Skip to content
CivicOS
05 · Powered by Google Cloud

You're not betting on a startup's datacenter. You're running on the same infrastructure that serves Google Search.

This is the page for your IT director and your procurement office. It's also the page your Council will thank you for showing them. No AI hand-waving — just the defensible answer to 'where does our data live and who is watching it.'

Google CloudPartner
Partner status: Active · Renewal audited annually
Request the trust data room
Architecture
Deployment topology
us-central1 · assured workloads
RESIDENT EDGEPortal · SMSCloud CDN + reCAPTCHASTAFF SURFACECivicOS consoleWorkspace SSO · IAMCIVICOS COREAgent orchestration· FOIL agent· Permit intake· Meeting intel· Constituent cluster· Grant / knowledgeGEMINI ENTERPRISEGrounded LLMData governance · DLPPII masking · RBACAudit logsGROUNDED DATA· Google Drive · Gmail· Ordinance PDFs· Meeting audio· ERP / permits API· Legacy GIS· CJIS boundaryVPC-SC · CMEK · AuditPOLICY ENVELOPE — YOUR IAM, YOUR KEYS, YOUR REGION
Simplified topology. Detailed reference architecture available under NDA.
Compliance posture

The certifications your procurement office will ask about, listed before they ask.

Every item below is current, auditable, and documented. We publish attestation summaries under NDA during the procurement phase. Your security team can ask us the hard questions — we'd rather you do it before you sign than after you go live.

SOC 2 Type II

Independently audited. Report available under NDA during procurement.

FedRAMP-aligned

Architected on Google Cloud Assured Workloads tiers available on request.

CJIS-capable

Isolated data planes, logging, and access controls for law-enforcement-adjacent data.

WCAG 2.1 AA

Every resident-facing surface audited quarterly by a third-party accessibility firm.

US data residency

All data and processing kept in US Google Cloud regions. No cross-border transfer.

CMEK & VPC-SC

Customer-managed keys and VPC Service Controls available for sensitive deployments.

Security, layer by layer

What's protecting your residents' data at every point in the path.

VPC Service Controls

Data perimeter that prevents exfiltration even if a credential is compromised. Configurable per agent, per dataset, per region.

Customer-managed keys (CMEK)

You control the encryption keys. You control the rotation schedule. You control the revocation — we go dark if you do.

US data residency

All data at rest and all Gemini inference stays in US Google Cloud regions. Assured Workloads tiers available for regulated datasets.

IAM + Workspace SSO

Staff sign in through your existing Google Workspace. Roles enforced in the console, at the data layer, and in every audit export.

Cloud Audit Logs

Every data read and every agent action. Exportable to your SIEM of choice. Retained per your policy, not ours.

Encryption everywhere

AES-256 at rest. TLS 1.3 in transit. Hardware-backed confidential computing on eligible workloads.

Shared responsibility

Who is on the hook for what — written down.

The muddiest part of any SaaS contract with a municipality is the responsibility model. Here is ours, on one page, before you ask. We'll sign it as an annex.

ConcernGoogle CloudCivicOSYou
Physical datacenter
Host OS + hypervisor
Platform runtime
Agent behavior policies
Data classification
User access + RBAC
What data is ingested
Approvals on citizen output
● = primary responsible party
Request our trust data room How Gemini Enterprise fits in