Testing records are sensitive and regulated. Here is how Random Pool Manager secures your data, keeps it confidential, and makes your program defensible.
All traffic is served over HTTPS/TLS. Passwords are stored only as one-way bcrypt hashes.
Every database query is scoped to your workspace, so one account can never see another’s data.
Owner / admin / staff / viewer roles control who can see and change what inside your workspace.
Optional MFA (TOTP) adds a second factor to protect account access.
Draws, results, notifications, and record changes are logged with who and when — tamper-evident by design.
Data is backed up on a regular schedule with encrypted, off-site copies for disaster recovery.
Test information is access-controlled and released only to authorized parties, consistent with the Part 40 confidentiality rule.
Keep records for the retention periods your DOT mode requires; your data stays retrievable on request.
Customer Data is yours to export at any time; if you close your account it is retained at least 30 days first.
Because each draw stores its method and pool snapshot, a selection can be reconstructed and defended in an audit.
Random Pool Manager secures the platform and gives you the tools and records to run a compliant program — but you, as the employer or service agent, remain responsible for compliance with the DOT rules that apply to your operation: controlling access within your workspace, disclosing results only to authorized parties, and meeting your retention obligations.
Disclaimer: Random Pool Manager is an independent compliance tool, not affiliated with or endorsed by the U.S. DOT or any federal agency, and does not replace professional judgment. See our privacy policy and terms.
Secure, isolated, audit-logged — with reproducible draws and records that hold up under review.
See Random Pool Manager