Effective Date: March 3, 2026
Last Updated: March 3, 2026
Social News Desk, Inc. dba CivAll (“CivAll,” “we,” “us,” or “our”) provides this Privacy Policy to explain how we collect, use, share, and protect information in connection with the CivAll civic engagement platform (“Platform”). This policy applies to two distinct audiences: Government Customers who subscribe to the Platform, and Citizens (members of the public) who interact with government services powered by CivAll.
This Privacy Policy addresses two different relationships:
(a) Government Customers. When a government agency, municipality, or public-sector organization (“Customer”) subscribes to the CivAll platform, CivAll acts as a data processor on behalf of that Customer. The Customer determines what data is collected, how it is used, and how long it is retained. CivAll processes this data only according to the Customer’s instructions and our Master Subscription Agreement.
(b) Citizens. When a member of the public (“Citizen” or “End User”) interacts with a government service powered by CivAll — such as signing up for alerts, submitting a public comment, or completing a survey — the government agency is the data controller responsible for that Citizen’s data. CivAll processes Citizen data on behalf of the government agency, not for our own purposes.
CivAll acts as an independent data controller only for: (a) information collected through our marketing website at civall.com; (b) information from prospective customers who request a demo or information; and (c) account registration and billing information for Customer administrators.
This Privacy Policy supplements our Master Subscription Agreement. Defined terms used here and not otherwise defined have the meanings given in the Master Subscription Agreement.
We collect the following information directly from our Government Customers:
(a) Account and Registration Information. Name, email address, phone number, job title, department, and agency affiliation of Authorized Users who register for the Platform.
(b) Billing Information. Billing contact details, invoicing addresses, purchase order numbers, and payment information (processed through Stripe, Inc. — we do not store full payment card numbers on our systems).
(c) Customer Data. Content that Customers create, upload, or configure within the Platform, including notification templates, meeting agendas, documents, settings, and administrative content.
(d) Usage Data. Information about how Customers use the Platform, including feature usage, login activity, and administrative actions, collected for support, analytics, and product improvement.
When Citizens interact with government services powered by CivAll, the government agency (Customer) determines what information is collected. This may include:
(a) Contact Information. Name, email address, phone number, and mailing address provided when Citizens sign up for notifications, submit forms, or create accounts.
(b) Engagement Data. Survey responses, public comments, feedback submissions, meeting participation records, service requests, and FOIA submissions.
(c) Communication Preferences. Channel preferences (email, SMS, push notification), topic subscriptions, language preferences, and opt-in/opt-out choices.
(d) Device and Access Information. IP address, browser type, device type, operating system, and general location data (city/state level) collected automatically when Citizens access the Platform.
When anyone accesses the Platform or our website, we automatically collect:
(a) Log data, including IP addresses, access times, pages viewed, and referring URLs.
(b) Device information, including browser type, operating system, and screen resolution.
(c) Performance data, including page load times and error logs, used to maintain and improve the Platform.
When Customers use AI Features within the Platform, we process the input data (such as text provided for summarization or translation) to generate the requested output. AI input and output data is treated as Customer Data and subject to the same protections. We do not use Customer input to AI Features to train AI models.
We use information to provide, operate, and maintain the Platform, including:
(a) Delivering notifications, alerts, and communications on behalf of Customers.
(b) Processing Citizen interactions such as form submissions, survey responses, and public comments.
(c) Managing Customer accounts, billing, and support.
(d) Providing AI Features, including content drafting, translation, and summarization.
We use aggregated and anonymized usage data to understand how the Platform is used, identify issues, and improve functionality. This aggregated data cannot be used to identify any individual or Customer.
We use information to detect, prevent, and respond to security incidents, fraud, and abuse, and to comply with applicable legal obligations.
We use Customer contact information to send account-related communications, including service updates, security notifications, billing notices, and support responses.
(a) No Advertising. We do not use Customer Data or Citizen Data to serve advertisements, and we do not display third-party advertising on the Platform.
(b) No Profiling. We do not build behavioral profiles of Citizens for marketing, scoring, or any purpose unrelated to the services requested by the Customer.
(c) No Cross-Customer Use. We do not use one Customer’s data to benefit another Customer, except in the form of anonymized, aggregated benchmarks that cannot identify any individual or Customer.
We do not sell, rent, lease, or trade Customer Data or Citizen Data to any third party, and we will not do so under any circumstances.
