Is StreetReady AI compliant with Colorado HB26-1210?

Yes. StreetReady's AI assistant is designed as a human-centric navigation tool — it surfaces information and answers questions, but every scheduling decision remains with your supervisors and administrators. This puts it firmly outside the high-risk AI category under Colorado HB26-1210. There are no automated employment decisions, no adverse-action algorithms, and no black-box outputs. Agency staff remain in full control at all times.

How does drag-and-drop scheduling work in StreetReady?

StreetReady's drag-and-drop roster editor lets supervisors move personnel between shifts, zones, and dates with a single gesture — no forms, no phone calls, no back-and-forth. The system validates coverage requirements and flags conflicts in real time, so you can see the impact of every change before it's saved. Day trades, leave requests, and call-sign assignments are all handled from the same interface, keeping scheduling a pure logistics exercise with no payroll or wage processing involved.

How does StreetReady meet CJIS 6.0 security requirements?

StreetReady is built around the CJIS Security Policy 6.0 framework. All data is encrypted at rest using FIPS 140-3 validated AES-256 encryption and in transit over TLS 1.3. Every login requires multi-factor authentication via a TOTP authenticator app, satisfying CJIS advanced authentication requirements. Role-based access control ensures personnel can only access records their clearance level permits, and a full audit trail records every change for compliance review.

How does StreetReady detect understaffed or overstaffed shifts automatically?

StreetReady's Staffing Alert Engine lets administrators set LOW and SURPLUS thresholds per shift. Every time the roster is saved, the system compares current scheduled headcount against those thresholds. If a shift crosses a LOW threshold (understaffed) or SURPLUS threshold (overstaffed), every supervisor receives a branded email alert within seconds via our Resend-backed notification service. Inline red and amber badges also appear in the schedule grid so supervisors see alerts on-screen in real time — no more end-of-week surprises or manual headcount checks.

What is an overtime board and how does it work in StreetReady?

StreetReady's Overtime Board turns a staffing shortage into an instant workflow. When a shift goes LOW, supervisors post an open overtime slot directly from the same screen — specifying the date, shift, number of officers needed, and any notes. Eligible deputies see open slots, sign up with one click, and supervisors approve or deny each signup. Every step triggers an email: supervisors are notified when deputies sign up, deputies are notified when approved or denied. Approvals immediately update the live roster. Every action is logged in the immutable audit trail.

Can StreetReady be used for fire departments, EMS, and non-sheriff agencies?

Yes. StreetReady's Adaptable Org Terminology feature lets admins rename every role label to match their agency. "Deputy" becomes "officer", "agent", "responder", "technician", or anything else you choose. You customize ranks, shift names, supervisor titles, and badge labels. The same product serves sheriff's offices, police departments, fire departments, EMS agencies, public works, parole and probation offices, emergency management, and code enforcement — one platform across every public-safety vertical, and it's equally at home in private-sector shift operations like hospital systems, private security, manufacturing, and utility crews.

Does StreetReady support passkeys and FIDO2 / WebAuthn?

Yes. StreetReady supports passkey authentication via FIDO2 / WebAuthn as a first-class alternative to TOTP multi-factor authentication. Users can sign in with Touch ID, Face ID, Windows Hello, or a hardware security key like YubiKey. Passkeys are phishing-resistant, hardware-backed, and the strongest form of authentication available — they satisfy CJIS Security Policy 6.0 advanced authentication requirements without relying on passwords, SMS codes, or authenticator apps. Agencies with strict security postures (and those moving toward passwordless) should strongly prefer passkeys.

Who makes StreetReady and where is Woolf Systems based?

StreetReady is built by Woolf Systems LLC, an American software company founded in 2026. We specialize in roster management and workforce scheduling software for government agencies and shift-based operations. We are not affiliated with any government agency, but our product is purpose-built around the compliance and operational requirements government customers face. Our team communicates in English and Spanish and supports customers across the United States. Contact and security disclosure information is available at https://streetreadyapp.com/#contact.

Last updated: May 27, 2026

Security Policy

Responsible disclosure guidance and security contact information for StreetReady by Woolf Systems.

Responsible disclosure

Woolf Systems welcomes good-faith reports about security issues affecting streetreadyapp.com or the StreetReady application. Please report suspected vulnerabilities to security@woolf-systems.com.

In scope

The public marketing website, public trust files, contact form behavior, authentication surfaces for the StreetReady application, and issues that could expose customer or company data are in scope for responsible disclosure.

Out of scope

Please do not perform denial-of-service testing, social engineering, phishing, physical attacks, spam, automated destructive testing, or attempts to access customer data. Reports that rely only on missing optional headers without a practical exploit may be lower priority.

How to report

Include the affected URL, a concise description, reproduction steps, screenshots or request samples when safe, and your contact information. Do not include sensitive data from other users or agencies in the report.

What to expect

We aim to acknowledge security reports within two business days and provide a status update after initial triage. We ask researchers to allow up to 90 days for coordinated remediation before public disclosure unless we agree to another timeline.

Security posture

StreetReady is designed around CJIS 6.0-aligned controls, FIPS 140-3 encryption expectations, TLS 1.3 in transit, multi-factor authentication, role-based access control, and immutable audit trails. Public website security information is also published at /.well-known/security.txt.

Contact Woolf Systems