CivicTally Technical Overview

CivicTally

Technical Overview

Architecture Overview

CivicTally is a serverless application built entirely on the Cloudflare platform. There are no traditional servers to manage, patch, or scale — the infrastructure runs at the edge across 300+ data centers worldwide.

┌─────────────┐ ┌──────────────────────┐ ┌─────────────────┐ │ Resident's │ │ Cloudflare Edge │ │ Admin / City │ │ Browser │─────▶│ │◀─────│ Dashboard │ │ (No App) │ │ Workers · Pages │ │ (Authenticated)│ └─────────────┘ │ KV Store · D1 (SQL) │ └─────────────────┘ └──────────────────────┘

Technology Stack

Layer	Technology	Purpose
Edge Compute	Cloudflare Workers	API logic runs at the edge — sub-50ms response times globally
Frontend	Static HTML/JS + Mapbox GL	Lightweight pages served from Cloudflare's CDN; interactive map
Primary Database	Cloudflare D1 (SQLite)	Stores votes, street data, storm history — replicated at edge
Fast Cache	Cloudflare KV	Real-time vote counts and map state with global low-latency reads
DNS & SSL	Cloudflare DNS + TLS	Automatic HTTPS, managed certificates, zero-config renewal
Deployment	Wrangler CLI / Git push	Deploys to 300+ edge locations in under 60 seconds

Security & Compliance

🔒 Built-In Protection

DDoS mitigation — automatic, always-on via Cloudflare's network
Web Application Firewall — blocks SQL injection, XSS, and OWASP top 10
TLS 1.3 — all traffic encrypted in transit
Bot management — prevents automated vote manipulation
Rate limiting — per-IP throttling protects against abuse

🛡️ Compliance & Certifications

SOC 2 Type II — Cloudflare platform certified
ISO 27001 — information security management
GDPR compliant — data processing controls
FedRAMP Moderate — Cloudflare authorized for U.S. government
No PII collected — see Privacy section below

Privacy & Anonymous Data

CivicTally collects zero personally identifiable information. No names, emails, phone numbers, or accounts are required. Residents never log in.

When a resident casts a vote, the only data stored is:

Street segment ID — which street was voted on
Vote value — plowed or not plowed
Timestamp — when the vote was cast
Hashed IP prefix — truncated, one-way hash used solely for duplicate vote prevention; not stored long-term and cannot be reversed to identify a user

No cookies, no tracking pixels, no analytics SDKs, no third-party data sharing. There is nothing to breach because there is no personal data to steal.

Scalability & Reliability

Zero scaling configuration required. Cloudflare Workers auto-scale from 0 to millions of requests with no cold starts, no provisioning, and no capacity planning.

📈 Performance at Scale

300+ edge locations — requests served from the nearest data center
Sub-50ms response times — globally, even under heavy storm traffic
No cold starts — Workers are always warm and ready
Handles traffic spikes — storm events cause bursty traffic; Cloudflare absorbs it automatically

🔄 Reliability

99.99% uptime SLA — Cloudflare's enterprise platform guarantee
No single point of failure — distributed across global network
Automatic failover — if one data center goes down, traffic reroutes instantly
Zero maintenance windows — no downtime for updates or deployments

Deployment & Multi-City Support

Each city gets its own isolated instance with a custom subdomain (e.g., eastprovidence.civictally.com). New cities are onboarded in hours, not weeks:

Street data import — GIS shapefiles or OpenStreetMap data converted automatically
Admin credentials — secure, city-specific login for storm management
Custom branding — city name, logo placement, and URL
Independent data — each city's data is fully isolated; no cross-contamination