_ _ _____ _
/ \ ___ __ _ (_)___|_ _|_ __ __ _ ___| | __
/ _ \ / _ \/ _` || / __| | | | '__/ _` |/ __| |/ /
/ ___ \ __/ (_| || \__ \ | | | | | (_| | (__| <
/_/ \_\___|\__, ||_|___/ |_| |_| \__,_|\___|_|\_\
|___/
AegisTrack is a modern, enterprise-grade Consent-Based Device Monitoring, Communication, and Multi-Device Management Platform. Engineered specifically to meet the security, transparency, and data governance demands of today's corporate environments, AegisTrack bridges the gap between active security oversight and individual data sovereignty. The platform serves as a complete command-and-control dashboard for administrators and operators while giving device owners full visibility over when, how, and by whom they are being tracked.
At its core, AegisTrack operates on a zero-trust consent lifecycle. Unlike traditional mobile device management (MDM) software or surveillance programs that execute silently in the background, AegisTrack enforces explicit consent tracking loops. Every device monitored under the platform must be registered through an active confirmation process initiated by the owner. The platform is ideal for corporate asset fleets, transport logistics, high-value courier services, field team coordination, and security-sensitive organizations seeking regulatory compliance under GDPR, CCPA, and regional privacy acts.
Organizations deploying device-monitoring solutions face a combination of technical, regulatory, and operational bottlenecks:
- Invasive Surveillance & Legal Liability: Traditional tracking solutions often operate without the explicit knowledge or continuous consent of the device user. This silent operation breaches modern regulatory frameworks such as GDPR (Article 6 - Lawfulness of processing) and CCPA, exposing corporations to severe litigation and compliance penalties.
- Brittle Consent Mechanisms: When consent is managed, it is typically treated as a static, one-time checkbox at setup. There is no active mechanism for users to temporarily suspend telemetry tracking, view active session tracking parameters, or revoke consent in real time without removing the MDM package or MDM profiles entirely.
- Operational Communication Silos: During field operations, tracking coordinates exist in isolation from text communication. Operators overseeing field assets must juggle separate applications to contact device owners, resulting in communication delays when coordinates breach warning boundaries or during emergency tracking states.
- Complex Multi-Device Topologies: Field agents and fleet operators often manage multiple distinct devices simultaneously (e.g., cell phones, logistics scanners, vehicle trackers). Mapping and tracking these complex device-to-user relationships securely under unified identity registries without heavy directory synching is a persistent system design challenge.
AegisTrack addresses these industrial bottlenecks by establishing an integrated, multi-portal application designed around a transparent Consent Enrollment Gateway:
- Consent-First Telemetry: Tracking coordinates cannot be received by the backend ingestion engine unless an active, cryptographically verified consent flag is associated with the device.
- Separation of Concerns: Four distinct, customized user interfaces (Landing Page, Unified Auth Gateway, Operator Console, and Device Owner Portal) ensure that actors interact only with relevant, authorized views and datasets.
- Synchronized WebSockets: Real-time communication pipelines bind spatial coordinates, geofencing breaches, and interactive chats into a single event-driven UI, eliminating message latency.
- User Sovereignty Controls: The Device Owner Portal provides instant controls allowing users to pause, resume, or permanently revoke tracking, automatically destroying device-specific tracking tokens and secrets.
- Adaptive Theme System: Built-in dark/light mode toggle persisted to local storage, enabling users to customize their interface while maintaining consistent design tokens across all portals.
Operators generate secure, time-limited invitation links with token payloads. The device owner must review the parameters of the tracking request—including who is requesting it, the business purpose, and the tracking duration—and actively accept the conditions to register the device.
Leverages high-accuracy GPS geolocation APIs via active client watch streams. Telemetry is formatted, authenticated using unique device API keys, and pushed in real time to the server for distribution to operator map interfaces.
Enables users to register and manage multiple devices (e.g., primary smartphones, secondary logistics tablets, fleet vehicle units) under a single owner account, controlling tracking states individually for each device.
Enforces strict server-side access control using cryptographically signed JSON Web Tokens (JWT). All REST APIs and WebSockets check permissions to segregate Operator actions from Owner controls. Origin-based CORS validation ensures that only authorized frontend domains can access the backend API.
Built-in dark/light mode toggle accessible from every portal. Theme preference is persisted to browser local storage and synchronized across all sessions. CSS custom properties (--bg, --text, --accent, etc.) adapt globally, providing WCAG-compliant contrast ratios in both modes.
A feature-rich command desk containing metric KPI panels, invite wizards, active tracking lists, real-time alerts, interactive Leaflet maps with custom canvas markers, and communication sidebars. Fully responsive with dark/light theme support.
A mobile-first, responsive control panel showing the current tracking status (Active, Paused, or Revoked), active coordinates, connected operator details, and instant pause/resume tracking triggers. Theme-aware UI adapts to user preference.
An integrated WebSockets chat tool. It features typing indicators, message histories, status badges, and browser-level notification overlays to keep field agents and command desks aligned.
Integrated context-aware natural language interfaces. The Owner AI resolves privacy and tracking policy questions, while the Operator AI provides quick telemetry status analysis and event summarization.
Allows operators to configure circular boundaries directly on map interfaces. The backend coordinates-matching engine tracks boundary crossings and triggers immediate alerts.
Enforces PBKDF2 password hashing, secure rate-limiting on endpoints, input validation, and symmetrical encryption (Fernet) for storing sensitive system logs in MongoDB Atlas. Origin-based CORS headers prevent unauthorized cross-origin requests.
