Legal
Privacy Policy
Effective Date: January 1, 2025
1. Introduction
Civio, Inc. (“Civio,” “we,” “us,” or “our”) operates the Civio mobile application and website (collectively, the “Service”). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your information.
Our commitment: We do not sell your data. We do not advertise. We do not profile you politically or ideologically.
2. Information We Collect
2.1 Information You Provide
- Email address (required) — for account creation and notifications
- Password (required) — stored as a one-way cryptographic hash; we cannot recover it
- Phone number (optional) — required only if you enable SMS notifications
- Home address (required) — used solely to resolve your jurisdiction (city, county, state, congressional district). Encrypted at rest using AES-256. Never used for any other purpose.
- Civic votes — your support/oppose responses on individual bills. Aggregated only; never exposed individually.
2.2 Information Collected Automatically
- Usage data — pages and bills you view, to improve the Service
- Device information — app version and device type, for technical support
- Crash reports — via Sentry, to fix bugs
- Push notification token — used only to deliver your requested alerts
2.3 Information We Do NOT Collect
- Political party affiliation or ideology
- Browsing history outside of Civio
- Precise GPS location — we use only your address for jurisdiction resolution
- Financial information of any kind
- Data from other apps on your device
3. How We Use Your Information
| Purpose | Data Used | Basis |
|---|---|---|
| Deliver personalized civic feed | Jurisdiction info (city, state, district) | Contract |
| Send bill alerts you requested | Email / phone / FCM token | Contract |
| Show civic sentiment data | Aggregated votes only — never individual | Legitimate interest |
| Fix bugs and improve the Service | Anonymized usage + crash logs | Legitimate interest |
| Prevent fraud and abuse | Usage patterns | Legitimate interest |
| Comply with legal obligations | As required by law | Legal obligation |
We do not use your information to target you with advertising of any kind, infer or record your political beliefs, sell or share your data with third parties for their own purposes, or build behavioral profiles for third-party use.
4. Data Sharing
We share your information only with service providers who process data strictly on our behalf under Data Processing Agreements: Supabase (database), Vercel (hosting), Resend (email), Twilio (SMS), Firebase (push notifications), and Sentry (error monitoring). Each provider is prohibited from using your data for their own purposes.
We may disclose information if required by law, court order, or government authority with proper jurisdiction.
We never sell your data. This is a permanent, unconditional commitment.
5. Data Retention
- Account information: until account deletion + 30 days
- Civic votes (aggregated): indefinitely (aggregate only)
- Notification logs: 90 days
- Usage analytics: 12 months (anonymized after 30 days)
- Encrypted address: until account deletion
6. Security
We implement industry-standard security: AES-256 encryption for sensitive data at rest, TLS 1.3 for all data in transit, Row-Level Security on the database, JWT tokens with 1-hour expiry and automatic rotation, and rate limiting on all API endpoints. If you discover a security vulnerability, please email security@civio.app.
7. Your Rights
- Access — request a copy of all personal data we hold
- Correction — correct inaccurate information in your account
- Deletion — delete your account and all data at any time (Profile → Delete Account). Data permanently deleted within 30 days.
- Data portability — request your data in JSON format
- Opt-out — disable any notification type at any time in Settings
California residents (CCPA): You have additional rights including the right to know what personal information is collected and the right to non-discrimination for exercising your rights. We do not sell personal information.
To exercise any right, email privacy@civio.app. We respond within 30 days.
8. Children's Privacy
Civio is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with information, please email privacy@civio.app.
9. Changes to This Policy
We will notify you of material changes via email and in-app notice at least 30 days before changes take effect. Continued use of the Service after that date constitutes acceptance.
10. Contact
Privacy questions: privacy@civio.app
Security issues: security@civio.app
General: hello@civio.app