Security & Trust
Written for the IT director who has to say yes. Plain language, no security theater. If your agency needs something you do not see here, ask — bespoke configurations (dedicated deployments, custom controls, additional attestations) are available as paid engagements.
Our posture, honestly
CivicHub360 serves counties, cities, nonprofits, and the businesses that stand with them. We treat your community's data as something lent to us, not given: least-privilege access enforced in the database, accountability logging modeled after the same standards we ask of our users, and a paper trail your auditors can read.
What we ask of your IT team
Grant the IT Admin role to your security staff (their own portal manages IP allow-lists and MFA policy), verify your organization's domain during onboarding, and tell us your requirements — data-sharing agreements, additional-insured endorsements, and security questionnaires are part of normal business for us.
Scope notes
CivicHub360 is not designed for Criminal Justice Information (CJIS) and we scope it out of our Terms. Incident response follows our NIST 800-61-aligned plan with breach notification per California Civil Code §1798.29/.82. Questions, questionnaires, or document requests: security@civichub360.ai.