AegisTrack utilizes an event-driven, decoupled client-server architecture designed for high availability and low latency.
graph TD
Client[Web Browser Frontend Vercel] -->|HTTPS/WSS| Backend[Flask API Server Render]
Backend -->|PyMongo| DB[(MongoDB Atlas Cloud)]
JFX[JavaFX Desktop Dashboard] -->|HTTP/WebSockets| Backend
graph TB
subgraph Frontend [Static HTML5/CSS3/Vanilla JS]
UI[User Interface Portals]
API_Cli[AegisAPI Wrapper]
WS_Cli[AegisWS Client]
end
subgraph Backend [Flask Kernel Server]
Auth[Auth Middleware]
Telemetry[Telemetry Ingestion]
Socket[WebSocket Sock Handler]
Crypto[Fernet Vault Cryptography]
end
UI --> API_Cli
API_Cli --> Auth
WS_Cli --> Socket
Auth --> Crypto
Crypto --> DB[(MongoDB Atlas)]
sequenceDiagram
participant Device as Owner Device Browser
participant Server as Flask API Server
participant DB as MongoDB Atlas
participant Op as Operator Portal
Device->>Server: POST /location (lat, lng, accuracy, api_key)
Server->>Server: Verify API Key & Active Consent
Server->>DB: Write Location Document
Server->>Op: Broadcast WebSocket: location_update (JSON Payload)
graph TD
Request[Incoming Request] --> Headers{Check JWT Headers}
Headers -->|Invalid| Redirect[Redirect to Login]
Headers -->|Valid| RBAC{Role Verification}
RBAC -->|Operator| OpRoutes[Load Operator Portal API]
RBAC -->|Owner| OwnRoutes[Load Device Owner API]
OpRoutes --> DB[Database Read/Write]
OwnRoutes --> DB
The AegisTrack platform leverages a modern, decoupled, and secure technology stack designed for performance, scalability, and ease of deployment.
+---------------------------------------------------------------------------------+
| Front-End Client |
| [Vanilla HTML5] + [Vanilla CSS3 (design-system.css)] + [ES6+ JS] |
| [Leaflet.js (Map Grid)] + [CartoDB Dark Tile layers] |
+---------------------------------------------------------------------------------+
|
| (HTTPS / Secure WebSockets)
v
+---------------------------------------------------------------------------------+
| Backend Engine |
| [Python Flask (API Gateway)] + [Flask-Sock (WebSockets)] |
| [Flask-JWT-Extended] + [Flask-Limiter (Rate Limit)] |
+---------------------------------------------------------------------------------+
|
| (PyMongo Connection Pool)
v
+---------------------------------------------------------------------------------+
| Database & Storage |
| [MongoDB Atlas] + [Fernet Symmetric Vault] |
+---------------------------------------------------------------------------------+
- Core Languages: Vanilla HTML5, Semantic Markup, CSS3, and Modern JavaScript (ES6+).
- Language Selection Rationale (JavaScript / ES6+): Chosen for native browser compatibility without heavy transpilation or client-side bundles, ensuring instant loads on mobile devices. Its event loop and asynchronous support (async/await) make it perfect for managing real-time tracking updates, WebSockets connection states, and dynamic leaflet canvas updates.
- Mapping Engine: Leaflet.js for interactive, lightweight canvas-based map rendering, utilizing custom map markers and vector layers.
- Map Tile Provider: CartoDB Dark Matter tile set for a premium, dark-mode visual interface.
- WebSocket Integration: Native Browser WebSockets API (
AegisWS) with custom reconnect handling and message queuing. - Layout & Responsiveness: Vanilla CSS Grid & Flexbox, built with a mobile-first design system utilizing CSS custom properties for both dark and light themes.
- Theme System: Centralized dark/light mode using
:root[data-theme="light"]and:root[data-theme="dark"]CSS selectors. Runtime theme toggle persisted vialocalStorageand exposed viawindow.AegisThemeAPI. - Environment Configuration: Backend URL resolved at runtime from
.envvariables, supporting separate development and production endpoints. Automatic fallback tohttp://localhost:5000for local development. - Hosting: Vercel for fast, static edge distribution.
- API Framework: Python Flask as the lightweight API Gateway and controller manager.
- Language Selection Rationale (Python): Selected for its rapid development, high readability, and rich ecosystem of security and cryptography modules. Python simplifies PyMongo connectivity, secure rate-limiting, and Fernet log encryption, keeping the backend codebase lightweight, secure, and easy to audit for security regulations.
- WSGI Server: Gunicorn for production-grade concurrency handling on Render.
- Real-time Engine: Flask-Sock for lightweight, standard-compliant WebSocket server connections.
- Security & Tokens: Flask-JWT-Extended for cryptographically signed access and refresh token management.
- Rate Limiting: Flask-Limiter to prevent brute-force attacks and abuse on sensitive auth and ingestion endpoints.
- CORS Management: Origin-based CORS validation using environment variables. Dynamically builds allowed origins from
FRONTEND_URL,DEV_FRONTEND_URL, and hardcoded localhost entries. Rejects requests from unauthorized origins with properAccess-Control-Allow-Originheaders.
- Database Engine: MongoDB Atlas for scalable document storage and high-throughput write performance of geolocation coordinates.
- Python Driver:
PyMongofor native, thread-safe database connection pooling. - Encryption Vault: Cryptography (Fernet) for AES-128 symmetric key encryption of audit logs and PII (Personally Identifiable Information).
- Framework: JavaFX 17+ with OpenJFX for a cross-platform, hardware-accelerated desktop supervisor dashboard.
- Language Selection Rationale (Java): Java was selected for the tactical desktop dashboard to guarantee cross-platform compatibility across Windows, Linux, and macOS. JavaFX leverages hardware acceleration, which is critical for rendering concurrent real-time coordinate updates and multi-vehicle routing paths smoothly without CPU resource exhaustion.
- Build System: Maven for automated dependency and lifecycle management.
AegisTrack enforces distinct behavioral permissions, security contexts, and user interfaces based on roles:
- Permissions: Access to invite creation, geofence configuration, alerts database, and global device records.
- Responsibilities: Initiating consent-based enrollment requests, monitoring fleet positions, verifying geofences, and responding to owner notifications.
- Capabilities: Access to the Operator Console, Leaflet canvas mapping dashboard, AI operator assistant, and operational communication directory.
- Permissions: Access to registered device metadata, coordinate controls, and message channels.
- Responsibilities: Accepting enrollment terms, enabling client location services, and maintaining contact with active operators.
- Capabilities: Access to the Mobile Device Owner Portal, dynamic pause/resume/revoke toggles, personal tracking log viewer, and owner-facing chat system.
