Legitimate questions deserve verifiable answers.
A purpose-built interface for law-enforcement queries about licensed operators, backed by the same audit trail operators rely on. The identity foundation is shipped; agency workflows are coming next.
Why this matters
When licensed cannabis intersects with law enforcement — typically in transit, but also during investigations of unlicensed activity or response to incidents at licensed facilities — both sides benefit from clear, verifiable data. Operators can prove they're operating legitimately; law enforcement can identify illicit activity faster instead of treating every interaction with the industry as suspect.
The current default is paper documents, screenshots of state portals, and phone calls. A purpose-built surface — verified agencies, scoped queries, audit-logged everywhere — is straightforwardly better for everyone except bad actors.
What's live today
The agency identity foundation shipped 2026-05-13 and is in production. The same primitives that serve regulators serve law-enforcement agencies:
- Verified agency accounts. Law-enforcement agencies are onboarded as a top-level entity with verified email domains, jurisdictional scoping, and a status lifecycle. Verification happens out-of-band before any access is granted.
- Mandatory two-factor authentication. Every agency user enrols TOTP-based 2FA before reaching any platform surface. Enforced server-side; no opt-out.
- Magic-link member onboarding. Agency admins invite team members via magic links scoped to their verified email domains.
- Legal-basis-tracked audit trail. Every agency query is logged with its legal basis —
jurisdictional,grant, oremergency— plus the reference (which operator, which records request, which emergency event). Operators see exactly who queried what, when, and under what authority. - Agency self-service admin. Agency admins manage their own members, view their audit log, and update display settings without depending on Verdaxi support.
These primitives are the substrate the workflow capabilities above plug into. The hard part of trust-and-safety design — who's verified, how access is gated, how every action is recorded — is already solved.
Where we are
The shared identity layer is in production. Records-request portal, incident intake, panic-button emergency response, and investigation tooling are next, in roughly that order.
This is a module we're not in a hurry to ship half-considered. It requires careful design partnership with both regulators and law-enforcement agencies, plus a privacy posture that's defensible to operators, customers, and civil-liberties advocates alike. If you work in law enforcement and have a perspective on what would make this useful — or harmful — we'd like to hear from you.
What we're planning
Records request portal
File a request (subpoena, warrant, voluntary, or preservation), upload the legal document, and route it to the operator. Operator-side approval, denial, or scope negotiation produces a materialized export — scope-limited CSV/JSON, files, and a chain-of-custody manifest.
Incident intake
Operators report incidents from the compliance app; routing rules send them to the relevant law-enforcement jurisdictions. Status updates and disposition flow back to the operator with a complete timeline.
Emergency / panic response
Operator panic button (armed robbery, active threat, fire, medical, silent alarm test) alerts law enforcement with operator info, facility floorplan, the last 15 minutes of activity, and a live video hook where available. Emergency-tier access grants immediate 72-hour operational read for the duration of the event.
Investigation support
Case tooling with linked items (incidents, records-request bundles, notes), saved queries, and cross-operator search gated by approved records-request grants.
Privacy by design
Queries return the minimum information necessary. Customer data is never exposed; only operator-side compliance state. Every query is logged with its legal basis so operators see exactly who asked, when, and under what authority.
Want to talk to us about this?
We're actively gathering input from operators, regulators, and partners. Tell us what you'd want from this part of the platform.