Skip to main content
Civic DeskBack to home

Security & Data Handling

Security & Data Handling

Civic Desk is a SaaS product built and operated by Compubility, LLC. This page describes how we host, store, and protect municipal and resident data within the Civic Desk platform.

Hosting and data residency

Civic Desk runs on Amazon Web Services (AWS). All data is stored and processed within the United States:

  • Primary region: AWS US East (us-east-1). No data is processed or stored outside the United States.
  • Database: Amazon RDS (PostgreSQL) with encryption at rest and in transit.
  • Document storage: Amazon S3 with server-side encryption and access controls scoped to each municipality.
  • Email delivery: Amazon SES for transactional notifications.
  • Each municipality's data is logically isolated — no municipality can access another's records.
  • Agencies do not need to provision or manage any infrastructure. Civic Desk is fully managed SaaS.

Data minimization and scope

Within the Civic Desk platform:

  • We design solutions to minimize collection and storage of personal data
  • We avoid storing sensitive data unless the project explicitly requires it and the agency approves the approach
  • If forms are used, we implement only the fields needed and clearly define where submissions are routed (email, CRM, ticket system, database, etc.)

Access controls

We follow least-privilege principles:

  • Separate roles for content authors, editors, and administrators
  • Admin access restricted to the smallest necessary set of users
  • MFA enabled wherever supported (CMS, hosting, source control, email)
  • Access reviewed during handoff and after major personnel changes (on request)

Secrets and configuration management

We protect credentials and configuration across environments:

  • API keys and secrets are stored in secure environment variable systems (not committed to source control)
  • Production secrets are not shared in plain text
  • Rotation is supported and recommended on a defined cadence or when staff access changes

Backups and recoverability

Backup approach varies by architecture, but typically includes:

  • Source code version control (Git)
  • CMS content export and/or space/environment backup strategy
  • Deployment rollback support (where available)
  • Documentation of restoration steps and ownership (agency vs Compubility)

For projects requiring stronger disaster recovery guarantees, we define explicit RPO/RTO expectations in the SOW.

Logging, monitoring, and vulnerability management

For supported environments, we implement:

  • uptime/availability monitoring (as part of maintenance plans)
  • error reporting and performance monitoring (as appropriate)
  • dependency patch cadence (routine + expedited for critical advisories)
  • secure headers and baseline hardening measures (e.g., HTTPS, CSP where appropriate)

Incident handling

If we become aware of a suspected security incident impacting a system we manage, we will:

  • promptly notify the agency point of contact
  • preserve relevant logs/telemetry to the extent available
  • assist with investigation, mitigation, and recovery based on the agreed support scope

Specific incident response SLAs and responsibilities can be defined in the maintenance agreement.

Third-party services

Modern web delivery often involves third-party platforms (hosting, CMS, analytics, forms, maps, etc.). When used:

  • we document what services are in scope
  • we limit permissions and access where possible
  • we configure services using security best practices
  • we provide a list of third-party services for agency review

Privacy and public records considerations

We can support privacy notices, consent configurations (where required), and content/data retention requirements as defined by the agency. Final requirements and responsibilities are captured in the SOW.

Contact

For security-related questions or requests:

Email: security@compubility.com

Last updated

Last updated: January 11, 2026