Trust & Security

Government agencies handle sensitive records, personal data, and confidential case files. Here is what we do to protect them.

SOC 2 Type II

SOC 2 Type II

An independent auditor reviewed our security controls over a 12-month period and issued an unqualified opinion, meaning our controls passed with no exceptions or reservations. The full report is available on request.

Request the full report
In Progress

CJIS

We are implementing Criminal Justice Information Services controls through Vanta and pursuing a law enforcement sponsor.

In Progress

HIPAA

We are actively working toward HIPAA compliance to support agencies managing health-related records and programs.

Tenant isolation

Each agency's data is stored in its own dedicated tenant, enforced at the database row level. No other customer can access it.

No AI training

We have zero-data retention contracts with Anthropic, OpenAI, and Google Gemini. Your data is never stored or used to train AI models.

SAML SSO & 2FA

Single sign-on integrates with your existing identity provider. Two-factor authentication is available per user and enforceable org-wide.

Encryption

All data is encrypted in transit (TLS) and at rest. Files are replicated across multiple U.S. locations.

AI accuracy

Our AI works from the documents and data in your system. Outputs are grounded in source material, not generated from memory. All AI-generated content is presented for staff review before it is used or sent.

Audit logging

Authentication, administrative, and in-app actions are all logged. Role-based access controls limit what each user can see and do.

Our Team's Security Experience

Our team comes from environments where security wasn't a policy checkbox. It was the job. We've built cybersecurity tools, fraud detection systems, and data platforms deployed in defense and intelligence. We build Common Sense the same way.

Palantir
Tanium
Square
Hinge Health
Amazon Web Services

More questions?

We are glad to walk your IT team through our controls, provide the full SOC 2 report, or complete a security questionnaire.