Skip to main content
Sign in MENU

Loci Technical Overview

  • Updated

Technical Overview

Summary

This article provides an overview of how Loci is designed, hosted and secured, specifically for council IT teams. It addresses the most common questions from Heads of IT, explains how Loci operates with no configuration or infrastructure impact on the council, and outlines our approach to security, access control and data handling.

At the bottom of this article, you can download the full technical documents referenced here.

1. Introduction

Loci partners with councils to offer residents a unified and trusted place to access services such as waste collections, local updates and key council information. The platform is designed so councils do not need to deploy new infrastructure, run technical projects or support Loci operationally.

Loci is built around three core technical priorities:

  • Security and trust
  • Low operational impact for council IT
  • Scalability and resilience across authorities

These principles are explained in more detail within our technical design documentation.

2. No integration or infrastructure required

For a standard Loci deployment, councils do not need to:

  • Provide APIs
  • Host or replicate data
  • Configure internal firewalls
  • Install plugins or extensions
  • Support identity or authentication systems
  • Provision servers or cloud capacity

Loci retrieves public service information using secure methods such as:

  • Direct HTTPS calls
  • HTML parsing
  • Web crawling using headless browsers

This allows Loci to maintain a normalised, up-to-date copy of council service information without accessing internal systems or generating load. Scraping is intentionally low-frequency and uses exponential backoff with jitter to avoid traffic spikes.

3. A secure and trusted platform

Loci is hosted on modern, resilient UK cloud infrastructure across multiple AWS Availability Zones, and follows best practice for security, isolation and reliability.

3.1 Encryption and data storage

  • All data encrypted at rest (AES-256) and in transit (TLS)
  • All infrastructure hosted exclusively in UK-based AWS regions
  • Private VPC networking isolates internal services from the public internet

3.2 Zero-trust architecture

  • Machine-to-machine authentication for all distributed services
  • Least-privilege access enforcement
  • Strict egress and ingress controls at the network boundary

3.3 Access control

The Loci client and API endpoints use a combination of:

  • Role-based access control (RBAC)
  • Action-based access control (ABAC)
  • Relationship-based access control (ReBAC)

3.4 User rights and deletion

Users can permanently delete their account and all associated activity history. Only anonymised analytical data may be retained for platform-wide service improvements.

4. Minimal demand on IT teams

IT teams often ask what is required to deploy Loci. In standard cases, the answer is: almost nothing.

A typical onboarding requires:

  • No development
  • No procurement process
  • No authentication setup
  • No internal project team
  • No integration work

Loci operates independently, presenting council information through Loci’s own systems. Council infrastructure remains untouched, significantly reducing the burden on IT departments.

5. Optional data integration for enhanced accuracy

Some councils choose to provide real-time data feeds—most commonly for waste collections—to remove reliance on scraping and ensure maximum accuracy.

Loci supports secure ingestion via:

  • SFTP into AWS S3
  • HTTPS pushes or webhooks
  • Event streaming
  • Read-only database connectivity

These integrations are optional and not required for launch. They are particularly valuable for high-demand services such as bin collections, where real-time updates improve accuracy and reduce resident contact.

For more detail, see our article on integrating waste schedules.

6. Data handling and GDPR compliance

Loci is fully aligned with UK GDPR and designed to minimise data exposure.

  • Only structured operational data is requested
  • No personally identifiable information (PII) is processed
  • Councils retain full ownership of all data provided
  • No third-party sharing occurs without explicit consent

7. Typical questions from IT teams

Does Loci need access to internal systems?
No. All information is retrieved from public sources unless the council intentionally provides a secure feed.

Will scraping place load on our website?
No. Scraping is low-frequency, controlled and uses exponential backoff to avoid pressure on systems.

Where is Loci hosted?
Within UK-only AWS Availability Zones using a private VPC.

How do users authenticate?
Via passwordless authentication through Stytch. Loci does not store passwords.

Does this create work for our IT team?
Minimal to none for standard onboarding. Optional data integrations are fully supported by Loci.

What are the benefits for the council?
Lower contact volumes, improved resident satisfaction, better visibility of service usage and enhanced digital inclusion.

8. Downloads

The following documents are available at the bottom of this article:

  • Loci Technical Design Overview for Council IT Teams (PDF)
  • Loci FAQs for IT Teams (PDF)

9. Further support

If your IT team would like a short briefing session or a technical walkthrough, please contact hello@lociapp.co.uk. We are happy to arrange a session tailored to your council.

Related to

Was this article helpful?
0 out of 0 found this helpful
Return to top