For courts · agencies · enterprise

Built for government-grade partnerships.

This page is maintained by the REBUILT OS team to answer common security, privacy, and compliance questions from public-sector partners. It describes controls that are enabled in the platform today and is not an independent certification.

Row-level security

Every table is protected by policies scoped to the signed-in user and their role. Data is not returned unless the caller is authorized.

Least-privilege access

Roles (participant, mentor, family, court, employer, admin) grant only the minimum data each role needs to do their job.

Explicit consent

Participants control what family, employers, and courts can see, with versioned consents and timestamps.

Immutable audit trail

Sensitive reads, writes, and administrative actions are recorded with actor, action, and time.

Managed encryption

Data is encrypted at rest and in transit through our managed cloud backend.

Privacy by default

Personal information is never publicly readable. Public statistics are aggregated and anonymized.

Retention & deletion

Records follow program-defined retention. Participants can request deletion of eligible personal data.

Incident response

Security events are logged and reviewed. Verified incidents trigger notification to affected parties.

Shared responsibility

REBUILT OS operates the platform, its managed cloud backend, and platform-level controls listed above. Partner organizations are responsible for administering their own users, managing their consent workflows, and handling data they export or share outside the platform.