NPDESTracker
Try the demo

Security

Security posture, written plainly.

NPDESTracker is browser-based compliance software for municipal stormwater programs. This page summarizes how the service is built, accessed, and operated — with no marketing gloss.

Have a security questionnaire? Email us directly

Overview

An honest summary.

NPDESTracker is cloud-hosted, browser-based software. You access it through a standard web browser over an encrypted connection — nothing is installed on an inspector's laptop or a coordinator's desktop. Your agency's data lives inside its own logical tenant, separated from every other customer's data at the database query layer.

We do not currently hold third-party certifications such as SOC 2 or ISO 27001, and we don't claim them. What we do have is a clear architecture, an accountable team, and direct answers to the questions your IT and procurement teams are going to ask. If we commit to a control, we'll document it. If we don't have one, we'll tell you.

The sections below cover how access, data, and operations are handled today.

What this page is (and isn't).

This is a public summary — a starting point for procurement and IT review. For detailed responses to a security questionnaire, architecture diagrams, or a vendor assessment, reach out and we'll share supplemental documentation under NDA where appropriate.

01 · Authentication

Signed in. Scoped. Session-aware.

Every user has their own account. Access to the application is always over HTTPS, with TLS encrypting data in transit between the browser and our servers. Sessions expire on a fixed schedule and on explicit sign-out.

  • Per-user named accounts — no shared credentials across staff
  • TLS-encrypted connections on every request
  • Email-verified password reset flow
  • Automatic session expiration and explicit sign-out
  • Progressive lockout on repeated failed login attempts

02 · Tenant isolation

Your data belongs to your agency. Full stop.

NPDESTracker is a multi-tenant platform. Each customer — each city, county, district, or authority — operates inside its own logical tenant. Every database read and write is scoped to a tenant identifier at the query layer, so a user from one agency cannot see, reference, or modify another agency's records.

  • Per-agency tenant scoping enforced at the query layer
  • User accounts bound to a single agency
  • No cross-agency record references in core data models
  • Data ownership remains with the agency at all times
  • Exports available in standard formats (CSV, JSON) on authorized request
  • Account removal on customer request follows a defined schedule

03 · Audit & traceability

Every change, attributable.

Compliance work lives and dies by documentation. NPDESTracker records who did what, when — from a new inspection entry to an amendment on a previously submitted report. Audit trails support both operational review inside your agency and external requests from permitting authorities.

  • Timestamped, user-attributed records for create, edit, and delete events on key compliance data
  • Field-level change history where compliance documentation requires it
  • Audit data accessible to authorized agency administrators
  • Audit exports available on request for state-agency inquiries or internal reviews
  • Access-log review available to support incident investigation

04 · Hosting & infrastructure

Built on infrastructure your IT team already knows.

NPDESTracker runs on mainstream, US-based cloud infrastructure — the same providers state governments and large municipal agencies already rely on. Application, web, and database layers run inside managed infrastructure. No customer data is stored on employee laptops or inspector devices.

  • US-based cloud hosting on leading infrastructure providers
  • TLS for data in transit; provider-managed encryption at rest for primary data stores
  • Regular automated backups with a defined retention window
  • Isolated production, staging, and development environments — customer data does not flow to non-production systems
  • Infrastructure access restricted to authorized engineers on a need-to-know basis

05 · Secure development

Security as a continuous practice, not an audit event.

Security is a habit in how the code is written, reviewed, and shipped — not a one-time certification. NPDESTracker follows standard industry practices for secure software development and responsive patching, and we update this posture as the product grows.

  • Changes reviewed before reaching production
  • Automated dependency scanning for known vulnerabilities
  • Prompt patching of security-relevant dependency updates
  • Least-privilege access for internal admin and support tooling
  • Responsible disclosure contact for reporting suspected vulnerabilities
  • Supplemental security documentation available to customers on request, under NDA where appropriate

Have a procurement questionnaire?

Send us your security assessment, RFP requirements, or vendor questionnaire. We respond to public-sector due diligence and will provide what we can — and be straightforward about what we can't.

Email security questions Or try the demo