NPDESTracker
Start a pilot

How it works

How NPDESTracker works for your program.

Three questions come up in almost every procurement conversation: how does onboarding actually work, how is our data handled while we're using the product, and what happens if we leave. Here are the answers in plain language.

Have a procurement or IT question? Email us directly

01 · Getting started

Onboarding is light by default.

Most pilots open the same way. A 30-minute kickoff call to confirm scope, agree on what the program is trying to evaluate, and walk through how the workspace will be set up. The pilot starts with a workspace configured to your permit framework and a starter slice of your real data.

The data import is intentionally light. CSV templates for inspections, BMPs, sites, and outfalls. GeoJSON or shapefile imports for spatial layers from your existing GIS. We do not require you to map your full asset inventory before going live. Most cities are running on sample data within a week, then on a starter slice of their own data shortly after, with the rest coming in as the program runs.

What you do: provide the existing records you want to bring in, identify the inspectors and coordinators who need accounts, and confirm the modules in scope.

What we do: configure the workspace to your permit framework, walk you through the setup, set up user accounts, and stay reachable through the kickoff period. The founder is on the call and on email during the pilot.

If your data needs more than the standard import, like a large historical migration or a complex GIS layer translation, we look at the actual data first and quote a written scope honestly. We do not sell implementation as a separate big-ticket service. The goal is to get you running on your own program, not to maximize billable hours. The full pricing posture is on the pricing page.

  • A 30-minute kickoff call to confirm scope and what success looks like at 90 days
  • A pilot workspace configured to your permit framework and a slice of your real data
  • CSV templates for inspections, BMPs, sites, and outfalls
  • GeoJSON or shapefile imports for spatial layers from your existing GIS
  • User accounts for the inspectors and coordinators who need them
  • Direct access to the founder during the pilot period

02 · Data handling

Your data belongs to your agency.

Your agency's data lives inside its own logical tenant on US-based cloud infrastructure. Every database read and write is scoped to that tenant at the query layer, so a user from one agency cannot see, reference, or modify another agency's records. Connections are TLS-encrypted. Primary data stores use provider-managed encryption at rest.

Who can access your data: the named user accounts for staff at your agency, plus a small number of authorized engineers on our side who maintain the platform. We do not browse customer data without a request from the customer, and we do not share customer data with anyone outside your authorized agency staff.

What we never do: sell your data to third parties, use your data to train AI or machine learning models, or share your data outside the agencies you have authorized.

Audit trail: create, edit, and override events on key compliance records are timestamped and attributed to the user who made them. State agency reviewers asking "what changed and why" get the answer on screen, not from a recovered backup.

The full security posture, including infrastructure, secure development practices, and what we currently do and do not hold for third-party certifications, is on the security page.

  • US-based cloud hosting on mainstream infrastructure providers
  • Per-agency tenant scoping enforced at the database query layer
  • TLS-encrypted connections on every request
  • Provider-managed encryption at rest for primary data stores
  • Regular automated backups with a defined retention window
  • Timestamped, user-attributed audit log on key compliance records

03 · If you leave

You can leave with your data, cleanly.

If a pilot does not convert, or an annual customer decides to move on later, the offboarding process is straightforward. Your data is yours throughout the relationship and yours after it ends. We are not going to make leaving harder than starting.

Exports happen at any time, not just at the end. You can pull your data in standard formats whenever you want. CSV for tabular records, JSON for structured exports, GeoJSON and shapefile for spatial data, and PDF for finalized reports. Coordinates and per-feature attributes are preserved on spatial exports so the data lands cleanly inside ArcGIS, QGIS, or wherever it is going next.

Offboarding itself: on notice from the agency, we coordinate a final export bundle, hand it over, and proceed with data deletion on the schedule defined in your contract. Most offboarding wraps cleanly within a defined window after the final bundle is delivered.

What we do not do: hold your data as leverage to extend the relationship, charge a separate fee for the final export, or strip metadata from records on the way out. Offboarding is part of the contract, not an upsell opportunity.

The point of writing this down publicly is that you can include it in procurement review with your IT or finance staff before you ever sign a pilot. There is nothing in the offboarding posture that we would not want a city attorney to read.

  • Full data export at any time during the contract, not just at the end
  • Standard formats: CSV, JSON, GeoJSON, shapefile, and PDF reports
  • Coordinates and per-feature attributes preserved on spatial exports
  • Final export bundle delivered as part of offboarding
  • Data deletion on the schedule defined in your contract
  • No proprietary lock-in, no retention as leverage

Questions we expect

Things procurement and IT typically ask.

Where is the data physically stored?

On US-based cloud infrastructure operated by a mainstream provider. The detailed list of providers and supplemental security documentation is available under NDA where appropriate. Reach out and we will share what your IT review needs.

Do you hold SOC 2 or ISO 27001?

We do not currently hold those certifications, and we do not claim them. What we do have is a clear architecture, an accountable team, and direct answers to procurement questionnaires. If a control is in place, we document it. If it is not, we say so. The full posture is on the security page.

Can we get our data out before signing anything?

The interactive demo runs against sample data only, so there is nothing of yours to export yet. During a pilot, you can export at any time. The export formats and fields are documented in the platform, not gated behind a support request.

What if our IT team needs a security questionnaire filled out?

Send it. We respond to public-sector procurement questionnaires and provide what we can answer, plus what we cannot, honestly. Detailed responses, architecture diagrams, and supplemental documentation are available under NDA where appropriate.

Who do we email with questions during a pilot?

The founder. Pilots are not handed off to a support queue. The same person who runs the kickoff call answers procurement questions, IT questions, and stormwater coordinator questions during the 90-day window.

Bring this page into the procurement review.

The point of writing this down is so your IT and procurement reviewers can read it before any call. If something is unclear or your team needs more depth, the founder reads every email.

Try the demo Or email procurement questions