Permissions are verified using standard authorization matrices. Every HTTP request requires a cryptographically validated JWT session header containing the role claims.
| Module / Route | Operator | Device Owner | Unauthenticated |
|---|---|---|---|
Landing Page (/landing-page) |
View | View | View |
Auth Selector (/auth/login) |
View | View | View |
Operator Dashboard (/operator/*) |
Full Access | Denied (Redirect) | Denied (Redirect) |
Owner Dashboard (/owner/*) |
Denied (Redirect) | Full Access | Denied (Redirect) |
Telemetry Ingestion (/location) |
Denied (403) | API Key Access | Denied (401) |
System Settings (/operator/settings) |
Write API Config | Denied (Redirect) | Denied (Redirect) |
Authorization checks are implemented server-side via custom decorator patterns that intercept requests before executing route controllers:
from functools import wraps
from flask_jwt_extended import get_jwt, verify_jwt_in_request
from flask import jsonify
def role_required(required_role):
def decorator(fn):
@wraps(fn)
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt()
if claims.get("role") != required_role:
return jsonify({"error": "Unauthorized role access"}), 403
return fn(*args, **kwargs)
return wrapper
return decoratorClient-side redirection and verification are managed inside the auth.js runtime script, checking local storage sessions on window load to prevent unauthorized render routines.
A promotional and interface landing layout designed using interactive CSS transitions and flex layouts. It features operational flow explanations, SVG graphs, dynamic navigation elements, and portal shortcuts.
A unified authentication interface supporting separate credentials schemas for operators (username/password) and owners (email/password), generating cryptographically sealed JWT cookies and local state storage variables.
A step-by-step registration wizard that processes single-use token credentials, displaying tracking parameters to the device owner and verifying user agreement before activating telemetry.
A unified command desktop application housing map layouts, request tracking tables, geofencing perimeters, real-time message rooms, audit logs, and settings parameters.
A mobile-first portal designed for high visibility under sunlight. It contains telemetry charts, dynamic consent toggles, chat interfaces, and registered device details.
An interactive mapping interface built with Leaflet.js and CartoDB Dark tile sets, drawing coordinates historical tracks, dynamic search boxes, and high-accuracy telemetry paths.
An operational grid allowing operators to inspect, filter, and modify hardware descriptors (IMEI, device type, client system OS) and view active connection codes.
A client-server messaging system operating over WebSocket protocol wrappers (AegisWS), handling message rendering, typing events, offline fallbacks, and database persistence.
Natural language processing interface allowing operators to query fleet telemetry states and device owners to clarify privacy questions or tracking rules.
An interactive administrative module where operators can draw boundaries and manage alerts triggered by coordinates exiting or entering defined regions.
A backend logging framework that records administrative changes, coordinate entries, security failures, and tracking state updates, storing entries in MongoDB.
The client application is built using vanilla HTML5, CSS3, and modern Javascript, operating as a multi-portal static website designed to load fast.
frontend/
├── index.html # Master portal directory landing
├── vercel.json # Production Vercel setup config
├── assets/
│ ├── css/
│ │ ├── design-system.css # CSS custom properties and UI variables
│ │ ├── shared-nav.css # Collapsible sidebars and mobile bottom tabs
│ │ ├── auth.css # Auth forms layout styling
│ │ ├── landing.css # Landing animations and feature layout
│ │ ├── operator-portal.css# Operator maps and dashboards grid layout
│ │ └── owner-portal.css # Owner control buttons and mobile UI
│ └── js/
│ ├── auth.js # Login sessions and route guards
│ ├── api.js # HTTP request wrappers with JWT injection
│ ├── ws.js # WebSocket connection and event routers
│ ├── operator-portal.js # Operators dashboards logic controllers
│ └── owner-portal.js # Owners portals logic and tracking controllers
├── auth/
│ ├── login.html # Unified login hub
│ ├── operator-login.html # Operators auth entry
│ └── owner-login.html # Owners auth entry
├── operator/
│ ├── dashboard.html # Main operator dashboard view
│ ├── tracking-requests.html # Invitation tokens manager view
│ ├── live-monitor.html # Fleet tracking Leaflet map view
│ ├── communications.html # Operators chat client view
│ ├── owners.html # User directories list
│ ├── devices.html # Fleet hardware registries view
│ ├── geofences.html # Map geofencing configuration views
│ ├── ai-assistant.html # AI console view
│ └── settings.html # Operators configuration settings
├── owner/
│ ├── dashboard.html # Owners mobile console view
│ ├── live-tracking.html # Mobile map track display
│ ├── devices.html # Owners hardware list
│ ├── chat.html # Field operator chat view
│ ├── ai-assistant.html # Owners AI privacy help
│ ├── consent-management.html # Pause/Resume/Revoke dashboard
│ └── settings.html # Owners profile adjustments
└── enrollment/
├── device-registration.html # Consent capture screen
├── registration-success.html# Registration success splash
└── registration-expired.html# Expired/Invalid token error screen
Styles use custom properties to support light and dark modes:
- Global typography, borders, and animations are managed in
design-system.css. - Component layouts are scoped to their respective module stylesheets to avoid naming conflicts.
Javascript scripts are divided into shared library utilities and page-specific handlers:
auth.jsintercepts window loads to verify credentials.api.jswraps fetch calls to automatically append headers.ws.jsruns a persistent WebSocket loop with auto-reconnect logic.
Responsive design is implemented using mobile-first media queries:
@media (max-width: 768px) {
.sidebar-navigation {
display: none;
}
.mobile-tab-navigation {
display: flex;
position: fixed;
bottom: 0;
}
}The backend is built with Python Flask and event-driven extensions to support real-time data streaming and secure API routing.
backend/
├── app.py # Server initialization, routing, and database handlers
├── requirements.txt # Python package dependencies
└── Procfile # Production WSGI web runner configurations
- Flask API: Exposes CORS-enabled REST endpoints for UI actions, system configurations, and authentication checks.
- Services Layer: Manages business logic including invitation tokens, distance checks, and cryptographic tasks.
- Middleware: Handles rate limiting, header verification, and CORS controls.
- Authentication Layer: Uses
Flask-JWT-Extendedto manage tokens and secure route decorators. - WebSocket Layer: Uses
Flask-Sockto handle WebSocket traffic and message routing.
AegisTrack utilizes MongoDB to manage flexible, document-based schemas:
Stores user credentials and roles.
{
"_id": "ObjectId",
"username": "operator@aegistrack.com",
"password": "$pbkdf2-sha256$29000$...",
"role": "OPERATOR",
"created_at": "ISODate"
}Metadata logs for operator configurations.
