A litigation-defense product has to be defensible itself.
Custos handles sensitive grievance, medical, and PREA data. Here is how it's protected, what we've built, and exactly where we are on formal attestations — stated plainly, because your counsel will ask.
Built in
Security that ships today.
Tamper-evident ledger
Grievance actions are hash-chained and append-only. Records can be added and resolved, never silently altered or deleted.
Encryption in transit & at rest
TLS for all traffic; encrypted storage for grievance, medical, and PREA content.
Role-based access control
Counsel, command staff, and line officers see only what their role permits. Every view and change is logged.
Full audit trail
Who saw what, when, and what changed — a complete, exportable history for every record.
PREA-aware data handling
Confidential reports route off-unit and restrict visibility per §115.52.
Retention controls
Configurable retention to match your state schedule, with defensible deletion logging.
Where we are
Compliance roadmap, stated honestly.
We won't claim certifications we don't hold. Here's the real status — and what a pilot can proceed under in the meantime.
CJIS Security Policy alignment
Architecture and access controls built to CJIS standards; pursuing formal state CSA review. Pilots run under a county-supervised data agreement.
SOC 2 Type II
Controls implemented; observation window and third-party audit targeted next. Type I report available to pilot partners on request.
Tamper-evident record architecture
Hash-chained, append-only grievance ledger is in production today.
Encryption & RBAC
TLS in transit, encrypted at rest, role-based access with full logging — shipping now.
Data Processing Agreement
County-specific DPA and security questionnaire ready for counsel review.
Custos is software, not legal advice. Compliance status is current as of June 2026 and provided for your counsel's due diligence; certifications are pursued on the timeline noted above.
Need the security packet for review?
We'll send the DPA, security questionnaire, and architecture overview for your counsel and IT.
Request the security packet