Where compliance starts.

Compliance hours begin in the beneficiary's hand. CivicPath captures GPS-verified check-in at a registered worksite and sends adaptive-cadence heartbeats throughout the volunteer session. The reporting frequency tightens as the beneficiary approaches the geofence boundary. Each heartbeat consumes a server-issued, single-use cryptographic token. A replayed packet is structurally rejected.

Production builds gate session issuance on iOS App Attest and Android Play Integrity. The mobile app cannot mint a session without proving the device is a genuine, unmodified iOS or Android device. Mock-GPS attempts and impossible-accuracy signals raise anomaly flags for downstream review. The integrity narrative starts at the device and ends at the audit ledger.

CivicPath ships in 15 languages from launch: English, Spanish, Vietnamese, Haitian Creole, Arabic, Chinese, Portuguese, Hindi, Korean, Tagalog, Russian, French, Urdu, Persian, and Japanese. Three of those languages render right-to-left, meaning the entire interface flips horizontally so menu drawers, navigation, and form fields appear in the natural reading direction. The right-to-left languages are Arabic, Urdu, and Persian.

Every translation file carries 865 or more keys at parity with the English source. A test suite enforces parity on every build. A screen cannot ship in any language unless every visible string in that language is present and correctly rendered. Onboarding, dashboards, exemption forms, in-app guidance, and statutory notice content all live inside this 15-locale envelope from day one.

The beneficiary sees their compliance status in real time. Every check-in updates the dashboard. Every cure-period state advances on screen. Every notice arrives with a timestamped delivery receipt that survives the audit trail. The beneficiary can read who accessed which media asset, when, and with what role, directly from the mobile app.

When connectivity drops, the app does not. CivicPath ships with a three-layer offline system. A response cache keeps the recent dashboard available without the network. A write-ahead mutation queue captures hour logs and exemption submissions when the beneficiary is offline. A sync replay flushes everything to the platform with full fidelity when service returns. Compliance-critical screens carry a non-dismissible banner when the data on screen is older than the cache window.

Beneficiary data is encrypted at rest in three independent layers. The device keychain holds session credentials. A full-disk encrypted store holds cached records using AES-256-CBC with HMAC-SHA256 integrity verification. Media uploads are encrypted in 1-megabyte chunks before they leave the device. The encryption keys are device-only. They never leave the phone, and they are destroyed when the beneficiary signs out.

Screen-capture and app-switcher previews are blocked on every screen that displays protected health information. Push notifications carry generic content for sensitive event types so a lock-screen reader cannot see a denied exemption. The app collects no behavioral analytics. There is no third-party analytics vendor. No Firebase. No Amplitude. No Segment. A first-launch consent gate captures the beneficiary's acceptance of the privacy policy and terms of service, timestamped to the device keychain and re-prompted on policy amendments.

Every submission from CivicPath is structured. Every hour entry carries activity type, employer or organization, GPS provenance, and timestamp. Every exemption request lands in a typed enum (medical, pregnancy, domestic violence, hospitalization, and the other statutory categories). Every status-change report (pregnancy, disability onset, treatment enrollment) automatically triggers the appropriate cross-program exclusion record on the platform side after staff review.

The data flowing into state agencies and Managed Care Organizations is therefore not a mountain of free-form text to triage. It is type-checked, schema-validated, attestation-tagged, and audit-instrumented at the moment of submission. Helpline volume drops. Transcription errors disappear. Every byte of compliance evidence carries a documented chain of custody from the beneficiary's tap to the state's audit ledger. See /safeguards for the protections enforced on top of that data, and /platform for the architectural guarantees that hold the audit chain together.