Custody of public records. Held in public trust.
A town's records — every receipt, every permit, every council vote — are public-trust documents. Losing them, leaking them, or being unable to produce them in court isn't a bad day at the office; it's a governance failure. We built TownAdminPro accordingly.
Encryption
Records are encrypted at rest with AES-256 and in flight with TLS 1.3. Backups are encrypted with their own key. Sensitive identifiers — SSN, DOB, account numbers, contact details — get an additional column-level encryption layer so even an internal breach can't reveal them.
Identity
Staff sign in through your existing identity provider via SAML or OIDC — no separate password to leak. Multi-factor authentication is enforced. Permissions are per-record, not just per-module: a code officer can see code cases without seeing payroll.
Audit
Every read and every write is logged with the actor, the timestamp, and the change. Logs are append-only and tamper-evident — a court-grade evidence chain if it ever needs to stand up to evidentiary scrutiny. Public-records requests pull a time-bounded export with redaction tools built in.
Accessibility
Both the staff app and the resident portal target WCAG 2.1 AA on every release. Each major release will be third-party audited and the report published. Tested on NVDA, VoiceOver, and JAWS. Every flow is keyboard-only navigable.
Resilience
Hourly incremental backups across multiple regions. Blue-green deploys mean zero-downtime updates. We can roll back any change inside ninety seconds. Quarterly disaster-recovery drills run end-to-end; the report goes to every customer.
Posture
Annual third-party penetration test, starting with the first major release. Every release ships with a software bill of materials. Critical patches deploy within 72 hours of disclosure. We do not sell, syndicate, or share resident data with anyone — ever, under any business model.
Yours. Always. Exclusively.
Everything in TownAdminPro is the town's property. The data model is documented. Exports are one click. Your contract terminates with a single clause: we hand you a complete, encrypted dump of every record, document, photo, audit log, and configuration file — and walk away.
We do not sell, syndicate, or share resident data with anyone — ever, under any business model. We do not train AI models on it. We do not aggregate it for benchmarking. The records are yours; our job is to hold them safely.
Status page. Real postmortems. Honest dates.
Target uptime is 99.9%, monitored independently. Status is public at status.townadminpro.com. Any unplanned outage triggers an incident report within 24 hours and a public postmortem within 5 business days.
Found something? Tell us first.
We welcome reports from researchers, customers, and the public. Send a description and reproduction steps through the contact form with "Security report" in the message. We respond within 24 hours, patch critical issues within 72 hours, and operate a researcher safe-harbor policy.
Compliance is the floor. Not a feature.
Where we can be certified, we will be. Where the framework is a set of controls rather than a certificate, we map and document. Status is plainly stated below — never aspirational marketing.
Run your town
on one system.
Thirty-minute discovery call with the actual builders. Bring last month's spreadsheets; we'll bring the questions.