Procurement & Trust
The information procurement, privacy, and IT teams need to evaluate CivicPermit.Solutions with confidence.
What You Need to Know
Key areas for public-sector due diligence
- All data hosted in Canadian data centers (Montreal and Toronto)
- Architecture designed so municipal data does not leave Canadian jurisdiction
- Infrastructure partners maintain SOC 2 Type II and ISO 27001 certifications
- Architecture designed to avoid US-based subprocessors for municipal data storage
- TLS 1.3 in transit, AES-256 at rest
- SAML 2.0 / OIDC single sign-on with Microsoft Entra ID
- Multi-factor authentication enforced for all staff accounts
- Role-based access control with database-level row security
- Immutable audit logs for all consequential actions
- Infrastructure partners conduct regular penetration testing
- The municipality owns its data at all times
- Full data export available in open formats (CSV, JSON, SQL, GeoJSON)
- Data deletion within 90 days of export confirmation upon contract termination
- No proprietary file formats or vendor lock-in
- PostgreSQL database with open data model
- Included in subscription: hosting, monitoring, security updates, platform improvements
- Business-hours support via email and phone (AST)
- Dedicated onboarding contact during implementation
- Escalation path with response targets defined in the service agreement
- In-person engagement available for New Brunswick municipalities
- Designed to support FOIP, ATIA, MFIPPA, PoPA, and equivalent frameworks
- Privacy Impact Assessment available on request
- Data Processing Agreement available for service agreements
- We act as data processor; the municipality remains data controller
- Canadian-incorporated company (New Brunswick)
- Fixed-scope project engagements with written quotes
- Annual subscription with no multi-year lock-in
- Unlimited users — no per-seat licensing
- References and demo available upon request
Procurement FAQ
Common questions from municipal procurement teams
Can we do a security review before signing?
Yes. We welcome security questionnaires and can provide our security documentation, architecture overview, and infrastructure partner certifications. For municipalities that require it, we can arrange a technical review call.
Do you support sole-source or competitive procurement?
Both. We can respond to formal RFPs and RFQs, or provide documentation suitable for sole-source justification where permitted by your procurement policy.
What happens if we want to leave?
Your data is exported in open formats at no additional cost. We provide a transition period (typically 90 days) to ensure continuity. There are no exit fees.
Do you carry liability insurance?
We carry appropriate business insurance. Certificate of insurance available on request as part of the procurement process.
Can the contract include specific SLA targets?
Yes. Uptime, response time, and support targets can be defined in the service agreement based on your requirements and the selected support tier.
Available Documentation
Request any of the following for your evaluation
Need Procurement Documentation?
Contact us and we'll provide the materials your evaluation requires.