Security at eCourtDate
Secured communication and payment platform for the justice system.

Firewall and DDoS protection

Hosted in the CJIS-compliant AWS GovCloud™

Single Sign On with Azure and Office365
Government-grade Encryption
HTTPS enforced everywhere and AES 256-bit encryption at rest.
User Audit Logs
Track all user changes with searchable and exportable audit logs.
Role-based Access Control
Define each role and user permission at a granular level.
Multifactor Authentication
MFA is automatically enforced for every user with FIDO2 support.
API Key Management
Create and manage secure and expirable API keys.
Disaster Recovery
Automated rollover and hourly data backups ensure 99.9% uptime.
How We Secure Your Data
Securing your data is a critical responsibility, and ensuring its protection is at the core of everything we do. We combine expertise, vigilance, and automation to keep data protected. We are happy to answer any of your questions regarding our security practices.
Account
We offer integration with third-party authentication services like Office 365, Google, LinkedIn, OAuth 2.0, and LDAP. You can enforce password policies for your internal users based on granular permission access policies.
Monitoring
Our support team continuously monitors the performance and integrity of our services, including intrusion attempts, via comprehensive monitoring tools. We can anticipate potential issues and deploy solutions to prevent them from happening. We are proactive rather than reactive.
Zero-Trust Network
eCourtDate operates a Zero-Trust Network architecture without any trusted network segments. Network communication is encrypted in transit and at rest.
Data Integrity
Backups occur via continuous streaming replication and frequent snapshots. We maintain firewalls on our edge servers and origin load balancers.
Physical Security
We host eCourtDate on AWS GovCloud (US). GovCloud data centers host sensitive data and regulated workloads and address the most stringent US government security and compliance requirements.
Payment Processing
We do not store credit card or payment information on our servers. Payment information is transmitted directly to a PCI-compliant payment processor of your choice via HTTPS for secure processing.
Security Assessments
Multi-Tenant Serverless Architecture
We use a distributed, serverless cloud-native architecture for maximum security, performance, and capability. Each agency is assigned an isolated tenant based on their optimal GovCloud region.
See Tenant Schema
Read-Only User Audit Logs
We store user activity in read-only, encrypted audit logs. Authorized users can search and download real-time and historical records through a web-based console.
- Auto-scrub personally identifiable information (PII).
- Search recent logs across authorized agencies and users.
- Bulk export all-time logs to CSV and JSON.
Granular Roles and Permissions
Configure user access with customizable roles and permissions.
- Assign record-level Create, Read, Update, or Delete permissions.
- Auto-match existing Identity Provider groups to roles.
- Conditional rules based on user-to-client assignment.
- Simulate permissions to streamline access-control testing.
- Hide in-app navigations and features by role.
- Auto-filter personally identifiable information (PII).


Malicious File Scanning
We automatically scan user-uploaded files against multiple signature databases to detect trojans, viruses, and malware.
Software Bill of Materials
Third-party vendors that we use to operate the eCourtDate platform.

Amazon Web Services
We use Amazon Web Services as an IaaS (infrastructure-as-a-service) provider.

Microsoft Azure
We use Azure as an IaaS (infrastructure-as-a-service) provider.

GitHub
We use GitHub to manage our source version control.

CloudFlare
We use CloudFlare for our content delivery network and DDoS protection.
Postman
We use Postman to design and test our APIs.
Auth0
We use Auth0 to handle authentication for our users.
Intercom
We use Intercom to power our chat for supporting users.

DataDog
We use Datadog to monitor our infrastructure health.
Let's Encrypt
We use Let's Encrypt to provision our SSL certificates.
Are You A Security Researcher?