Security

Q: Is data encrypted in transit?

Yes. Traffic is protected with HTTPS and HSTS so data in transit remains encrypted.

Q: Can access be restricted by role?

Yes. Role-based access controls and least-privilege principles are used to scope access by role and responsibilities.

Q: Do you keep audit logs?

Yes. The platform maintains immutable logs to track who did what and when for accountability and review.

Q: Can records be exported for audits and reviews?

Yes. Records and logs can be exported to support audits, compliance checks, and internal reviews.

Q: Can security settings align to local agency requirements?

Yes. Retention and operational settings are configured to align with each agency's policy and IT requirements.

Q: How do we report a security concern?

Use the security contact channel on this page and include details of the issue. The team coordinates directly with agency stakeholders to address it.

We build for law enforcement, so security and accountability are first‑order features. Below is a practical overview of our posture. If you have specific requirements, we’ll meet them.

HTTPS Secure

TLS + HSTS enforced

Role‑Based Access

Least privilege & approvals

Audit‑Ready

Immutable logs & exports

Hosting & Network

HTTPS & HSTS — encryption enforced
Reverse proxy — trusted headers only
AWS Hosting secure infrastructure

Authentication & RBAC

Least privilege — role-based access
Separated duties — supervisor/command
Scoped feeds — calendars respect roles

Auditing & Retention

Immutable logs — who / what / when
Exportable — records & reviews
Policy retention — configurable

Application security

CSP — strict defaults
Security headers — X-Frame-Options, Referrer-Policy, nosniff
Validation — server-side on all inputs
Anti-spam — honeypot on public forms

Data handling

Minimization — collect only what’s needed
Scoped access — by role and unit
Secure exports — audits & records

Availability

Uptime — health checks & monitoring
Stateless deploys — containerized
Zero-downtime — config updates when possible

Compliance posture

Policy alignment — with agency standards
Configurable retention — to local policy
IT compliance — aligned with agency-specific requirements

Frequently asked questions

Clear answers to common security and compliance questions from command and IT teams.

Is data encrypted in transit?

Yes. HTTPS and HSTS are enforced so traffic is encrypted end to end.

Can access be restricted by role?

Yes. Role-based access and least-privilege controls scope access by role and responsibility.

Do you keep audit logs?

Yes. Immutable logs track who did what and when across key workflows.

Can records be exported for audits and reviews?

Yes. Exportable records support policy reviews, audits, and command accountability.

Can security settings align to local agency requirements?

Yes. Settings are configured around agency-specific policy and IT constraints.

How do we report a security concern?

Security questions or requirements?

We work directly with agency leadership and IT to meet specific standards. Contact us to discuss your requirements or to request documentation.

Email us