Data Handling
eCourtDate processes sensitive data on behalf of justice-sector agencies, including criminal justice information (CJI), personally identifiable information (PII), and court records. This page describes how the platform classifies, protects, and manages that data.
Data Classification
| Classification | Examples | Handling Requirements |
|---|---|---|
| Criminal Justice Information (CJI) | Arrest records, warrants, citations, case dispositions | CJIS Security Policy controls: encryption, access controls, audit logging, MFA |
| Personally Identifiable Information (PII) | Names, phone numbers, email addresses, dates of birth | Encryption in transit and at rest, PII removal options, access logging |
| Court Records | Case filings, hearing schedules, docket entries | Agency-defined access controls, encrypted storage, audit trail |
| System / Operational Data | API logs, error logs, webhook delivery records | Encrypted storage, retention per platform policy |
Platform Data Handling Controls
eCourtDate implements the following controls to protect agency data:
- Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES 256-bit). See Encryption.
- PII removal: PII can be removed or redacted before data is exported or sent to external services, including AI model providers.
- Reference-based identifiers: The platform supports
client_referenceandevent_referencefields to allow agencies to track records without exposing PII in logs or integrations. - No AI training on customer data: Customer data is never used to train AI models. See AI Policies.
- Customer owns all data: Agencies retain full ownership of their data. eCourtDate does not claim ownership of any customer data.
- Agency-scoped access: API clients and user accounts are scoped to individual agencies. Cross-agency data access is not possible through a single client.
Data Residency
All eCourtDate data resides within the United States, hosted in AWS GovCloud (US). Agencies select a deployment region during onboarding:
- US East, US West, US South, US Texas, or Multi-Region
- All regions operate within AWS GovCloud, a physically isolated environment operated by US persons on US soil
See Infrastructure for region details and Environments for API base URLs.
For data residency requirements beyond the available US regions, contact the eCourtDate team through the Help Center.
Data Retention
- Audit logs: Logs are never deleted. See Audit Logging.
- Backups: Automated hourly backups within AWS GovCloud. See Business Continuity.
For specific data retention periods, data destruction procedures, and retention policy documentation, contact the eCourtDate security team through the Help Center.
Best Practices for Agencies
In addition to the controls eCourtDate provides, agencies should follow these practices for their own systems and workflows:
- Minimize data collection: Only send and store data that is necessary for the integration
- Use reference fields: Use
client_referenceandevent_referenceinstead of PII in logs and external systems - Encrypt data in your systems: Ensure data at rest in your own systems is encrypted
- Implement retention policies: Define and enforce data retention schedules for records that are no longer needed
- Audit access regularly: Review who has access to sensitive data in your organization
- Train staff on PII handling: Ensure personnel understand proper procedures for handling CJI and PII
- Classify your data: Identify which fields in your integrations contain PII (names, phone numbers, emails, case numbers) and handle them accordingly
Related Pages
- Encryption: Encryption standards for data in transit and at rest
- Access Control: How access to data is controlled
- Audit Logging: How data access is logged and monitored
- Compliance Framework: CJIS, FedRAMP, and other frameworks
- AI Policies: How AI features handle customer data