We use the following categories of Sub-processors to help us provide the Platform. Each Sub-processor is contractually obligated to protect data and to process it only for the purposes specified by CivAll.
| Sub-processor | Purpose | Data Categories Processed |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting and infrastructure | All Customer Data and Citizen Data |
| Stripe, Inc. | Payment processing | Customer billing and payment information |
| Twilio / SendGrid | Email and SMS delivery | Recipient contact information, message content |
| OpenAI / Anthropic | AI Features (content generation, translation) | Text content submitted to AI Features |
| Datadog / Sentry | Application monitoring and error tracking | System logs, anonymized usage data |
CivAll maintains an up-to-date list of Sub-processors. We provide Customers at least thirty (30) days’ notice before engaging a new Sub-processor, as described in our Master Subscription Agreement (Section 8.5).
We may disclose information if required to do so by law, regulation, subpoena, court order, or other governmental request. Where legally permitted, we will notify the affected Customer before disclosing their data.
In the event of a merger, acquisition, or sale of all or substantially all of CivAll’s assets, Customer Data and Citizen Data may be transferred as part of the transaction. We will notify Customers of any such transfer and ensure that the acquiring entity is bound by commitments consistent with this Privacy Policy.
We may share information with third parties when the Customer has given explicit consent or direction to do so, such as enabling a third-party integration.
All Customer Data and Citizen Data is stored in data centers located in the United States. Our content delivery network (CDN) may temporarily cache static assets (such as images and stylesheets) at global edge locations to improve performance, but no Customer Data or Citizen Data is stored outside the United States.
All data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256 encryption.
Our Platform is hosted on Amazon Web Services (AWS), which provides physical security controls including facility access management, environmental protections, and infrastructure redundancy. Customer data is logically isolated between tenants.
We implement role-based access controls (RBAC) for both internal personnel and Customer users. Internal access to Customer Data and Citizen Data is restricted to personnel who require it to perform their job functions and is subject to logging and periodic review.
We maintain administrative, technical, and physical safeguards including: employee security training, vulnerability scanning, dependency monitoring, automated daily backups, and incident response procedures.
We retain Customer Data and Citizen Data for as long as the Customer’s Subscription is active, or as needed to provide the Platform.
When a Subscription expires or is terminated, we provide a ninety (90) day data export window during which the Customer may export all Customer Data and Citizen Data. After this window closes, we permanently delete all Customer Data and Citizen Data from production systems within thirty (30) days. Backup copies are purged on the next backup rotation cycle, not to exceed thirty (30) additional days.
If a trial account does not convert to a paid Subscription within thirty (30) days after the trial ends, we provide a ninety (90) day data export window during which the Customer may export any data uploaded during the trial. After this window closes, we permanently delete all data associated with the trial account on the same schedule described in Section 6.2.
We may retain anonymized, aggregated data that cannot be used to identify any individual or Customer for product improvement and benchmarking purposes. This data is not subject to deletion requests.
We may retain data beyond the normal retention period if required by law, regulation, or legal proceedings.
Our marketing website uses cookies and similar technologies for:
(a) Essential Cookies. Required for website functionality, such as session management and security.
(b) Analytics Cookies. Used to understand how visitors use our website (e.g., page views, traffic sources) so we can improve our content. We use privacy-focused analytics tools.
(c) Marketing Cookies. Used to measure the effectiveness of our marketing campaigns. These may be placed by third-party advertising partners.
You can manage cookie preferences through your browser settings or through the cookie consent banner on our website. For a detailed list of cookies used on our marketing website, including third-party advertising and analytics cookies, see our Cookie Policy.
The Platform’s administrative interface used by Government Customers uses only essential cookies required for authentication, session management, and security. We do not place marketing or advertising cookies in the admin interface.
For government websites and pages powered by CivAll (the citizen-facing experience), CivAll uses only essential cookies necessary for functionality (such as remembering notification preferences or maintaining a session). The government Customer controls what additional tracking, if any, is implemented on their pages. CivAll does not place advertising or marketing cookies on citizen-facing pages.
Government Customers have the following rights regarding their data:
(a) Access and Export. Customers can access and export their data at any time through the Platform’s built-in export tools.
(b) Correction. Customers can correct their account and administrative data through the Platform.
(c) Deletion. Customers can request deletion of their data as described in Section 6.
(d) Sub-processor Objection. Customers can object to new Sub-processors as described in our Master Subscription Agreement (Section 8.5).
Because CivAll processes Citizen Data on behalf of government agencies, Citizens should direct privacy-related requests to the government agency that collected their data. This includes requests to:
(a) Access their personal information.
(b) Correct inaccurate information.
(c) Delete their personal information.
(d) Opt out of communications.
