HeadwayBuilt for public-agency procurement.
HeadwayForge starts from open, public transit data and adds your internal data only when you choose to. Here's how we handle data governance, access, encryption, and retention — in plain language your IT and procurement teams can review.
You decide what data the platform touches
Public-data-only mode default
By default, HeadwayForge runs entirely on open public sources: GTFS and GTFS-Realtime feeds from the MobilityData catalog, the Census/ACS, LEHD LODES jobs data, and the FTA National Transit Database. No internal agency data is required to start, so there is nothing sensitive to onboard for an initial analysis.
Agency-integration mode opt-in
When your team is ready, you can layer in agency-specific data — APC/ridership, fare, staffing, scheduling, and cost inputs — to sharpen the analysis. Integrations are opt-in and scoped to what each workflow needs; you stay in control of what is shared and when.
Data governance, access & encryption
Data governance
Every figure traces to a documented source and vintage (GTFS feed version, ACS year, NTD report year, validation results). Public data stays public; any agency data you add is isolated to your agency's workspace.
Access control
The public read experience is separated at the process level from the privileged operator surface. Administrative actions sit behind a dedicated admin service gated by a bearer token, with optional Cognito single sign-on (email/password or Google) and TOTP MFA.
Encryption
Data is encrypted in transit over HTTPS and at rest. Object storage uses server-side encryption (AES-256); any per-agency real-time feed credentials are encrypted in an application-level vault and are never returned in plaintext.
Hosting
HeadwayForge runs on AWS (US region) on managed, access-controlled infrastructure — PostgreSQL/PostGIS, object storage, and a CDN-fronted application tier — defined as infrastructure-as-code for repeatable, reviewable deployments.
Data retention
Cached feed artifacts and validation reports follow lifecycle policies and age out on a schedule; the canonical analysis tables are retained for trend and benchmarking work. Retention windows can be tailored for an agency deployment.
Exports & portability
Your outputs are yours: CSV, PDF, and GeoJSON exports, plus methodology notes that travel with the numbers — so analysis is portable into board packets, GIS, and grant applications without lock-in.
A low-risk path to value
Because the starting point is public data, you can evaluate HeadwayForge on your own agency before any integration or procurement commitment.
Start public
Open the dashboard and run an instant read on your agency from public GTFS, NTD, and Census data.
Review
Share the data-coverage and methodology pages with IT, security, and procurement.
Integrate (optional)
Add agency-specific data sources scoped to the workflows you want to sharpen.
- Public-data-only by default — nothing sensitive required to begin.
- Privileged operator surface isolated from the public read path.
- Encryption in transit and at rest; secrets never returned in plaintext.
- Transparent sourcing and exportable, portable outputs.
Have a specific security questionnaire, data-handling, or procurement requirement? We're glad to walk your team through the architecture and controls in detail.
Evaluate it on your own agency first.
No integration, no commitment — start from public data and see the analysis before you onboard anything.