Dashboard

Case & records operations · May 2026

Total Records

12,847

+1.8% from last month

Added This Month

234

Across 5 jurisdictions

Pending Review

18

3 over SLA

Legal Hold

7

Active investigations

Recent Activity

View audit log →

Records by Country

Distribution as of today

All Records

Search, filter and manage every case file in the vault.

ID	Holder	Document	Country	Created	Last Accessed	Status

Audit Log

Immutable record of every action in the vault.

WORM-protected · S3 Object Lock (Compliance Mode)

Timestamp	User	Action	Record	IP	Result

Compliance

Per-jurisdiction regulatory posture · NIST SP 800-53 Rev. 5 aligned · adaptable to agency mission requirements.

GDPR Compliant

Spain · EU

2,103

records · 98.7% coverage

LFPDPPP Compliant

Mexico

4,521

records · 99.4% coverage

LGPD Action needed

Brazil

1,847

records · 92.1% coverage

HIPAA Compliant

USA

3,012

records · 100% coverage

Active Retention Policies

Applied per jurisdiction · auto-enforced

Brazil · LGPD

5 years after relationship ends

1,847 records

Mexico · LFPDPPP

10 years for financial documents

4,521 records

Spain · EU GDPR

6 years after contract termination

2,103 records

USA · HIPAA

6 years after last service date

3,012 records

Colombia · Law 1581

2 years after authorization revoked

1,364 records

Right-to-be-Forgotten Requests

Recent submissions · last 30 days

Andreas Müller

Spain · EU · submitted 12 min ago

Pending

Paula Ferreira

Brazil · processed 3 days ago

Completed

Carlos Mendoza

Mexico · awaiting legal review

In Review

Services & Technology Stack

Every security claim is backed by a named, auditable technology. No black boxes — full disclosure for assessor review.

Record Lifecycle — One Policy Plane

01 · INGEST

Capture

Bulk upload, drag & drop, API, watched mailbox or HR integration. OCR and de-duplication on the way in.

02 · CLASSIFY

Tag

Auto-tagging by document type, person, country and sensitivity. Policy attached the moment a file lands.

03 · PROTECT & SERVE

Encrypt

Encryption at rest with KMS, RBAC + MFA on access, immutable audit log on every read.

04 · RETAIN & DISPOSE

Comply

Per-jurisdiction retention clocks, legal hold, RTBF workflow and cryptographic deletion when the clock runs out.

Security Technology Stack

Identity · IAM

Keycloak

Active

OAuth2 / OIDC / SAML, RBAC, FIDO2 / WebAuthn MFA, PIV/CAC support, federated SSO.

Zero Trust · Network

Linkerd Service Mesh

Active

Automatic mTLS between every pod, certificate rotation via trust anchor, L7 observability.

API Gateway

Apache APISIX

Active

JWT validation, RBAC enforcement, rate limiting, request transformation at the edge.

Cryptography · FIPS

AWS-LC + OpenSSL FIPS

FIPS Mode

FIPS 140-2 / 140-3 validated modules; CMVP certificates; modules operate in declared FIPS mode.

Key Management

AWS KMS · SSM

Active

HSMs validated FIPS 140-2 L2/L3 (GovCloud); SecureString for secrets; KMS-backed envelope encryption.

Audit · Immutability

CloudTrail + S3 Object Lock

WORM

Tamper-evident trail of every API call; bucket retention in Compliance Mode; 1 yr online + 2 yr offline.

Platform Services

Lakehouse

Apache Hudi

ACID transactional storage with CoW and MoR tables; native upserts/deletes; Time Travel.

Event Backbone

Apache Kafka

Distributed streaming with RF=3 acks=all on critical topics; ISR monitoring; Schema Registry.

Microservices

Quarkus on Kubernetes

Java framework optimized for containers · ms startup, 70% less memory vs Spring Boot · per-service HPA.

Autoscaling

Karpenter

Just-in-time node provisioning, intelligent instance selection, consolidation and rightsizing.

FinOps

Kubecost

Granular cost allocation per namespace, team and service. Budget alerts; rightsizing recommendations.

Observability · MELT

OTel · Prometheus · Grafana · ELK

Metrics, Events, Logs, Traces. Golden signals from Linkerd auto-exported. Unified dashboards.

AWS GovCloud Native Services

GuardDuty

Threat detection · ML

Security Hub

CSPM · findings aggregation

AWS Config

Drift detection · conformance packs

Inspector

Vulnerability scanning ECR/EC2

Settings

Administrative configuration · platform integrations.

Users & Roles

RBAC enforced via Keycloak · 47 users · 5 roles

Compliance Officer3 users

Records Custodian12 users

Auditor (read-only)8 users

Records Submitter22 users

System Admin2 users

Integrations

Keycloak

Identity provider · OIDC

Connected

AWS KMS

FIPS 140-2 L2/L3 · GovCloud

Connected

AWS GovCloud

us-gov-west-1 · FedRAMP High

Connected

CloudTrail + S3 Object Lock

Immutable audit log · WORM

Connected

GuardDuty + Security Hub

Threat detection · continuous monitoring

Connected

Encryption

FIPS 140-2 modeEnabled

Cryptographic providerAWS-LC FIPS + OpenSSL FIPS

Encryption at restAES-256 · KMS-backed

Encryption in transitTLS 1.3 · mTLS internal (Linkerd)

Key rotationAnnual · automatic

Notifications

Right-to-be-forgotten requests

Audit findings

Retention policy expirations

Security alerts

Weekly summary email

Sign in to your vault

Dashboard

Recent Activity

Records by Country

All Records

Audit Log

Compliance

Active Retention Policies

Right-to-be-Forgotten Requests

Services & Technology Stack

Record Lifecycle — One Policy Plane

Security Technology Stack

Platform Services

AWS GovCloud Native Services

Settings

Users & Roles

Integrations

Encryption

Notifications

—

Deletion Policy

Add Record