California Digital Disaster Recovery Center (DDRC)

This website provides technical documentation for the DDRC application from the California Department of Technology (CDT).

DDRC is a web application that enables free vital records replacement for survivors of the 2025 Los Angeles County fires and other recent natural disasters in California. It is open-source software that is designed, developed, and maintained by Compiler LLC on behalf of CDT.

Supported vital records requests

The DDRC app supports the following vital records requests:

Vital Record Type	Status	Launch
Birth Certificate	Live	08/2025
Marriage Certificate	In progress	TBD
Death Certificate	To do	TBD

Technical and security details

DDRC is a Django 5 web application. The application uses Login.gov’s Identity Assurance Level 2 (IAL2) via the California Identity Gateway to verify a person has an address in a disaster-affected zip code.

Running the application locally is possible with Docker and Docker Compose.

The application communicates with the California Identity Gateway via redirects, over the public internet. See all the system interconnections.

Infrastructure

The DDRC application is deployed to Microsoft Azure. Traffic is encrypted between the user and the application, as well as between the application and external systems.

The network is managed by CDT, who provide a firewall and distributed denial-of-service (DDoS) protection.

You can find more technical details on our infrastructure page.

Data storage

The DDRC application minimizes the information exchanged between systems. The following information is temporarily stored in a secure database:

• The user’s attestation and information required to submit a vital records request

Sensitive user information exists in the following places:

• To qualify for free vital records replacement, users need to provide personal information to Login.gov
• Users need to provide their attestation and vital record information to submit a vital records request

Learn more about the security/privacy practices of our integration partners:

• Login.gov
• CDT privacy policy

DDRC collects analytics on usage, without any identifying information. You can find more details on our analytics page.

Practices

Dependabot immediately notifies the team of vulnerabilities in application dependencies.

Upon doing new major integrations, features, or architectural changes, the DDRC team has a penetration test performed by a third party to ensure the security of the system.

All code changes are reviewed by at least one other member of the engineering team, which is enforced through branch protections.