Home/RC Lite
Assurance
Trust & compliance disclosures
Agencies and CAD vendors scrutinize attestations harder than SaaS KPIs — we disclose control intent without claiming formal certifications until evidence exists. Language stays alignment-based unless your contract references executed accreditation artifacts.
CJIS-aligned controls
Control mapping and evidence collection for agencies requiring CJIS Security Policy alignment—without claiming formal CJIS approval until your program has executed required agreements.
SOC 2 roadmap
Policy, evidence, pen tests, vendor risk, and uptime reporting aligned toward SOC 2 readiness.
Encryption posture
TLS in transit plus KMS-backed encryption envelopes for persisted secrets/tokens/media metadata.
Audit logging
API request envelopes with tenant/key identifiers suited for agency audit exports.
Tenant isolation
Per-tenant scoping enforced on every authenticated call; denies cross-tenant reads/writes by default.
Data retention
Configurable retention horizons for transcripts, QA artifacts, and media TTL (contract bound).
Subprocessors
Disclosed infrastructure stack (AWS primitives, KMS, telemetry) documented for procurement reviews.
Incident response contact
Coordinated escalation for API availability and suspected credential compromise workflows.
Responsible disclosure
Coordinated researcher reporting path with agreed SLAs.
Security contact
Public safety–aware security desk for agencies and CAD vendor partners.
Uptime transparency
Planned ingestion of SLA counters into the public `/developers/status` timeline.
Security contact pathways, executed DPAs/BAA packages, CJIS SLA riders, SOC 2 reports, uptime exports, vendor questionnaires — request those artifacts through your onboarding team; this page is explanatory only.