IT & Security Onboarding
A reference for municipal and county IT departments evaluating Motrix Cloud for a fleet or paratransit maintenance shop. Everything below is verifiable against the live application at app.motrix.io.
Motrix Cloud is a zero-install, browser-based SaaS platform. There is nothing to package, no agent to install, and no inbound firewall change required. This page is written to answer a standard vendor security review upfront — if your office uses a security questionnaire or vendor-onboarding form, we will complete it. Contact sales@motrix.io.
1. Architecture & Deployment
- SaaS, zero-install Progressive Web App (PWA). No agent, daemon, or executable runs on county workstations.
- No specialized hardware. Existing smartphones and tablets serve as inspection devices through the browser-based PWA.
- No local server footprint. A standard modern web browser is the only requirement.
- Hosting: US-region Amazon Web Services (us-east-1). The data plane does not leave the continental United States.
2. Network Surface (for whitelisting)
Motrix communicates outbound only over HTTPS. No inbound ports, VPN tunnels, or firewall rule changes are required. Whitelist the following endpoints:
| Endpoint | Purpose | Direction / Port |
|---|---|---|
*.motrix.io |
Primary application | Outbound 443 |
*.motrix.cloud |
Data services | Outbound 443 |
*.mapbox.com / *.maptiler.com |
GIS & mapping | Outbound 443 |
*.amazonaws.com |
Storage & hosting | Outbound 443 |
notifications@motrix.io |
Email sender to whitelist (authenticated SPF/DKIM) | Inbound email |
Port 443 (HTTPS) only. Port 80 redirects to 443. No other ports are used.
3. Security & Data Handling
- Encryption: TLS 1.3 in transit; AES-256 at rest.
- Access control: Role-based (Admin, Shop Manager, Driver, and more), with per-user permission overrides.
- Isolation: Per-client logical database isolation.
- Backups: Multi-region automated snapshots on a 4-hour cadence.
- Data ownership: The county retains full ownership of all maintenance and inspection data, with export available at any time.
- No trackers: No advertising or third-party analytics trackers run on inspection workflows.
For a deeper security overview, including infrastructure hardening and independent assessment, see the Security Overview.
4. Browser & Device Support
- Primary: Google Chrome (latest 3 versions).
- Also supported: Microsoft Edge, Apple Safari.
- Legacy Internet Explorer: not supported.
There is no native app to package. Because Motrix is a Progressive Web App, push a Web Clip or home-screen shortcut to https://app.motrix.io. No MDM app deployment or app-store review is required.
5. Audit Readiness
DVIR inspections in Motrix are photo-verified, geotagged, timestamped, and immutable once filed — they cannot be edited or deleted after submission. This produces a defensible record suitable for FTA triennial reviews, and the export format supports FDOT audit requirements.
6. Handling Rider PHI (if applicable)
If the deployment stores rider names or addresses, that information is protected health information (PHI) under HIPAA. Motrix supports two models — ask us which fits your review:
- HIPAA tier — a dedicated, single-tenant AWS instance under a signed Business Associate Agreement (BAA), with mandatory two-factor authentication and a 6-year, append-only access audit log that records who viewed, changed, or exported each rider record.
- Client Code mode — the agency stores no rider identities in Motrix at all, only opaque codes (for example
C-0001), keeping the name↔code crosswalk on its own systems.
Most fleet vendors will not sign a Business Associate Agreement. On the HIPAA tier, Motrix does. HIPAA compliance is a shared responsibility — there is no such thing as HIPAA "certification"; we implement the Security Rule's technical safeguards, sign a BAA, and complete a Security Risk Assessment on the deployment. We can walk your compliance officer through exactly what we implement.
7. Verification & Next Step
Whatever next step is most efficient for your team:
- The live production environment is accessible from any modern browser at app.motrix.io — inspect it directly.
- We will complete any standard security questionnaire or vendor-onboarding form your office uses — send it over and we will turn it around promptly.
- Prefer a call? We will answer technical questions directly.
Confirm the above is sufficient to proceed, send us your security questionnaire, or book a short technical call — email sales@motrix.io. If additional documentation is required from our side, tell us what is needed; we would rather provide complete information upfront than cause delays.