{
"_id": "ObjectId",
"username": "operator@aegistrack.com",
"display_name": "Op Alpha",
"status": "Active"
}Metadata logs for registered device owners.
{
"_id": "ObjectId",
"email": "owner@aegistrack.com",
"display_name": "Jane Doe",
"linked_devices": ["DRONE_NODE_79"]
}Details on active tracking hardware and unique API keys.
{
"_id": "ObjectId",
"device_id": "DRONE_NODE_79",
"device_name": "Recon Drone Alpha",
"device_model": "DJI Mavic Pro 3",
"operating_system": "Android Embedded",
"api_key": "IefMMJvJBJ5QWv...",
"tracking_status": "TRACKING_ACTIVE",
"registered_at": "ISODate"
}Maintains tracking tokens generated by operators to request owner consent.
{
"_id": "ObjectId",
"token": "a6fd89e1-2538-4e1b-b7fb-...",
"owner_name": "Jane Doe",
"phone_number": "+919876543210",
"organization_name": "Orion Security Corp",
"tracking_purpose": "Valuable Cargo Transit",
"tracking_duration": "30 days",
"consent_expiry": "ISODate",
"status": "PENDING",
"created_at": "ISODate"
}Real-time chat log documents.
{
"_id": "ObjectId",
"device_id": "DRONE_NODE_79",
"text": "Entering zone 1.",
"role": "DEVICE_OWNER",
"timestamp": "ISODate"
}Threat notifications.
{
"_id": "ObjectId",
"device_id": "DRONE_NODE_79",
"alert_type": "GEOFENCE_BREACH",
"message": "Device exited perimeter.",
"status": "UNACKNOWLEDGED",
"timestamp": "ISODate"
}Chronological logs of consent updates and system changes.
{
"_id": "ObjectId",
"event": "CONSENT_REVOKED",
"performed_by": "owner@aegistrack.com",
"timestamp": "ISODate"
}Stores coordinate zones set by operators to monitor device movements.
{
"_id": "ObjectId",
"device_id": "DRONE_NODE_79",
"center_latitude": 12.9710,
"center_longitude": 77.5940,
"radius": 500.0,
"created_at": "ISODate"
}In-app dashboard notifications.
{
"_id": "ObjectId",
"recipient": "operator@aegistrack.com",
"message": "New registration complete.",
"read": false,
"timestamp": "ISODate"
}erDiagram
users ||--o| operators : "has metadata"
users ||--o| owners : "has metadata"
owners ||--o{ devices : "registers"
devices ||--o{ locations : "records telemetry"
devices ||--o| geofences : "monitored by"
devices ||--o{ alerts : "triggers"
devices ||--o{ messages : "associates chat"
tracking_requests ||--o| devices : "creates"
users->operators&owners: Authenticated credentials map 1-to-1 to metadata records in their respective profiles.owners->devices: A single device owner profile can manage multiple registered tracking devices.devices->locations,alerts, &messages: Devices generate a continuous stream of telemetry records, alert logs, and chat messages.
The device enrollment workflow ensures that telemetry tracking begins only after receiving user approval.
- Operator Request Creation: The operator logs in and fills out a tracking invitation form, defining the target owner name, purpose, duration, and tracking context.
- Token Generation: The server generates a unique tracking token and associated invitation URL.
- Invitation Delivery: The URL is sent to the target owner via email, SMS, or QR code.
- Consent Page: The owner opens the link to view the tracking parameters.
- Approval & Account Creation: The owner agrees to the terms and sets up their owner portal account.
- Device Setup: The owner names the device and submits hardware identifiers to activate the tracking credentials.
graph TD
Op[Operator portal] -->|Create request| Server[Backend API]
Server -->|Generate token| Token[Link with Token]
Token -->|Share link| Owner[Owner Mobile Device]
Owner -->|Open link & approve| Register[Account & Device Registration]
Register -->|Ingestion start| Stream[Live Coordinate Stream]
Consent states can be updated dynamically by the device owner at any time:
- PENDING: The invitation token is generated but not yet approved.
- GRANTED: The owner completes registration, activating location streaming.
- PAUSED: The owner temporarily pauses tracking from their portal.
- REVOKED: The owner permanently revokes consent, deleting active API keys.
- EXPIRED: The invitation token is not claimed within the configuration window.
stateDiagram-v2
[*] --> PENDING : Create Link
PENDING --> GRANTED : Owner Registers
GRANTED --> PAUSED : Owner Pauses
PAUSED --> GRANTED : Owner Resumes
GRANTED --> REVOKED : Owner Revokes
PAUSED --> REVOKED : Owner Revokes
PENDING --> EXPIRED : Timeout (7 mins)
REVOKED --> [*]
EXPIRED --> [*]
The registration flow walks new owners through account activation:
Owners receive a URL with the tracking token appended:
https://aegistrack.vercel.app/enrollment/device-registration.html?token=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d
The registration page loads the request details, displaying who is tracking, why, and for how long.
Invitation Details:
---------------------------------------
Organization: Orion Fleet Logistics
Purpose: Cargo Route Optimization
Duration: 14 Days
The owner fills out their profile details and sets a password:
Email: user@example.com
Password: [••••••••••••]
Display Name: Cargo Driver 1
The owner names their device to finalize registration. The backend then updates the token status to GRANTED and returns a tracking API key to the client.
Owners can register and manage multiple devices under a single account:
+-------------------------------------------------------+
| Device Owner Account |
+-------------------------------------------------------+
|
+--------------------+--------------------+
| | |
+-----------+ +-----------+ +-----------+
| Phone 1 | | Tablet 2 | | Tracker 3 |
+-----------+ +-----------+ +-----------+
- Device Mapping: New devices are registered using unique IMEI numbers or hardware UUIDs.
- Independent Controls: Each device has its own tracking token, allowing owners to manage consent states independently.
Authentication is handled via JSON Web Tokens (JWT):
- Access Tokens: Short-lived tokens (20-minute validity) included in the authorization headers of API requests.
- Refresh Tokens: Long-lived tokens (7-day validity) used to automatically request new access tokens when they expire.
- Logout: Clears token storage on the client side and invalidates the active session on the backend.
