Data Sourced from Official State Registries
Rather than depending on intermediary data providers, Offenders.io sources data from official sex offender registries across all 50 US states, territories, and tribes. Our data pipeline ingests records from publicly available data published by each state's registry, ensuring every record reflects the latest official data — not stale snapshots from secondary databases.
- 50 states, territories, and tribes — authoritative public registry sources
- Real-time synchronization — not monthly or quarterly batch imports
- 70+ schema fields per state — the deepest state-level data coverage available
- Source-verified records — every record traceable to its official registry origin
Data Accuracy & Freshness
Data accuracy is non-negotiable for compliance-critical applications. Our Extensive Mode performs real-time lookups against state registries at query time, guaranteeing registry-current results for every API call. Standard mode uses continuously synchronized data with sub-200ms response times.
Standard ModeContinuously synced data, sub-200ms responses
Extensive ModeReal-time registry lookup at query time
Data Governance & Privacy
We treat data governance as a core product requirement, not an afterthought. All data handling follows strict policies designed for compliance-sensitive environments.
- Data retention — API query logs retained for 30 days, then automatically purged. Enterprise customers can request custom retention periods or zero-retention configurations
- PII handling — query inputs (names, addresses) are logged only for rate limiting and abuse prevention. No query data is sold or shared with third parties
- Data isolation — multi-tenant architecture with strict logical separation. No customer can access another customer's query history or usage data
- Right to deletion — customers can request deletion of all query logs and account data at any time
- Subprocessors — Cloudflare (edge compute, CDN, DDoS protection), Google Cloud Platform (infrastructure). Full subprocessor list available on request
Responsible Use & Legal
Sex offender registry data carries significant legal and ethical responsibilities. We require all API consumers to adhere to our acceptable use policy and applicable laws.
- FCRA notice — Offenders.io is not a Consumer Reporting Agency (CRA) as defined by the Fair Credit Reporting Act. Our data must not be used for employment screening, tenant screening, or any purpose governed by the FCRA without independent verification
- Permissible purposes — API access is restricted to lawful purposes including public safety applications, compliance monitoring, research, and community awareness
- Anti-discrimination — customers must not use registry data to discriminate in housing, employment, or services beyond what is required by law
- Redistribution — raw data redistribution or resale is prohibited without a separate data licensing agreement
Infrastructure & Reliability
Offenders.io runs on globally distributed edge infrastructure with built-in redundancy. Our architecture is designed for the uptime and performance requirements of enterprise compliance workflows.
- 99.9% uptime SLA — live status page with real-time and historical uptime data
- Sub-200ms average response time — verified on public status dashboard
- Global edge network — deployed across 300+ Cloudflare edge locations worldwide
- Automatic failover — no single point of failure, multi-region redundancy
- Encryption at rest — all stored data encrypted using AES-256
- Backup & disaster recovery — automated daily backups with geographic redundancy. RPO < 24 hours, RTO < 4 hours
Security
Security is built into every layer of our stack — from network edge to application logic to data storage.
- TLS 1.3 encryption — all API traffic encrypted in transit, HSTS enforced
- API key authentication — unique keys with per-key usage tracking and rate limiting
- IP allowlisting — available for enterprise customers to restrict API access to known IPs
- DDoS protection — enterprise-grade edge security via Cloudflare
- Dependency scanning — automated vulnerability scanning on all dependencies
- Secure development — code review required for all changes, automated testing in CI/CD pipeline
Incident Response
We maintain a documented incident response process to ensure rapid detection, containment, and communication for any security or availability event.
- Detection — automated monitoring with alerting on anomalies, error rate spikes, and unauthorized access attempts
- Notification timeline — affected customers notified within 72 hours of confirmed data breach, within 24 hours for critical incidents
- Security contact — report vulnerabilities to security@offenders.io
- Post-incident review — root cause analysis and remediation published for all significant incidents
- Status page — real-time incident updates at status.offenders.io
Compliance Alignment
Our security controls are aligned with industry-standard frameworks to support customers' own compliance requirements.
- SOC 2 trust service criteria — our controls are designed in alignment with SOC 2 Type II trust service criteria for security, availability, and confidentiality
- CCPA / CPRA — we support California Consumer Privacy Act obligations including data access, deletion, and opt-out requests
- Data Processing Agreement — standard DPA available for enterprise customers on request
Status & Transparency
We believe in radical transparency about our operational performance. All uptime and response time data is publicly available.
- Public status page — status.offenders.io with real-time monitoring
- Historical uptime — 30-day uptime history publicly visible
- Response time tracking — P50 latency metrics published continuously
- Incident history — all past incidents documented with root cause and resolution
Enterprise Support
Enterprise customers receive dedicated support, custom SLAs, volume pricing, and priority access to new features. We work directly with compliance teams, security departments, and engineering organizations at scale.