NPDESTracker
View sample workspace

Security

Security posture, written plainly.

NPDESTracker is browser-based compliance software for municipal stormwater programs. This page summarizes how the service is built, accessed, and operated, with no marketing gloss.

Have a security questionnaire? Email us directly

Overview

An honest summary.

NPDESTracker is cloud-hosted, browser-based software. You access it through a standard web browser over an encrypted connection. Nothing is installed on an inspector's laptop or a coordinator's desktop. Your agency's data lives inside its own logical tenant, separated from every other customer's data at the database query layer.

We do not currently hold third-party certifications such as SOC 2 or ISO 27001, and we don't claim them. What we do have is a clear architecture, an accountable team, and direct answers to the questions your IT and procurement teams are going to ask. If we commit to a control, we'll document it. If we don't have one, we'll tell you.

The sections below cover how access, data, and operations are handled today. For the operational side of the relationship (onboarding, day-to-day data handling, and what happens if you leave), see how it works.

What this page is (and isn't).

This is a public summary, a starting point for procurement and IT review. For detailed responses to a security questionnaire, architecture diagrams, or a vendor assessment, reach out and we'll share supplemental documentation under NDA where appropriate.

01 · Authentication

Signed in. Scoped. Session-aware.

Every user has their own account with a defined role inside their agency's tenant. Access to the application is always over HTTPS, with TLS encrypting data in transit between the browser and our servers. Sessions expire on a fixed schedule and on explicit sign-out.

  • Per-user named accounts. No shared credentials across staff.
  • Role-based access inside each tenant (administrator, coordinator, inspector, viewer)
  • Multi-factor authentication is supported and recommended for administrator accounts
  • TLS-encrypted connections on every request
  • Email-verified password reset flow
  • Automatic session expiration and explicit sign-out
  • Progressive lockout on repeated failed login attempts

02 · Tenant isolation

Your data belongs to your agency. Full stop.

NPDESTracker is a multi-tenant platform. Each customer (a city, county, district, or authority) operates inside its own logical tenant. Every database read and write is scoped to a tenant identifier at the query layer, with row-level separation between tenants, so a user from one agency cannot see, reference, or modify another agency's records.

  • Per-agency tenant scoping enforced at the query layer with row-level separation between tenants
  • User accounts bound to a single agency
  • No cross-agency record references in core data models
  • A public demo tenant is available for prospective buyers and is read-only. Visitors cannot save, edit, or delete records inside the demo.
  • Data ownership remains with the agency at all times
  • Exports available in standard formats (CSV, JSON, and GeoJSON where applicable) on authorized request
  • Customer GIS file uploads are preserved separately from the map-optimized display layer used in the workspace, so the original file is retained where it was provided
  • Pilot customers can receive a clean export of what they logged during the pilot if they do not continue
  • Account removal on customer request follows a defined schedule

03 · Audit & traceability

Every change, attributable.

Compliance work lives and dies by documentation. NPDESTracker records who did what, and when, from a new inspection entry to an amendment on a previously submitted report. Audit trails support both operational review inside your agency and external requests from permitting authorities.

  • Timestamped, user-attributed records for create, edit, and delete events on key compliance data
  • Field-level change history where compliance documentation requires it
  • Audit data accessible to authorized agency administrators
  • Audit exports available on request for state-agency inquiries or internal reviews
  • Access-log review available to support incident investigation

04 · Hosting & infrastructure

Built on infrastructure your IT team already knows.

NPDESTracker runs on mainstream, US-based cloud infrastructure, the same providers state governments and large municipal agencies already rely on. Application, web, and database layers run inside managed infrastructure. No customer data is stored on employee laptops or inspector devices. NPDESTracker uses managed cloud infrastructure for database, authentication, and file storage. NPDESTracker still controls application access, tenant scoping, roles, and product behavior.

  • US-based cloud hosting on leading infrastructure providers
  • TLS for data in transit; provider-managed encryption at rest for primary data stores
  • Production workspaces use managed database backups with a defined retention window on primary data stores
  • Isolated production, staging, and development environments. Customer data does not flow to non-production systems.
  • Infrastructure access restricted to authorized engineers on a need-to-know basis

05 · Secure development

Security as a continuous practice, not an audit event.

Security is a habit in how the code is written, reviewed, and shipped, not a one-time certification. NPDESTracker follows standard industry practices for secure software development and responsive patching, and we update this posture as the product grows.

  • Changes reviewed before reaching production
  • Automated dependency scanning for known vulnerabilities
  • Prompt patching of security-relevant dependency updates
  • Internal admin tooling is restricted to a named NPDESTracker staff allowlist on a least-privilege basis
  • Service-role and infrastructure credentials are restricted to authorized engineers and not used for routine support
  • Responsible disclosure contact for reporting suspected vulnerabilities
  • Supplemental security documentation available to customers on request, under NDA where appropriate

06 · Security contact

How to reach us about a security concern.

If you believe you've found a security issue in NPDESTracker, the marketing website, or the application, please reach out so we can investigate. We treat well-intentioned reports as collaboration, not as adversarial.

  • Email admin@npdestracker.com with "Security" in the subject line
  • Include enough detail to reproduce the issue, but avoid sharing exploitation steps publicly
  • We will acknowledge receipt and follow up with next steps
  • If a customer suspects a tenant compromise, please email promptly so we can help investigate access logs

Have a procurement questionnaire?

Send us your security assessment, RFP requirements, or vendor questionnaire. We respond to public-sector due diligence and will provide what we can, and be straightforward about what we can't.

Email security questions Or try the demo