Security & data residency

Evidence stays local

SAMM is desktop-first. Evidence files (photos, videos, PDFs, annotations) live on your machine at $DOCUMENT/SAMM Cases/. Nothing about the contents of your evidence is uploaded to our servers.

What we store on Cloudflare

• Your account: agency, email, role, last-login.
• Case metadata: case name, case number, evidence count, last-modified.
• Active sessions: device label, OS, IP, timestamps.
• Feedback you submit (with optional screenshot you choose to attach).
• Update manifests + signed installer artifacts.

Authentication

Invite-only signup with an agency-issued code. Subsequent logins use a one-time 6-digit code mailed to your agency email — no passwords to leak. Sessions are issued as Ed25519-signed tokens that the desktop app verifies locally.

CJIS posture

Because evidence content never leaves your machine, the SAMM platform is designed to sit outside the CJIS evidence-handling boundary. We treat metadata as sensitive and apply encryption at rest, TLS in transit, and audit logging for security-significant actions. Talk to us about your agency's specific compliance requirements.