CivAll will cooperate with government Customers in responding to Citizen data requests and will provide reasonable technical assistance to facilitate responses.
Citizens may opt out of non-emergency communications at any time by: (a) using the unsubscribe link included in email communications; (b) replying STOP to SMS messages; (c) adjusting preferences in their account settings; or (d) contacting the government agency directly. Emergency alerts and legally required notifications may not be subject to opt-out.
Residents of states with comprehensive privacy laws (such as the California Consumer Privacy Act, as amended by the CPRA, and similar laws in Virginia, Colorado, Connecticut, and other states) may have additional rights, including:
(a) The right to know what personal information is collected, used, and shared.
(b) The right to delete personal information.
(c) The right to opt out of the sale of personal information (CivAll does not sell personal information).
(d) The right to non-discrimination for exercising privacy rights.
For Citizen data, these requests should be directed to the government agency. For CivAll marketing website visitors, these requests may be directed to CivAll using the contact information in Section 13.
CivAll does not knowingly collect personal information directly from children under the age of thirteen (13). The Platform is designed for use by government agencies and their adult representatives.
Government websites powered by CivAll may be visited by members of the public of all ages, including minors. We recognize that government services must be accessible to all residents. Government Customers are responsible for determining whether their use of the Platform involves the collection of information from children under 13 and for complying with the Children’s Online Privacy Protection Act (COPPA) and applicable state laws.
CivAll provides tools to help Government Customers comply with COPPA requirements, including: (a) configurable age-gating for forms and surveys; (b) the ability to limit data collection on specific pages or forms; and (c) parental consent workflow options. Government Customers are responsible for implementing these tools as appropriate for their use case.
If you believe we have inadvertently collected personal information from a child under 13 without appropriate consent, please contact us immediately using the information in Section 13 and we will promptly delete the information.
CivAll stores all Customer Data and Citizen Data in the United States. We do not transfer or store personal information outside of the United States, except for temporary CDN edge caching of static assets as described in Section 5.1.
CivAll currently serves only US-based government agencies and does not offer services in the European Economic Area (EEA), United Kingdom, or other jurisdictions subject to the General Data Protection Regulation (GDPR). If this changes in the future, we will update this Privacy Policy and implement appropriate safeguards, including Standard Contractual Clauses or other approved transfer mechanisms.
If you access the CivAll marketing website from outside the United States, please be aware that any information you provide may be transferred to and processed in the United States.
In the event of a confirmed security breach affecting Customer Data or Citizen Data, CivAll will notify the affected Customer within seventy-two (72) hours of confirmation of the breach.
Breach notifications will include:
(a) A description of the nature and scope of the breach.
(b) The categories and approximate number of data records affected.
(c) The measures taken or proposed to address the breach and mitigate its effects.
(d) Recommendations for steps the Customer can take to protect affected individuals.
(e) A designated point of contact for further information.
CivAll will cooperate with the affected Customer in investigating the breach, notifying affected individuals or regulatory authorities as required by law, and implementing remediation measures. CivAll will also cooperate with any government investigations or audits related to the breach.
Because CivAll acts as a data processor, the government Customer (as data controller) is responsible for determining whether and how to notify affected Citizens and regulatory authorities in accordance with applicable breach notification laws. CivAll will provide the information and assistance needed for the Customer to fulfill these obligations.
Material changes to this Privacy Policy require the same mutual written consent as amendments to the Master Subscription Agreement (see MSA Section 18.5). We will provide at least thirty (30) days’ advance notice of any proposed material changes by: (a) posting the proposed updated policy on our website with a prominent notice of changes; (b) sending an email to Government Customers’ designated contacts; and (c) providing an in-app notification within the Platform.
We may make non-material updates to this Privacy Policy (such as correcting typographical errors, updating contact information, or clarifying existing practices without changing their substance) by posting the updated policy on our website with notice. Such updates shall not diminish the privacy protections described in this Policy.
The “Last Updated” date at the top of this Privacy Policy indicates when the latest revisions were made.
If you have questions about this Privacy Policy, please contact us at:
Social News Desk, Inc. dba CivAll
Email: privacy@civall.com
Address: 50 W Lafayette Blvd, Detroit, MI 48226
For Government Customers with questions about data processing:
Email: dpa@civall.com
For general support inquiries:
Email: support@civall.com
Website: civall.com
Citizens with questions about their personal data should contact the government agency that provides the service they used. If you are unable to identify the appropriate agency, you may contact us and we will direct your inquiry appropriately.
This Privacy Policy was last updated on March 3, 2026.