IT & Security Onboarding

A reference for municipal and county IT departments evaluating Motrix Cloud for a fleet or paratransit maintenance shop. Everything below is verifiable against the live application at app.motrix.io.

For IT reviewers

Motrix Cloud is a zero-install, browser-based SaaS platform. There is nothing to package, no agent to install, and no inbound firewall change required. This page is written to answer a standard vendor security review upfront — if your office uses a security questionnaire or vendor-onboarding form, we will complete it. Contact sales@motrix.io.

1. Architecture & Deployment

2. Network Surface (for whitelisting)

Motrix communicates outbound only over HTTPS. No inbound ports, VPN tunnels, or firewall rule changes are required. Whitelist the following endpoints:

Endpoint Purpose Direction / Port
*.motrix.io Primary application Outbound 443
*.motrix.cloud Data services Outbound 443
*.mapbox.com / *.maptiler.com GIS & mapping Outbound 443
*.amazonaws.com Storage & hosting Outbound 443
notifications@motrix.io Email sender to whitelist (authenticated SPF/DKIM) Inbound email
Ports

Port 443 (HTTPS) only. Port 80 redirects to 443. No other ports are used.

3. Security & Data Handling

For a deeper security overview, including infrastructure hardening and independent assessment, see the Security Overview.

4. Browser & Device Support

Mobile Device Management (Jamf / Intune)

There is no native app to package. Because Motrix is a Progressive Web App, push a Web Clip or home-screen shortcut to https://app.motrix.io. No MDM app deployment or app-store review is required.

5. Audit Readiness

DVIR inspections in Motrix are photo-verified, geotagged, timestamped, and immutable once filed — they cannot be edited or deleted after submission. This produces a defensible record suitable for FTA triennial reviews, and the export format supports FDOT audit requirements.

6. Handling Rider PHI (if applicable)

If the deployment stores rider names or addresses, that information is protected health information (PHI) under HIPAA. Motrix supports two models — ask us which fits your review:

The BAA

Most fleet vendors will not sign a Business Associate Agreement. On the HIPAA tier, Motrix does. HIPAA compliance is a shared responsibility — there is no such thing as HIPAA "certification"; we implement the Security Rule's technical safeguards, sign a BAA, and complete a Security Risk Assessment on the deployment. We can walk your compliance officer through exactly what we implement.

7. Verification & Next Step

Whatever next step is most efficient for your team:

Confirm the above is sufficient to proceed, send us your security questionnaire, or book a short technical call — email sales@motrix.io. If additional documentation is required from our side, tell us what is needed; we would rather provide complete information upfront than cause delays.