The authorization system checks roles before granting access to resources:
[HTTP Request] ---> [JWT Validation] ---> [Role verification decorator] ---> [Route execution]
|
+---> Mismatch ---> [403 Forbidden]
- Operator Routes: Routes under
/operator/*are restricted to users with theOPERATORrole. - Owner Routes: Routes under
/owner/*are restricted to users with theDEVICE_OWNERrole.
The tracking engine monitors device coordinates using browser and device APIs:
- Geolocation API: The client registers a watch script to receive coordinate updates:
navigator.geolocation.watchPosition(onSuccess, onError, { enableHighAccuracy: true, maximumAge: 0, timeout: 10000 });
- Coordinate Ingestion: Coordinates are packaged and sent to the server:
{ "device_id": "DRONE_NODE_79", "latitude": 12.971598, "longitude": 77.594562, "accuracy": 12.5, "api_key": "IefMMJvJBJ5..." } - Filtering: Coordinates with accuracy values above 50 meters are flagged for verification before being displayed.
The client application resolves coordinates using available device sensors:
- Hardware GPS: Retrieves high-accuracy coordinates when GPS signals are available.
- Wi-Fi Positioning (WPS): Uses nearby Wi-Fi network IDs and cell tower triangulation as a fallback.
- IP Geolocation: Fallback for devices without GPS or Wi-Fi sensors.
- Error Handling: Handles errors if permissions are denied or connections time out:
function onError(error) { switch(error.code) { case error.PERMISSION_DENIED: console.warn("Location access denied by user."); break; case error.TIMEOUT: console.warn("Location acquisition timed out."); break; } }
The system uses WebSockets to handle real-time messaging and events:
[Owner Client] <===> (WebSocket Server Connection Pool) <===> [Operator Client]
- WebSocket Handshake: Clients upgrade their HTTP connections to WebSocket connections upon dashboard load.
- Connection Lifecycle: The backend tracks active connections, allowing it to route messages to specific active sessions.
Operators can manage communication with active devices from a unified panel:
- Directory: Shows active tracking targets and their connection status.
- Conversations: Consolidates alerts, coordinate updates, and messages into device-specific chat threads.
The owner's messaging interface is optimized for mobile screens:
- In-App Alerts: Displays badges when new messages are received from active operators.
- Chat History: Messages are stored in MongoDB, allowing owners to view past conversations.
The platform integrates natural language processing models to assist both roles:
Helps owners answer privacy and tracking questions:
User: How is my location data secured?
AI: Location data is encrypted in transit using SSL/TLS and encrypted at rest in MongoDB using Fernet cryptography.
Provides summaries of tracking metrics:
Operator: Summarize the alert status for Recon Drone.
AI: Recon Drone Alpha has triggered 2 geofence breaches in the last 2 hours.
Operators can set circular geofences to monitor device locations:
+-------------------+
| Geofence Radius |
| [500m] |
| o |
+---------|---------+
|
v
- - - - - - - - - - - - - - - - -
/ | \
/ | \
| Device | |
| [Safe] o---------> [Device Breach Alert]
| |
\ /
\ /
- - - - - - - - - - - - - - - - -
- Distance Verification: The server calculates the distance between incoming coordinates and the geofence center using the Haversine formula.
- Alert Trigger: If the calculated distance exceeds the geofence radius, the server logs a breach event and sends notifications to active operators.
Alerts are categorized by priority and logged in MongoDB:
| Alert Type | Severity | Trigger Event | Action |
|---|---|---|---|
| GEOFENCE_BREACH | CRITICAL | Coordinates exit geofence boundary | Broadcasts alert to operator dashboard |
| TRACKING_OFFLINE | WARNING | No updates received for 5 minutes | Flags device status as offline |
| CONSENT_REVOKED | CRITICAL | Owner clicks "Revoke Consent" | Terminates tracking sessions and alerts operator |
Notifications are delivered across multiple channels:
- In-App Badges: Displays banners and alerts within active dashboards.
- System Notifications: Uses the browser's desktop notifications API for real-time alerts.
- Email Alerts: Sends email notifications to registered operators for critical events.
- Authentication: Enforces password hashing using PBKDF2 with SHA-256.
- Data Encryption: Encrypts sensitive data at rest using Fernet cryptography.
- Route Protection: Requires JWT validation and role verification for protected routes.
- Rate Limiting: Limits requests on auth and registration endpoints.
- CORS Settings: Restricts resource sharing to authorized production domains.
AegisTrack is built around user privacy:
- Explicit Consent: Requires explicit user approval before tracking can begin.
- Tracking Indicators: Displays visual indicators to owners when location services are active.
- Consent Revocation: Allows owners to revoke consent at any time, instantly deleting tracking credentials from the server.
Authenticates operators and issues session tokens.
- Headers:
Content-Type: application/json - Request:
{ "username": "operator@aegistrack.com", "password": "securepassword" } - Response (200 OK):
{ "access_token": "eyJhbGciOi...", "refresh_token": "eyJhbGciOi...", "role": "OPERATOR" }
Retrieves a list of devices. Requires an operator token.
- Headers:
Authorization: Bearer <JWT_TOKEN> - Response (200 OK):
{ "devices": [ { "device_id": "DRONE_NODE_79", "device_name": "Recon Drone Alpha", "tracking_status": "TRACKING_ACTIVE" } ] }
Generates a tracking invitation link.
- Headers:
Authorization: Bearer <JWT_TOKEN> - Request:
{ "owner_name": "Jane Doe", "phone_number": "+919876543210", "tracking_purpose": "Fleet Security", "tracking_duration": "30 days" } - Response (201 Created):
{ "token": "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d", "registrationUrl": "https://aegistrack.vercel.app/enrollment/device-registration.html?token=9b1deb4d-..." }
Sends a chat message to a device thread.
- Headers:
Authorization: Bearer <JWT_TOKEN> - Request:
{ "device_id": "DRONE_NODE_79", "text": "Approaching delivery point.", "role": "DEVICE_OWNER" } - Response (200 OK):
{ "status": "Message sent", "message_id": "62b7cfd5..." }
Sends a query to the AI assistant.
