Government agencies handle sensitive records, personal data, and confidential case files. Here is what we do to protect them.
An independent auditor reviewed our security controls over a 12-month period and issued an unqualified opinion, meaning our controls passed with no exceptions or reservations. The full report is available on request.
Request the full reportWe are implementing Criminal Justice Information Services controls through Vanta and pursuing a law enforcement sponsor.
We are actively working toward HIPAA compliance to support agencies managing health-related records and programs.
Each agency's data is stored in its own dedicated tenant, enforced at the database row level. No other customer can access it.
We have zero-data retention contracts with Anthropic, OpenAI, and Google Gemini. Your data is never stored or used to train AI models.
Single sign-on integrates with your existing identity provider. Two-factor authentication is available per user and enforceable org-wide.
All data is encrypted in transit (TLS) and at rest. Files are replicated across multiple U.S. locations.
Our AI works from the documents and data in your system. Outputs are grounded in source material, not generated from memory. All AI-generated content is presented for staff review before it is used or sent.
Authentication, administrative, and in-app actions are all logged. Role-based access controls limit what each user can see and do.
Our team comes from environments where security wasn't a policy checkbox. It was the job. We've built cybersecurity tools, fraud detection systems, and data platforms deployed in defense and intelligence. We build Common Sense the same way.


We are glad to walk your IT team through our controls, provide the full SOC 2 report, or complete a security questionnaire.