Built for the threat model your agency actually has.

One database per agency.

Multi-tenant SaaS shares a single database between every customer and relies on an application-level customer_id column to keep records apart. One bug, one missingWHEREclause, and another agency's data leaks into yours. We don't do that.

Posture, not promises.

We list what's shipped and what's still being built. If a control isn't green here, it isn't green in production.

• Live

  Encryption in transit (TLS 1.2+)

  All traffic between officers, the app, and the database flows over modern TLS. HTTP is rejected at the edge.

• Live

  Encryption at rest

  Postgres volumes and object storage are encrypted at the disk layer by the platform.

• Live

  Strong session controls

  JWT sessions with absolute and idle timeouts (30 min idle, 8 hr absolute). httpOnly cookies, SameSite=Lax.

• Live

  Per-record audit log

  Every state-changing action writes an audit row inside the same transaction. Append-only — deletes are blocked at the database trigger level.

• Live

  Role-based access control

  Fourteen permission keys, fully customizable roles per agency. Default-role permissions auto-sync on deploy.

• On deployment

  Multi-factor authentication (TOTP)

  Authenticator-app MFA for all officer accounts. Required by CJIS §5.6 — wires up on your agency's deployment.

• On deployment

  File upload anti-virus scan

  Inline AV scanning of every uploaded photo, document, and attachment. Activates on deployment.

• On deployment

  AWS S3 evidence storage

  Per-agency S3 bucket with bucket-scoped IAM, server-side encryption, and CJIS-compliant addendum. Provisioned automatically when your agency goes live.