- Headers:
Authorization: Bearer <JWT_TOKEN> - Request:
{ "query": "Is device DRONE_NODE_79 inside its geofence?" } - Response (200 OK):
{ "response": "Yes, Recon Drone Alpha is currently within its 500m radius geofence." }
Configures a geofence boundary for a device.
- Headers:
Authorization: Bearer <JWT_TOKEN> - Request:
{ "latitude": 12.9710, "longitude": 77.5940, "radius": 500.0 } - Response (200 OK):
{ "status": "Geofence configured successfully" }
Retrieves a list of alerts. Requires an operator token.
- Headers:
Authorization: Bearer <JWT_TOKEN> - Response (200 OK):
{ "alerts": [ { "alert_id": "62b7e123...", "device_id": "DRONE_NODE_79", "alert_type": "GEOFENCE_BREACH", "timestamp": "2026-06-04T15:30:00Z" } ] }
frontend/
├── index.html # Entry point for portal selection
├── vercel.json # Frontend routing and header configs
├── serve.py # Local development static file server
├── assets/
│ ├── css/
│ │ ├── design-system.css # Core layout variables and animation keyframes
│ │ ├── shared-nav.css # Shared portal sidebar and top navigation styles
│ │ ├── auth.css # Forms and layout for login panels
│ │ ├── landing.css # Interactive landing page and feature blocks styles
│ │ ├── operator-portal.css# Map dashboards and grid styles
│ │ └── owner-portal.css # Mobile-first controls and user dashboards styles
│ └── js/
│ ├── auth.js # Handles authentication and tokens
│ ├── api.js # API request utility
│ ├── ws.js # WebSocket connection manager
│ ├── operator-portal.js # Operator interface logic
│ └── owner-portal.js # Owner interface logic
├── auth/
│ ├── login.html # Unified login router
│ ├── operator-login.html # Operator login page
│ └── owner-login.html # Owner login page
├── operator/
│ ├── dashboard.html # Operator console homepage
│ ├── tracking-requests.html # Invitation and token manager
│ ├── live-monitor.html # Dynamic Leaflet map tracking grid
│ ├── communications.html # Real-time WebSocket chat room
│ ├── owners.html # User list and verification status
│ ├── devices.html # Device list and access key records
│ ├── geofences.html # Geofence setup tool
│ ├── ai-assistant.html # AI console
│ └── settings.html # System parameters and limits
├── owner/
│ ├── dashboard.html # Owner dashboard interface
│ ├── live-tracking.html # Owner location track map
│ ├── devices.html # Registered device list
│ ├── chat.html # Owner chat console
│ ├── ai-assistant.html # AI privacy query panel
│ ├── consent-management.html # Active consent settings page
│ └── settings.html # Owner profile controls
└── enrollment/
├── device-registration.html # Invitation token registration portal
├── registration-success.html# Registration success page
└── registration-expired.html# Expired token error page
backend/
├── app.py # Server setup, API routing, and WebSocket connections
├── requirements.txt # Project dependencies
└── Procfile # Web service start command for Render
- Install Python 3.10+ and Git.
- Clone the repository and navigate to the backend folder:
git clone https://github.com/your-repo/AegisTrack.git cd AegisTrack/backend - Install the dependencies:
pip install -r requirements.txt
- Create a
.envfile in the backend directory based on the.env.examplefile. - Start the backend:
python app.py
- Install Git, Python 3.10+, and pip:
sudo apt update sudo apt install git python3 python3-pip python3-venv -y
- Clone the repository and navigate to the backend folder:
git clone https://github.com/your-repo/AegisTrack.git cd AegisTrack/backend - Create and activate a virtual environment:
python3 -m venv venv source venv/bin/activate - Install the dependencies:
pip install -r requirements.txt
- Configure the environment variables in a
.envfile. - Start the server:
python app.py
- Install Homebrew if it is not already installed:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" - Install Python:
brew install python
- Clone the repository and navigate to the backend folder:
git clone https://github.com/your-repo/AegisTrack.git cd AegisTrack/backend - Install the dependencies:
pip install -r requirements.txt
- Configure the environment variables.
- Start the server:
python app.py
Create a .env file in the backend/ directory to configure the application.
| Variable Name | Description |
|---|---|
MONGODB_URI |
MongoDB connection string (local or MongoDB Atlas) |
JWT_SECRET_KEY |
Unique 32-byte hex string for signing session tokens |
OPERATOR_USERNAME |
Default operator username (e.g., oriongd@aegistrack.com) |
OPERATOR_PASSWORD |
Default operator password |
FRONTEND_URL |
Production frontend URL (e.g., https://aegistrack-platform.vercel.app) |
BACKEND_URL |
Production backend URL (e.g., https://aegistrack-platform.onrender.com) |
DEV_FRONTEND_URL |
Development frontend URL (e.g., http://localhost:8000) |
DEV_BACKEND_URL |
Development backend URL (e.g., http://localhost:5000) |
GROQ_API_KEY |
Groq AI API key for the assistant feature (optional) |
Ensure MongoDB is running locally, or configure a connection string in the .env file for a MongoDB Atlas cluster. The example .env uses MongoDB Atlas with credentials already configured.
Ensure your .env file in the backend/ directory contains:
MONGODB_URI=mongodb://...
JWT_SECRET_KEY=...
OPERATOR_USERNAME=oriongd@aegistrack.com
OPERATOR_PASSWORD=OrionGD
DEV_FRONTEND_URL=http://localhost:8000
DEV_BACKEND_URL=http://localhost:5000
FRONTEND_URL=https://aegistrack-platform.vercel.app
BACKEND_URL=https://aegistrack-platform.onrender.com
GROQ_API_KEY=...Navigate to the backend directory and run the Flask server:
cd backend
python app.pyThe backend will automatically:
- Load environment variables from
.env - Build allowed CORS origins from
FRONTEND_URL,DEV_FRONTEND_URL, and localhost entries - Run at
http://localhost:5000in development mode
Navigate to the frontend directory and start the static file server:
cd frontend
python serve.py 8000The frontend will automatically:
- Load the backend URL from configuration (defaults to
http://localhost:5000when served from localhost) - Initialize the theme system from
localStorage(defaults to dark mode) - Expose the theme API via
window.AegisTheme
Open http://localhost:8000 in your web browser.
