For your IT department.

Where is the data?

All data is stored on Microsoft Azure in US data centers. It is always encrypted — AES-256 at rest, TLS 1.3 in transit. There is no offshore processing and no offshore support.

Does it need anything installed?

No. CivicRecordsOnline runs entirely in the browser. There is nothing to install, no VPN required, no firewall rules to change, and no on-prem hardware. Staff log in with a username and password.

Single sign-on through Azure Entra ID or Google Workspace is available on the Metro plan.

Who can see what?

Access is role-based. Staff see only the requests and documents their role allows. Every action is recorded in an immutable audit trail — who did what, when, and to which record.

What about payment card data?

CivicRecordsOnline does not process payments and does not store credit card or bank account information. It tracks fees as paid, due, or waived; your city collects the actual payment through its existing process. CivicRecordsOnline is not in PCI scope.

How are redactions handled?

Redaction is controlled by authorized staff using browser-based review tools. Auto-PII scans use deterministic pattern matching for structured values such as SSNs, phone numbers, emails, DOB context, addresses, ZIP codes, driver license numbers, VINs, credit cards, IP addresses, and medical code patterns. Staff can also bulk match literal text or regex patterns across a document.

The automation creates draft redactions for review; it does not publish silently. Staff can adjust boxes, add exemption codes and notes, approve or reject drafts, and publish a separate redacted release copy while retaining the original file. Redaction records are included in the audit trail.

The redaction workflow is not generative AI and does not send agency records to train external AI models.

Can we get our data out?

Yes. A full export of all records, documents, audit logs, and user data is available in standard formats at any time. If you cancel, we delete all data within 30 days of your request.

Can we bring data in from our current system?

Yes — for request history metadata. The bulk importer is a self-serve CSV upload under Settings → Bulk Import. It includes direct format mappings for NextRequest, GovQA, JustFOIA, FOIAXpress, and MyGovHub exports, plus a generic CSV format for everything else. Original dates, statuses, requester contact information, and source IDs are preserved. Per-row error reports and one-click retry are built in for rows that do not import cleanly.

Document files and attachments are not migrated by the importer. Your previous system can stay accessible as read-only while CivicRecordsOnline becomes the system of record for new requests, or files can be moved on your own timeline.

How is support handled?

Support is in-app. The staff portal includes a Support page where authorized users can open a ticket with subject, category (General, Issue, Billing, Setup), message, and attachments (10 MB per file, 25 MB per ticket). Tickets are scoped per agency, visible only to authorized staff at that agency, and identified by a per-ticket number (SUP-YYYY-XXXXXX) for reference. Each ticket carries a status history (New / In Progress / Resolved) and a threaded reply log; updates trigger email notifications to the agency.

There is no external helpdesk URL, no third-party ticket system to provision, and no support workflow that depends on email forwarding rules at your end.

Accessibility

The public-facing portal is designed to meet WCAG 2.1 AA. An accessibility conformance report is available on request.

What about law enforcement records?

Law enforcement records that do not require CJIS certification are fully supported. This includes body camera footage, incident reports, 911 call recordings, dispatch logs, use of force reports, and police department policies. These records are handled within the platform like any other public record and are subject to your state's exemptions and redaction requirements.

Records classified as Criminal Justice Information (CJI) under the FBI's CJIS Security Policy are out of scope. This includes criminal history records from NCIC, FBI biometric data, and identity history summaries. These records must remain in CJIS-certified systems.

What about HIPAA?

CivicRecordsOnline is not a HIPAA-covered environment. If your city receives records requests involving protected health information, email security@civicrecordsonline.com to discuss how to handle them.

Why the CJIS and HIPAA scope choice matters for budget

CJIS-audited and HIPAA-compliant SaaS platforms carry a substantial structural cost: dedicated infrastructure boundaries, third-party audits, specialized hosting environments, and the staff to maintain all of it. That cost is passed through to customers in the form of five-figure annual contracts.

CivicRecordsOnline is intentionally out of those compliance scopes because the vast majority of municipal public records work — zoning, permits, council correspondence, public works contracts, ordinance drafts, public crime statistics — does not need them. By deliberately not building for CJIS or HIPAA workloads, we keep the platform priced as a normal monthly subscription a department can run on a P-card. The trade-off is explicit and surfaced here so IT can match scope to need before procurement.