Back to Trust Center

Security Overview

Our platform is designed with security at its core, implementing industry best practices to protect sensitive law enforcement data.

Data Protection

Encryption in Transit

All data transmitted between clients and our services is encrypted using TLS 1.2 or higher. This includes API communications, file uploads, and web interface access.

Encryption at Rest

All stored data, including video files, transcripts, and reports, is encrypted at rest using AES-256 encryption. Encryption keys are managed through AWS Key Management Service (KMS).

Data Segregation

Customer data is logically segregated at the application level. Each customer's data is isolated and cannot be accessed by other customers.

Hosting & Environment

AWS GovCloud

For eligible deployments, our platform is hosted in AWS GovCloud, which is designed to address specific regulatory and compliance requirements for U.S. government agencies.

Authentication

User authentication is managed through AWS Cognito, providing secure identity management with support for multi-factor authentication (MFA) and secure session management.

Access Controls & Logging

Role-Based Access Control (RBAC)

Access to features and data is controlled through role-based permissions. Administrators can configure roles to match departmental structures and ensure least-privilege access.

Audit Logging

Comprehensive audit logs track user actions including logins, data access, report generation, edits, and approvals. Logs are immutable and retained according to customer configuration.

Evidence Integrity

Chain-of-Custody Principles

Immutable audit trails track key actions including upload, processing, edits, and approvals. This supports evidence integrity requirements and provides a clear chain of custody for generated reports.

Version Control

Report drafts are versioned, maintaining a complete history of changes. Previous versions remain accessible for audit purposes.

Secure Development

Our development practices include:

  • Code review requirements for all changes
  • Automated dependency scanning for known vulnerabilities
  • Regular security patching cadence
  • Static analysis tooling
  • Periodic penetration testing

Note: Specific controls and configurations may vary by customer deployment and agreement. Contact us for detailed security documentation.

Related Pages

Security Questions?

For security inquiries or to request documentation:

support@codefour.us