Built for government data. Secure by default.
Urban intelligence only works if the data behind it is protected. Here is how we secure deployments, how we handle incidents, and how to reach us if you find something we should fix.

Six commitments that shape every deployment.
Defaults that apply from the first session to the last.
Strict deployment isolation
Every client has its own isolated deployment. No shared databases, no cross-client queries, no leakage surface between deployments. Ever.
Encryption by default
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Managed keys per deployment. No plaintext at rest, anywhere.
Least-privilege access
Role-based access controls with principle-of-least-privilege. Production access is audited. Internal access requires justification and is logged.
Signed exports
Every exported file (PDF, Word, PowerPoint, map export) goes through a short-lived, signed download link. No public URLs, no permanent share links by default.
Continuous monitoring
Infrastructure and application monitoring, anomaly detection, and 24/7 alerting. Incident response procedures tested quarterly.
Secure development
Code review on every change, automated security scanning, dependency auditing, and penetration testing at major releases.

Where we align, and where we are heading.
We publish an honest status of each framework. Aligned, on roadmap, or addressed per-engagement.
Found a vulnerability? Here is how to tell us.
We operate a coordinated-disclosure policy. No legal action against good-faith security researchers.
Report a vulnerability
Email security@silacities.com with a description and reproduction steps. We acknowledge within 24 hours and keep you updated until resolution. Do not publicly disclose before coordinated resolution.
Triage and resolution
We triage, validate and prioritise based on impact. Critical issues are patched in days. You get a timeline within one business day of acknowledgement.
Coordinated disclosure
Once patched, we agree a joint disclosure timeline. We credit the reporter unless you request anonymity. No legal action against good-faith security researchers.
In procurement? We’ll share more.
For formal procurement, audit or regulatory review we share our full security documentation. Architecture diagrams, security questionnaire responses, incident-response procedures, sub-processor list. Under NDA.
Contact security
Vulnerability disclosure, procurement, or audit review.