (searchable), or keep it Private by link and share with a select audience.
Receive feedback — privately
Respondents submit anonymous, text-only feedback. Only you (the owner) can view it.
Sharing Options
Public
Indexed by search engines and discoverable by anyone.
- Great for creators, leaders, and open forums
- Topic page is public, but feedback stays private
Shared by Link
Not indexed. Only people with the link can access the Topic page.
- Ideal for teams, classes, and private groups
- Rotate links or disable anytime
Individuals & Enterprises
- Collect honest opinions on anything—skills, content, style
- Use a Default Topic for general feedback
- Share publicly or with close circles
- Create an Enterprise Profile (with eligible subscriptions)
- Topics for products, policies, or workplace reporting
- Admins own access; nothing is publicly shared by default
Privacy, Security & Control
Anonymous by design
Feedback is de-identified; only you can view it.
Safety filters
AI screens out harmful or threatening content; optional human review checks system quality using redacted inputs.
Owner-only access
No feedback is ever public. You decide what to keep or delete.
Delete anytime
Remove Profiles, Topics, or individual feedback—instantly.
What respondents see
A clean text box. No account needed. No tracking maze.
- Clear prompt and context from your Topic
- Submit once or multiple times—your choice
- Works great on mobile
Security Overview
- Encryption in transit: TLS 1.2+ for all inbound and outbound connections.
- Encryption at rest: strong AES-256 for stored data, keys rotated per policy.
- Backups & recovery: automated backups and point-in-time restore; periodic recovery tests.
- Data lifecycle: clear retention & deletion controls; export on demand.
- OAuth2-based sign-in: secure authorization flows; support for OIDC, short-lived tokens, and refresh rotation.
- Scoped access: least-privilege scopes and role-based permissions; per-profile ownership.
- Session security: hardened cookie settings, CSRF protection, replay-attack mitigations.
- API security: token validation, rate limits, input validation aligned with OWASP ASVS.
- Network isolation: private networking, access lists, and firewalls to restrict ingress/egress.
- Monitoring & audit: centralized logging, anomaly alerts, and tamper-evident audit trails.
- Standards alignment: practices mapped to ISO/IEC 27001, SOC 2, and OWASP guidance.
- Change management: peer-reviewed releases, staged rollouts, and rapid rollback plans.
For more details on database security architecture and controls, we follow guidance consistent with leading managed-database security documentation and industry OAuth2/OIDC best practices—without exposing vendor specifics.
FAQs
Get Started
Create your first Topic in under a minute.
- Sign in
- Set up your Profile
- Create a Topic & share
No credit card required to start.