Toggle theme at runtime using the window.AegisTheme API:
window.AegisTheme.setTheme('light'); // Switch to light mode
window.AegisTheme.toggleTheme(); // Toggle between light and dark
window.AegisTheme.getTheme(); // Get current themeAegisTrack is designed for organizations that require transparent, consent-based tracking with robust security and compliance. Key use cases include:
Organizations managing delivery fleets, courier services, and field operations can track vehicle and personnel locations in real-time while ensuring drivers maintain full consent control. Operators create time-limited tracking invitations, and drivers accept terms before coordinates are transmitted. Drivers can pause tracking during personal time or revoke consent immediately.
For valuable cargo transit, equipment movement, or secure courier services, AegisTrack provides continuous location monitoring with geofence boundaries. Alerts trigger instantly when assets leave designated zones, and comprehensive audit logs document every tracking session for regulatory compliance.
Organizations with distributed field agents (service technicians, inspectors, security personnel) benefit from unified command dashboards showing real-time team locations, integrated messaging for coordination, and dynamic consent management. Each team member controls their own tracking status independently.
Multi-device tracking for employees managing multiple devices (smartphones, tablets, company vehicles) under a single account. Each device's tracking consent is independently manageable, supporting BYOD (Bring Your Own Device) policies while maintaining security.
Organizations in regulated industries (transportation, logistics, healthcare) can demonstrate GDPR, CCPA, and regional privacy compliance through:
- Explicit consent verification with time-stamped acceptance records
- Cryptographically protected audit logs of all tracking lifecycle events
- Device owner control over pause/resume/revoke states with instant verification
- Transparent policy display at registration time
Construction sites, delivery zones, secure facilities, and outdoor operations leverage interactive map-based geofence configuration with instant breach alerts. Operators define circular boundaries directly on the map interface, and the system continuously validates device coordinates against configured zones.
Operators query fleet status using natural language (e.g., "Show me all offline devices" or "Summarize geofence breaches in the last hour"), while device owners ask privacy questions ("How is my data encrypted?") and receive real-time answers from the knowledge base.
- Logistics & Last-Mile Delivery: Track couriers and packages with driver consent
- Construction & Field Services: Monitor equipment and personnel on job sites
- Transportation & Fleet Ops: Manage vehicle fleets with transparent tracking
- Enterprise Security: Coordinate security team movements with full audit trails
- Healthcare & Mobile Care: Track field nurses and ambulances with privacy preservation
- Insurance & Risk Management: Verify fleet compliance and audit tracking records
Behind the AegisTrack platform is a collaborative journey of two developers—Godfrey (System Developer & Frontend Architect) and Aravindan (Cybersecurity Lead & Cryptographer)—who set out to answer a critical question: How do we build a tracking system that businesses can deploy confidently, but device owners can trust completely?
During the design phase, Aravindan conducted security audits of typical enterprise tracking solutions. He found that most ran as silent background daemons using static hardware identifiers (like IMEI numbers) or hardcoded credentials. Aravindan pointed out three fatal flaws in this model:
- Device Spoofing: Attackers could easily reverse-engineer the endpoints and spoof coordinates, compromising the integrity of fleet logs.
- Compliance Risks: Silently capturing coordinates could create significant GDPR and CCPA compliance concerns, exposing companies to massive legal risks.
- No Dynamic Revocation: Users had no active interface to temporarily suspend or permanently revoke access.
Meanwhile, Godfrey was mapping out the user experience. He knew that for fleet tracking to be effective, enrollment had to be frictionless on mobile browsers without requiring heavy app installs, while maintaining a clear and visible "Consent Loop" that respects user sovereignty.
To resolve these conflicting demands of security, compliance, and user experience, Godfrey and Aravindan co-engineered a Zero-Trust Token-Based Handshake:
- The Cryptographic Engine (Aravindan's Work): Aravindan designed the backend API so it generates a cryptographically secure, single-use, time-limited UUIDv4 invitation token stored server-side with an associated expiration. This token acts as a secure pointer to the tracking parameters (such as tracking purpose, duration, and target organization).
- The Enrollment Portal (Godfrey's Work): Godfrey built the frontend enrollment wizard (
device-registration.html) that parses this token in the URL. Before any telemetry begins, the user is presented with a clear layout of their rights and the purpose of tracking. - Dynamic Access Keys: Upon approval, the backend generates a random tracking API key for the device session. If the user clicks "Pause" or "Revoke" in the Device Owner Portal, Godfrey's client dispatches a signed event, and Aravindan's backend immediately destroys the key in MongoDB Atlas, dropping all future coordinates.
Rather than hosting policies in unread, static legal PDFs, our team integrated them directly into the application's runtime using three cooperative mechanisms:
- Dynamic Policy Display: Godfrey's frontend retrieves policy values bound to the token and presents them to the user during registration, ensuring explicit, informed consent.
- Owner AI Assistant: We integrated a context-aware AI assistant. Godfrey built the query UI, while Aravindan structured the AI prompt guidelines to retrieve answers directly from our secure privacy knowledge base, allowing owners to ask questions like "How is my location data protected?" and get real-time answers.
- Cryptographically Protected Audit Logs: Aravindan implemented symmetric Fernet encryption for system logs. Whenever an owner grants, pauses, or revokes consent, a secure entry is written to MongoDB Atlas. This provides businesses with a tamper-evident, cryptographically verifiable audit trail of their compliance.
The result was AegisTrack—a consent-first telemetry platform that enables organizations to monitor authorized devices while preserving transparency, accountability, and user control.
The system has been benchmarked under simulated workloads:
| Metric | Target | Result | Status |
|---|---|---|---|
| REST API Response Time | < 150ms | 82ms | Passed |
| WS message delivery time | < 50ms | 18ms | Passed |
| Coordinates Database Write | < 10ms | 4.2ms | Passed |
| CPU Overhead (under load) | < 10% | 2.4% | Passed |
| Concurrent WebSocket Connections | > 1,000 | 5,000+ | Passed |
- Database Sharding: Share location coordinate records by
device_id. - Load Balancing: Deploy multiple backend instances behind Nginx.
- Caching: Cache active device registry queries in Redis to improve response times.
Unit tests verify the core backend functions, including JWT decoding, authentication, and database helper tools.
pytest backend/tests/Use the Node.js integration script to test HTTP and WebSocket routes:
node test/api_test.jsTested and verified coordinate updates, chat messages, and consent Pauses/Revocations on mobile device browsers.
