Public marketing site
Product information, methodology, security disclosures, and demo requests.
Current releaseSecurity and privacy
Reentry Address separates public information, sales inquiries, and product education from the protected workspace where authorized organizations would manage operational records.
Current boundary
The public Reentry Address site explains the product and collects business inquiries. It should not receive client names, registry details, victim information, medical records, Social Security numbers, court files, or other case documents.
Product information, methodology, security disclosures, and demo requests.
Current releaseApproved users, limited or non-identifying data, and explicit browser-storage warnings.
Controlled use onlyNamed users, MFA, roles, central database, audit history, private files, and organization isolation.
Production build pathProduction model
An IP address can strengthen access policy, but it cannot replace named user identity.
Every user should have a unique identity. Shared accounts undermine accountability and make offboarding unreliable.
Case workers, reviewers, housing providers, auditors, organization administrators, and platform staff need different authority.
Every protected record should be tied to an organization and checked server-side before it is returned.
Operational records should move out of browser localStorage into encrypted, backed-up, access-controlled services.
Record the user, organization, action, changed values, time, rule version, source versions, and review decision.
Generate official reports from frozen server-side inputs and preserve a hash so the result can be reproduced later.
Data minimization
A housing-screening product should not become a second criminal-history database.
Use case identifiers or initials where full identity is unnecessary for the task.
Records should have a business reason, owner, retention period, and deletion or legal-hold process.
Supporting documents should use private object storage and short-lived download links.
Platform staff access should be time-limited, logged, approved, and restricted to what support requires.
Claims we will not make
Trust collapses when a product claims certifications or protections it has not earned.
A clearer first step
We would rather identify a control gap before a pilot than explain it after live data is involved.