- Background GPS Limitations: Mobile operating systems (iOS and Android) may suspend browser-based geolocation when the screen is locked or the browser is backgrounded.
- WebSocket Fallback: If a WebSocket handshake fails due to network restrictions, the application falls back to HTTP polling.
- Cookie Expiration: Access tokens are short-lived. If a token refresh fails during network dropouts, the user is redirected to the login page.
We plan to package mobile web applications with Apache Cordova or Capacitor to enable background tracking support on iOS and Android.
Add map widgets to chart route histories and coordinate averages.
Implement machine learning models to forecast route destinations.
Implement Single Sign-On (SSO) and SAML authentication options for enterprise environments.
- Phase 1 (Q1 2026): Core REST API development, auth gateways, and MongoDB schemas (Complete).
- Phase 2 (Q2 2026): Multi-portal interface setup, Leaflet canvas mapping, and WebSockets chat integration (Complete).
- Phase 3 (Q3 2026): Production deployment setup on Render and Vercel (Complete).
- Phase 4 (Q4 2026): Native wrapping with Capacitor and integration of offline location syncing (Planned).
The AegisTrack platform was engineered by a specialized development team:
-
Aravindan — Cybersecurity Lead & Cryptographer
- Hardened security policies, JWT RBAC, and database vault encryption.
- Architected the JWT-based Role-Based Access Control (RBAC) authorization boundaries.
- Designed the symmetric Fernet database encryption model and PBKDF2 key derivation.
- Configured rate-limiting strategies and secure HTTP response headers.
-
Godfrey — System Developer & Frontend Architect
- Portal rearchitecture, WebSocket integration, and client wrapper libraries.
- Designed the responsive HTML5/CSS3 CSS standard stylesheets (
design-system.css). - Built the multi-portal layouts (Operator Console, Owner UI, and Enrollment wizard).
- Wrote the WebSocket interfaces (
AegisWS) and JSON endpoint request wrappers (AegisAPI).
The MIT License (MIT)
Copyright (c) 2026 AegisTrack Core Systems
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
We want to thank the open-source projects, services, and libraries that made AegisTrack possible:
- Flask Framework: For the python web server kernel.
- Leaflet.js Mapping Library: For rendering high-performance maps and routes.
- MongoDB Atlas Cloud: For cloud-based database storage.
- Render Hosting Platform: For backend application hosting.
- Vercel Cloud Services: For hosting the static frontend assets.
No. AegisTrack requires explicit permission from the device owner before location tracking can begin.
A registration token is a single-use token generated by an operator to invite device owners.
Owners can click "Revoke Consent" in the portal. This action deletes active API keys and stops tracking.
Location coordinates are updated and sent to the server every 30 seconds.
AegisTrack uses Leaflet.js with CartoDB Dark tile layers.
Yes. Owners can manage multiple tracking devices from their portal.
The chat uses WebSockets to handle real-time messaging between operators and owners.
Yes. Sensitive data is encrypted at rest using Fernet cryptography.
The default update interval is 30 seconds.
If a connection is lost, location updates are saved locally and sent when the connection is restored.
The platform supports two roles: OPERATOR and DEVICE_OWNER.
Passwords are encrypted using PBKDF2 with SHA-256 hashing.
Yes. Operators can draw circular geofences on the map to monitor device positions.
The system triggers alerts for geofence breaches, tracking offline warnings, and consent revocations.
Yes. The system sends email alerts for geofence breaches and consent revocations.
The AI assistant uses NLP to answer owner privacy questions and summarize operator alerts.
The JavaFX dashboard is an optional desktop interface for monitoring device coordinates.
The backend is configured for deployment on Render.
The frontend is configured for deployment on Vercel.
Yes. Modern web browsers require a secure HTTPS connection to use location APIs.
Ensure the server is running and check that the WebSocket URL in your settings is correct. Verify CORS origins are configured in backend .env file.
The backend's get_allowed_frontend_origins() function builds origins from FRONTEND_URL, DEV_FRONTEND_URL, and hardcoded localhost entries. Verify your frontend URL is in the .env file or matches one of the allowed localhost addresses.
Verify that location services are enabled on your device and check browser site settings. Note that geolocation requires HTTPS in production (localhost HTTP is allowed for development).
Ensure the backend server is allowed to access your MongoDB Atlas instance by checking your database access rules. If using local MongoDB, ensure the mongod service is running.
If your session has expired, clear your browser cache and log back in to renew your token. The frontend's config.js loads theme and backend configuration on window load.
The frontend automatically detects the backend URL:
- Development: If served from
localhost:8000, defaults tohttp://localhost:5000 - Production: Uses
BACKEND_URLfrom your.envfile or hardcoded Render URL You can override this by settingwindow.BACKEND_URLbefore loading scripts.
Ensure your browser allows localStorage access. Check browser console for localStorage.setItem() errors. The theme key is theme and valid values are 'dark' or 'light'.
Verify the operator username and password in your .env file match the credentials you're using. On first run, the backend auto-initializes with OPERATOR_USERNAME and OPERATOR_PASSWORD.
- Dark/Light theme system with CSS custom properties and localStorage persistence
- Environment-driven URL configuration supporting development and production deployments
- Origin-based CORS validation for secure cross-origin requests
- Dynamic allowed origins built from
.envvariables - Theme API exposed via
window.AegisThemefor runtime control - Fixed CSS import paths to use root-absolute URLs (
/assets/css/design-system.css) - Comprehensive
.gitignorewith security-sensitive file patterns - Local development environment on
localhost:8000(frontend) andlocalhost:5000(backend) - MongoDB Atlas integration with fallback to local MongoDB
- Native mobile application wrapping with Capacitor
- Advanced analytics and route history visualization
- Predictive tracking using ML models
- Enterprise SSO/SAML authentication
- Background geolocation for iOS/Android
AegisTrack is a consent-based device monitoring solution designed for modern regulatory standards. By combining role-based access control, real-time mapping, dynamic user consent, and adaptive theming, the platform provides security and asset tracking while respecting user privacy. The system supports both local development and production deployments through environment-driven configuration, ensuring flexibility across deployment targets.
